Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random ads on Google Chrome. Combofix log


  • This topic is locked This topic is locked
25 replies to this topic

#1 pianomath

pianomath

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 23 December 2014 - 06:29 PM

Hello. Since sometime ago my browser has been oppening some strange ads. Also, my main search page has changed

 

Combofix log:

 

ComboFix 14-12-23.01 - Matheus 23/12/2014  21:05:13.1.8 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1033.18.8173.6549 [GMT -2:00]
Executando de: c:\users\Matheus\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Matheus\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-11-23 to 2014-12-23  ))))))))))))))))))))))))))))
.
.
2014-12-22 13:55 . 2014-12-22 13:55 -------- d-----w- c:\users\Matheus\.aria2
2014-12-21 18:06 . 2014-12-21 18:06 -------- d-sh--w- c:\users\Matheus\AppData\Local\EmieUserList
2014-12-21 18:06 . 2014-12-21 18:06 -------- d-sh--w- c:\users\Matheus\AppData\Local\EmieSiteList
2014-12-21 18:06 . 2014-12-21 18:06 -------- d-sh--w- c:\users\Matheus\AppData\Local\EmieBrowserModeList
2014-12-20 23:06 . 2014-12-20 23:06 -------- d-----w- c:\users\Matheus\AppData\Local\IsolatedStorage
2014-12-20 23:03 . 2014-12-20 23:03 -------- d-----w- C:\Level Up! Games
2014-12-17 02:46 . 2014-11-22 10:46 38032 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-12-17 02:46 . 2014-11-22 10:46 32400 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-12-16 20:39 . 2014-12-16 20:43 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-12-16 20:38 . 2014-12-16 20:38 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-12-16 20:38 . 2014-12-16 20:38 -------- d-----w- c:\programdata\Malwarebytes
2014-12-16 20:38 . 2014-11-21 08:14 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-12-16 20:38 . 2014-11-21 08:14 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-12-16 20:38 . 2014-11-21 08:14 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-12-16 20:16 . 2014-12-16 20:16 -------- d-----w- c:\program files (x86)\Video to Video
2014-12-16 20:03 . 2014-12-16 20:03 -------- d-----w- C:\FFOutput
2014-12-16 20:03 . 2014-12-16 20:40 -------- d-----w- c:\program files (x86)\FreeTime
2014-12-16 19:59 . 2014-12-16 19:59 -------- d-----w- c:\users\Matheus\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-12-16 19:57 . 2014-12-16 19:57 -------- d-----w- c:\users\Matheus\AppData\Local\iSkysoft
2014-12-16 19:57 . 2014-12-16 19:57 -------- d-----w- c:\program files (x86)\Common Files\iSkysoft
2014-12-16 19:57 . 2014-12-16 20:01 -------- d-----w- c:\programdata\iSkysoft Video Converter Ultimate
2014-12-16 19:57 . 2014-12-16 20:01 -------- d-----w- c:\program files (x86)\iSkysoft
2014-12-16 19:57 . 2014-12-16 20:01 -------- d-----w- c:\programdata\iSkysoft
2014-12-16 12:37 . 2014-12-16 12:37 -------- d-----w- c:\programdata\Age of Empires 3
2014-12-16 12:32 . 2014-12-16 12:33 -------- d-----w- c:\program files (x86)\Common Files\Microsoft Games
2014-12-16 00:15 . 2014-12-17 20:21 -------- d-----w- c:\programdata\Steam
2014-12-16 00:14 . 2014-12-16 00:14 -------- d-----w- C:\Games
2014-12-12 20:42 . 2014-12-12 20:42 -------- d-----w- c:\users\Matheus\AppData\Roaming\Promotion Software GmbH
2014-12-12 20:29 . 2014-12-15 23:44 -------- d-----w- c:\program files (x86)\CatACat
2014-12-11 10:48 . 2014-12-11 10:48 -------- d-----w- c:\program files (x86)\WinDirStat
2014-12-10 11:45 . 2014-12-10 11:45 -------- d-----w- c:\windows\SysWow64\Wat
2014-12-10 11:45 . 2014-12-10 11:45 -------- d-----w- c:\windows\system32\Wat
2014-12-09 19:06 . 2014-12-09 19:07 -------- d-----w- c:\users\Matheus\AppData\Roaming\MKKE
2014-12-09 19:05 . 2014-12-09 19:05 -------- d-----w- c:\users\Matheus\AppData\Local\SKIDROW
2014-12-09 18:35 . 2014-12-09 18:35 -------- d-----w- c:\users\Matheus\AppData\Local\Microsoft Games
2014-12-09 12:35 . 2014-12-17 20:21 -------- d-----w- c:\users\Matheus\AppData\Roaming\Steam
2014-12-09 12:35 . 2014-12-09 12:35 -------- d-----w- c:\users\Matheus\AppData\Roaming\The Creative Assembly
2014-12-09 11:54 . 2014-12-09 11:54 -------- d-----w- c:\program files (x86)\predm
2014-12-09 11:51 . 2014-12-09 11:51 -------- d-----w- c:\program files (x86)\47ab82a9-a464-4206-8b1d-b16ca25a37dc
2014-12-09 11:48 . 2014-12-09 11:48 -------- d-----w- c:\program files (x86)\d1760ecd-0578-4c50-a026-bfbe89143b20
2014-12-09 11:48 . 2014-12-09 11:48 -------- d-----w- c:\program files (x86)\0dd50cd4-981a-45e7-b0aa-6429429b6a8d
2014-12-09 11:48 . 2014-12-09 11:48 -------- d-----w- c:\users\Matheus\AppData\Local\globalUpdate
2014-12-09 11:46 . 2014-12-10 11:47 -------- d-----w- c:\program files (x86)\YTDownloader
2014-12-09 11:45 . 2014-12-09 11:45 -------- d-----w- c:\users\Matheus\AppData\Local\CrashRpt
2014-12-08 14:54 . 2014-12-08 14:56 -------- d-----w- c:\program files (x86)\Google
2014-12-08 12:59 . 2014-12-08 13:00 -------- d-----w- c:\programdata\Auslogics
2014-12-08 12:59 . 2014-12-08 12:59 -------- d-----w- c:\program files (x86)\Auslogics
2014-12-05 10:18 . 2014-12-05 10:18 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-12-04 11:52 . 2014-11-06 03:20 968704 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-12-04 11:29 . 2014-12-08 12:38 -------- d-----w- c:\program files (x86)\DsNET Corp
2014-12-04 11:07 . 2014-12-17 20:22 -------- d-----w- c:\users\Matheus\AppData\Roaming\Anvsoft
2014-12-04 10:42 . 2014-12-04 10:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2014-12-04 10:33 . 2013-10-14 20:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-12-04 10:29 . 2014-12-04 10:29 859648 ----a-w- c:\windows\system32\tdh.dll
2014-12-04 10:29 . 2014-12-04 10:29 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-12-04 10:29 . 2014-12-04 10:29 640512 ----a-w- c:\windows\SysWow64\advapi32.dll
2014-12-04 10:29 . 2014-12-04 10:29 619520 ----a-w- c:\windows\SysWow64\tdh.dll
2014-12-04 10:29 . 2014-12-04 10:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2014-12-04 10:29 . 2014-12-04 10:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2014-12-04 10:28 . 2014-12-04 10:28 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-12-04 10:28 . 2014-12-04 10:28 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-12-04 10:24 . 2014-12-04 10:24 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-12-04 10:24 . 2014-12-04 10:24 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-12-04 09:53 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2014-12-04 09:53 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2014-12-04 09:53 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2014-12-04 09:50 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-12-04 09:50 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-12-04 09:50 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-12-04 09:50 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-12-04 09:50 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-12-04 09:50 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-12-04 09:50 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-12-04 09:50 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-12-03 12:08 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-12-03 12:08 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-12-03 11:51 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-12-03 11:50 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-12-03 11:49 . 2013-12-24 23:09 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-12-03 11:49 . 2013-12-24 22:48 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-12-03 11:49 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2014-12-03 11:49 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2014-12-03 11:46 . 2014-09-19 09:42 342016 ----a-w- c:\windows\system32\schannel.dll
2014-12-03 11:45 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2014-12-03 11:44 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2014-12-03 11:28 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2014-12-03 11:28 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2014-12-03 11:28 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2014-11-30 13:13 . 2014-12-23 22:40 -------- d-----w- c:\users\Matheus\AppData\Roaming\ActivePresenter
2014-11-30 13:12 . 2014-11-30 13:12 -------- d-----w- c:\program files (x86)\ATOMI
2014-11-29 17:58 . 2014-12-16 20:45 -------- d-----w- C:\Downloads
2014-11-29 17:58 . 2014-11-29 17:58 -------- d-----w- c:\users\Matheus\AppData\Roaming\ProgSense
2014-11-29 17:55 . 2014-11-30 12:28 -------- d-----w- c:\users\Matheus\AppData\Roaming\Orbit
2014-11-29 17:38 . 2014-11-29 17:38 -------- d-----w- c:\windows\pt-br
2014-11-29 17:38 . 2014-11-29 17:38 -------- d-----w- c:\windows\en
2014-11-29 17:38 . 2014-11-29 17:38 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-11-29 17:37 . 2014-11-29 17:38 -------- d-----w- c:\program files (x86)\Windows Live
2014-11-29 17:37 . 2014-12-04 11:16 -------- d-----w- c:\users\Matheus\AppData\Local\Windows Live
2014-11-29 17:36 . 2014-11-29 17:36 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2014-11-29 16:56 . 2014-11-29 16:56 -------- d-----w- c:\program files (x86)\Lame For Audacity
2014-11-29 14:39 . 2014-11-29 14:39 -------- d-----w- c:\users\Matheus\AppData\Local\Macromedia
2014-11-29 14:38 . 2014-11-29 14:38 -------- d-----w- c:\programdata\McAfee
2014-11-29 14:38 . 2014-11-29 14:38 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-29 14:38 . 2014-11-29 14:38 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-29 14:38 . 2014-11-29 14:38 -------- d-----w- c:\windows\SysWow64\Macromed
2014-11-29 14:38 . 2014-11-29 14:38 -------- d-----w- c:\windows\system32\Macromed
2014-11-29 14:37 . 2014-11-29 14:38 -------- d-----w- c:\users\Matheus\AppData\Local\Adobe
2014-11-29 14:32 . 2014-11-29 14:32 -------- d-----w- c:\users\Matheus\AppData\Local\Mozilla
2014-11-28 22:14 . 2014-12-08 12:58 -------- d-----w- c:\users\Matheus\AppData\Roaming\Audacity
2014-11-28 13:45 . 2014-12-16 20:50 -------- d-----w- c:\program files\CamStudio 2.7
2014-11-28 13:45 . 2014-11-28 13:45 -------- d-----w- c:\users\Matheus\AppData\Local\Programs
2014-11-24 10:04 . 2014-11-24 10:04 -------- d-----w- c:\windows\Migration
2014-11-24 10:01 . 2006-03-31 14:41 3927248 ----a-w- c:\windows\system32\d3dx9_30.dll
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-12-13 00:12 . 2014-10-23 15:37 2210040 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-12-13 00:12 . 2014-10-23 15:37 1291464 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-12-13 00:12 . 2014-10-23 15:37 2824504 ----a-w- c:\windows\system32\nvspcap64.dll
2014-12-13 00:12 . 2014-10-23 15:37 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-29 17:38 . 2012-07-17 16:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-11-22 10:46 . 2014-10-23 15:37 35472 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-10-30 04:53 . 2014-11-07 23:42 961224 ----a-w- c:\windows\system32\NvIFR64.dll
2014-10-30 04:53 . 2014-11-07 23:42 932168 ----a-w- c:\windows\system32\NvFBC64.dll
2014-10-30 04:53 . 2014-11-07 23:42 922944 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-10-30 04:53 . 2014-11-07 23:42 896144 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-10-30 04:53 . 2014-11-07 23:42 4289856 ----a-w- c:\windows\system32\nvcuvid.dll
2014-10-30 04:53 . 2014-11-07 23:42 4011840 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-10-30 04:53 . 2014-11-07 23:42 31890064 ----a-w- c:\windows\system32\nvoglv64.dll
2014-10-30 04:53 . 2014-11-07 23:42 2849224 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-10-30 04:53 . 2014-11-07 23:42 24554824 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-10-30 04:53 . 2014-11-07 23:42 20922696 ----a-w- c:\windows\system32\nvcompiler.dll
2014-10-30 04:53 . 2014-11-07 23:42 19966856 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-10-30 04:53 . 2014-11-07 23:42 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-10-30 04:53 . 2014-11-07 23:42 17258696 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-10-30 04:53 . 2014-11-07 23:42 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-10-30 04:53 . 2014-11-07 23:42 14029400 ----a-w- c:\windows\system32\nvopencl.dll
2014-10-30 04:53 . 2014-11-07 23:42 13942368 ----a-w- c:\windows\system32\nvcuda.dll
2014-10-30 04:53 . 2014-11-07 23:42 13189832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-10-30 04:53 . 2014-11-07 23:42 11395672 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-10-30 04:53 . 2014-11-07 23:42 11333848 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-10-30 04:53 . 2014-10-23 16:06 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-10-30 04:53 . 2014-10-23 16:06 60744 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-10-30 04:53 . 2014-10-23 16:05 3237528 ----a-w- c:\windows\system32\nvapi64.dll
2014-10-30 04:53 . 2014-10-23 16:05 20966504 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-10-30 04:53 . 2014-10-23 16:05 18497600 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-10-30 04:53 . 2014-10-23 16:05 16886168 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-10-30 02:10 . 2014-10-23 16:06 6880968 ----a-w- c:\windows\system32\nvcpl.dll
2014-10-30 02:10 . 2014-10-23 16:06 3533632 ----a-w- c:\windows\system32\nvsvc64.dll
2014-10-30 02:10 . 2014-10-23 16:06 935232 ----a-w- c:\windows\system32\nvvsvc.exe
2014-10-30 02:10 . 2014-10-23 16:06 61640 ----a-w- c:\windows\system32\nvshext.dll
2014-10-30 02:10 . 2014-10-23 16:06 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2014-10-30 02:10 . 2014-10-23 16:06 385352 ----a-w- c:\windows\system32\nvmctray.dll
2014-10-30 00:56 . 2014-11-07 23:43 614728 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-10-29 10:58 . 2014-10-29 10:58 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-27 00:34 . 2014-10-23 16:06 4066553 ----a-w- c:\windows\system32\nvcoproc.bin
2014-10-23 16:55 . 2014-10-23 16:56 43064 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-10-16 16:54 . 2014-10-23 16:05 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-10-16 16:54 . 2014-10-23 16:05 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-10-16 16:54 . 2014-10-23 16:05 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-10-16 16:54 . 2014-10-23 16:05 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
2014-10-16 16:54 . 2014-10-23 16:05 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-09-25 19:32 . 2014-10-23 16:54 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-09-25 19:32 . 2014-10-23 16:54 131608 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-09-25 19:32 . 2014-10-23 16:54 119272 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-12-16 702768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
"Avira Systray"="c:\program files (x86)\Avira\My Avira\Avira.OE.Systray.exe" [2014-10-22 124208]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Avira.OE.ServiceHost;Avira Service Host;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe;c:\program files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [x]
S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimssne64.sys;c:\windows\SYSNATIVE\DRIVERS\rimssne64.sys [x]
S2 risdsnpe;risdsnpe;c:\windows\system32\DRIVERS\risdsnxc64.sys;c:\windows\SYSNATIVE\DRIVERS\risdsnxc64.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [x]
S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys;c:\windows\SYSNATIVE\DRIVERS\bpenum.sys [x]
S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys;c:\windows\SYSNATIVE\DRIVERS\bpmp.sys [x]
S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys;c:\windows\SYSNATIVE\Drivers\bpusb.sys [x]
S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys;c:\windows\SYSNATIVE\DRIVERS\SFEP.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-12-11 15:59 1087816 ----a-w- c:\program files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08 14:54]
.
2014-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08 14:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]
"Bluetooth"="c:\program files\WIDCOMM\Bluetooth Software\bttray.exe" [2011-07-28 1211680]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-12-13 2531472]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-12-13 2824504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.2
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-DelaypluginInstall - c:\programdata\iSkysoft\Video Converter Ultimate\DelayPluginI.exe
BHO-{11111111-1111-1111-1111-110311281150} - c:\program files (x86)\Object Browser\Object Browser-bho64.dll
BHO-{11111111-1111-1111-1111-110611511123} - c:\program files (x86)\iWebar\iWebar-bho64.dll
BHO-{11111111-1111-1111-1111-110611571181} - c:\program files (x86)\HDVid2.6dV09.12\HDVid2.6dV09.12-bho64.dll
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - c:\program files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\RunDll32.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-12-23  21:09:44 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-12-23 23:09
.
Pré-execução: 8.262.897.664 bytes free
Pós execução: 18.039.894.016 bytes free
.
- - End Of File - - 8F40796562283ADCFCC759C45C546FEC

Edited by Chris Cosgrove, 23 December 2014 - 06:50 PM.
Moved to Virus, trojan etc. logs


BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 24 December 2014 - 01:30 PM

Hello and Welcome on board ,

my Name is Machiavelli and I will assist you with your problem.
If you booted into safe mode on your computer then print my instructions!
I'm in the 'Malware Staff Team' and will provide you with advice:

To remove Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do. just ask me! Please stay in contact with me until the problem is fixed.

Below are a few tips:
  • Removing Malware is usually very difficult.
    We need to search and analyse a lot of files. As this is done in our free time, please be patient especially if I don't answer every day!
  • Please follow these instructions
    If you don't follow the instructions your computer may crash. If you fix your PC by yourself, this can be very risky!
  • Please stay in contact with me until your problem is resolved
    As Malware may not be totally removed in one session or in one day, please stay in contact with me until the problem is resolved.
  • Please don't run any other tools without consulting with me as this can complicate finding and removing all Malware
    Don't run any tools while I'm fixing your PC. That is counter productive and again, will only complicate finding and removing all Malware!
  • Read my post completely
    If you don't do so, you may make mistakes that could result in your System crashing by your own actions!
 

Why are you running ComboFix? Only Experts should use CF.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 28 December 2014 - 07:33 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 31 December 2014 - 03:33 PM

Here is the log

 

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Matheus (administrator) on MATHEUS-PC on 30-12-2014 10:18:46
Running from C:\Users\Matheus\Downloads
Loaded Profile: Matheus (Available profiles: Matheus)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(BitTorrent Inc.) C:\Users\Matheus\AppData\Roaming\uTorrent\uTorrent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [1211680 2011-07-27] (Broadcom Corporation.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-178241157-3166524979-4280168215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52743;https=127.0.0.1:52743;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-178241157-3166524979-4280168215-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: HDVid2.6dV09.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\HDVid2.6dV09.12\HDVid2.6dV09.12-bho64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0C0EtA0F0EtD0AyEtByEtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAtC0EzyyCtGyByEzztBtG0D0Azy0DtG0CtDtByCtGtA0E0E0EyByEtB0DyByB0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FyCzztAyCyBtAtGzztCzztCtGyEyByDyEtG0A0CyB0CtGtB0BtD0EyEyC0B0AyB0BtByC2Q&cr=1093509336&ir=", "hxxp://start.qone8.com/?type=hp&ts=1399210072&from=smt&uid=TOSHIBAXMK7559GSXP_51J7F1XCSXX51J7F1XCS", "hxxp://www.mystartsearch.com/?type=hp&ts=1418125480&from=amt&uid=SPK-SF12-M120_SPARK12071100042"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (YouTube) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Pesquisa do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Planilhas do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-08]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-08]
CHR Extension: (Gmail) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-25] (Avira Operations GmbH & Co. KG)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-07-20] (REDC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 10:18 - 2014-12-30 10:19 - 00019435 _____ () C:\Users\Matheus\Downloads\FRST.txt
2014-12-30 10:18 - 2014-12-30 10:18 - 02123264 _____ (Farbar) C:\Users\Matheus\Downloads\FRST64.exe
2014-12-30 10:18 - 2014-12-30 10:18 - 00000000 ____D () C:\FRST
2014-12-29 10:33 - 2014-12-29 10:33 - 00298160 _____ () C:\Users\Matheus\Desktop\2015.xlsx
2014-12-29 10:33 - 2014-12-29 10:33 - 00000165 ____H () C:\Users\Matheus\Desktop\~$2015.xlsx
2014-12-27 23:00 - 2014-12-28 01:59 - 00167319 _____ () C:\Users\Matheus\Downloads\The.Interview.2014.1080p.WEB-DL.AAC2.0.H264-RARBG.srt
2014-12-27 14:16 - 2014-12-27 14:16 - 00681220 _____ () C:\Users\Matheus\Downloads\bb0214_edital.zip
2014-12-26 14:30 - 2014-12-26 14:30 - 00015829 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.interview.2014.720p.web.dl.xvid.mp3.rarbg.torrent
2014-12-26 14:27 - 2014-12-27 20:28 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn-Time
2014-12-26 14:27 - 2014-12-26 14:27 - 00002216 _____ () C:\Users\Matheus\Desktop\Popcorn Time.lnk
2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn Time
2014-12-26 14:25 - 2014-12-26 14:26 - 23190512 _____ (Popcorn Official) C:\Users\Matheus\Downloads\Popcorn-Time-0.3.6-Setup.exe
2014-12-23 21:19 - 2014-12-23 21:19 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Matheus\Downloads\HijackThis.exe
2014-12-23 21:19 - 2014-12-23 21:19 - 00010265 _____ () C:\Users\Matheus\Downloads\hijackthis.log
2014-12-23 21:16 - 2014-12-23 21:16 - 00025129 _____ () C:\ComboFix.txt
2014-12-23 21:04 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 21:04 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 21:04 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 20:41 - 2014-12-23 21:16 - 00000000 ____D () C:\Qoobox
2014-12-23 20:41 - 2014-12-23 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 19:23 - 2014-12-23 19:25 - 05603465 ____R (Swearware) C:\Users\Matheus\Downloads\ComboFix.exe
2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\Users\Matheus\.aria2
2014-12-21 16:47 - 2014-12-21 17:35 - 148255653 _____ () C:\Users\Matheus\Downloads\yCcsUhGum2b0Hf_EJHu1pMxTFLS3W2NTg2HIc8h0UyU.rar
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieUserList
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieSiteList
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieBrowserModeList
2014-12-20 21:06 - 2014-12-20 21:06 - 00000000 ____D () C:\Users\Matheus\AppData\Local\IsolatedStorage
2014-12-20 21:05 - 2014-12-20 21:05 - 00000908 _____ () C:\Users\Public\Desktop\Warface.lnk
2014-12-20 21:05 - 2014-12-20 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up! Games
2014-12-20 21:03 - 2014-12-20 21:03 - 00000000 ____D () C:\Level Up! Games
2014-12-20 19:14 - 2014-12-20 19:14 - 00020148 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.unplugged.remastered.deluxe.edition.2013.2cd.320kbps.cbr.mp3.vx.p2pdl.torrent
2014-12-20 19:01 - 2014-12-20 19:01 - 00019147 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.the.best.of.eric.clapton.2004.320.vtwin88cube.torrent
2014-12-19 17:46 - 2014-12-30 10:06 - 00000000 ____D () C:\Users\Matheus\Downloads\Rocky.1-6.The.Complete.Saga.1976-2006.1080p.BluRay.x264.anoXmous
2014-12-19 17:45 - 2014-12-19 17:45 - 00055932 _____ () C:\Users\Matheus\Downloads\[kickass.so]rocky.1.6.saga.movies.collection.1976.2006.1080p.bluray.x264.anoxmous.torrent
2014-12-19 10:43 - 2014-12-19 10:43 - 00018295 _____ () C:\Users\Matheus\Downloads\[kickass.so]good.will.hunting.1997.1080p.brrip.x264.yify.torrent
2014-12-17 20:14 - 2014-12-17 20:14 - 00011519 _____ () C:\Users\Matheus\Downloads\[kickass.so]heat.1995.1080p.brrip.x264.yify.torrent
2014-12-17 09:36 - 2014-12-19 09:47 - 00000000 ____D () C:\Users\Matheus\Desktop\Poke
2014-12-17 01:00 - 2014-12-17 15:39 - 00000000 ____D () C:\Users\Matheus\Downloads\Middle Earth Shadow of Mordor.(v.1.0.1636.29).(2014) [Decepticon] RePack
2014-12-17 00:53 - 2014-12-17 00:53 - 00058187 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon (1).torrent
2014-12-17 00:49 - 2014-12-23 21:15 - 00025784 _____ () C:\Windows\PFRO.log
2014-12-17 00:46 - 2014-12-27 23:02 - 00006319 _____ () C:\Windows\setupact.log
2014-12-17 00:46 - 2014-12-17 00:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-17 00:46 - 2014-11-22 08:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-17 00:46 - 2014-11-22 08:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-16 18:52 - 2014-12-27 20:24 - 00000000 ____D () C:\Users\Matheus\Desktop\Menor ainda
2014-12-16 18:39 - 2014-12-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 18:38 - 2014-12-16 18:38 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-16 18:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 18:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 18:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 18:16 - 2014-12-16 18:16 - 00001013 _____ () C:\Users\Public\Desktop\Video to Video.lnk
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\VideoOutput
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\Snapshot
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Program Files (x86)\Video to Video
2014-12-16 18:03 - 2014-12-16 18:40 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-16 18:03 - 2014-12-16 18:03 - 00000000 ____D () C:\FFOutput
2014-12-16 17:59 - 2014-12-16 17:59 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-12-16 17:57 - 2014-12-16 17:57 - 00000000 ____D () C:\Users\Matheus\AppData\Local\iSkysoft
2014-12-16 10:37 - 2014-12-16 15:24 - 00000000 ____D () C:\Users\Matheus\Documents\My Games
2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-12-15 22:16 - 2014-12-15 22:16 - 00015356 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.3.both.expansions.fully.updated.torrent
2014-12-15 22:15 - 2014-12-17 18:21 - 00000000 ____D () C:\ProgramData\Steam
2014-12-15 22:14 - 2014-12-15 22:14 - 00000000 ____D () C:\Games
2014-12-15 21:43 - 2014-12-15 21:43 - 00016090 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.ii.hd.edition.multi2.fix.repack.audioslave.torrent
2014-12-15 21:42 - 2014-12-15 21:42 - 00015081 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.2.hd.edition.v.2.0.multi2.repack.fenixx.torrent
2014-12-14 19:41 - 2014-12-14 19:41 - 00133511 _____ () C:\Users\Matheus\Downloads\[kickass.so]ryse.son.of.rome.codex.torrent
2014-12-12 18:42 - 2014-12-12 18:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Promotion Software GmbH
2014-12-12 18:29 - 2014-12-15 21:44 - 00000000 ____D () C:\Program Files (x86)\CatACat
2014-12-12 14:52 - 2014-12-12 14:52 - 00019712 _____ () C:\Users\Matheus\Downloads\[kickass.so]emergency.5.2014.pc.repack.multi.torrent
2014-12-11 17:22 - 2014-12-11 17:22 - 00025569 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.wolf.of.wall.street.2013.1080p.brrip.x264.ac3.jyk.torrent
2014-12-11 17:18 - 2014-12-11 17:18 - 00019667 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.1080p.brrip.x264.yify.torrent
2014-12-11 15:56 - 2014-12-11 15:56 - 00015137 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.720p.hdcam.x264.jyk.torrent
2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\Users\Matheus\Documents\My Cheat Tables
2014-12-11 08:48 - 2014-12-11 08:48 - 00645729 _____ (WDS Team) C:\Users\Matheus\Downloads\windirstat1_1_2_setup.exe
2014-12-11 08:48 - 2014-12-11 08:48 - 00001031 _____ () C:\Users\Matheus\Desktop\WinDirStat.lnk
2014-12-11 08:48 - 2014-12-11 08:48 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-12-10 11:08 - 2014-12-10 11:08 - 00058315 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon.torrent
2014-12-09 17:06 - 2014-12-09 17:07 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\MKKE
2014-12-09 17:05 - 2014-12-09 17:05 - 00000000 ____D () C:\Users\Matheus\AppData\Local\SKIDROW
2014-12-09 16:35 - 2014-12-09 16:35 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Microsoft Games
2014-12-09 14:52 - 2014-12-09 14:52 - 00103473 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.premium.edition.update.1.2014.pc.repack.r.g.catalyst.torrent
2014-12-09 13:20 - 2014-12-09 13:20 - 00049645 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.steam.rip.multi6.rg.gameworks.torrent
2014-12-09 13:17 - 2014-12-09 13:17 - 00183494 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.flt.torrent
2014-12-09 10:35 - 2014-12-17 18:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Steam
2014-12-09 10:34 - 2014-12-09 10:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-09 09:54 - 2014-12-09 09:54 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-09 09:51 - 2014-12-09 09:51 - 00000000 ____D () C:\Program Files (x86)\47ab82a9-a464-4206-8b1d-b16ca25a37dc
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Users\Matheus\AppData\Local\globalUpdate
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\d1760ecd-0578-4c50-a026-bfbe89143b20
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\0dd50cd4-981a-45e7-b0aa-6429429b6a8d
2014-12-09 09:46 - 2014-12-10 09:47 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-12-09 09:46 - 2014-12-09 09:46 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-12-09 09:46 - 2014-12-09 09:46 - 00003580 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Users\Matheus\AppData\Local\CrashRpt
2014-12-08 12:56 - 2014-12-11 14:05 - 00002373 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-08 12:56 - 2014-12-08 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-08 12:54 - 2014-12-30 09:59 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 12:54 - 2014-12-29 12:59 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 12:54 - 2014-12-08 12:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-08 12:54 - 2014-12-08 12:54 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-08 12:54 - 2014-12-08 12:54 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-08 10:59 - 2014-12-08 11:00 - 00000000 ____D () C:\ProgramData\Auslogics
2014-12-08 10:59 - 2014-12-08 10:59 - 00001236 _____ () C:\Users\Matheus\Desktop\Auslogics Registry Cleaner.lnk
2014-12-08 10:59 - 2014-12-08 10:59 - 00001169 _____ () C:\Users\Matheus\Desktop\Auslogics DiskDefrag.lnk
2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-12-05 08:18 - 2014-12-05 08:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-04 09:52 - 2014-11-06 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-04 09:29 - 2014-12-08 10:38 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-12-04 09:07 - 2014-12-17 18:22 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Anvsoft
2014-12-04 09:07 - 2014-12-04 09:07 - 00000000 ____D () C:\Users\Matheus\Documents\Any Video Converter
2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-04 08:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-04 08:30 - 2014-12-04 08:30 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-04 08:30 - 2014-12-04 08:30 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-04 08:30 - 2014-12-04 08:30 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-04 08:30 - 2014-12-04 08:30 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-04 08:30 - 2014-12-04 08:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-04 08:30 - 2014-12-04 08:30 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-04 08:30 - 2014-12-04 08:30 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-04 08:30 - 2014-12-04 08:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-04 08:28 - 2014-12-04 08:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-12-04 08:28 - 2014-12-04 08:28 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-12-04 08:24 - 2014-12-04 08:24 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-04 08:24 - 2014-12-04 08:24 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-04 07:53 - 2012-03-01 04:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-12-04 07:53 - 2012-03-01 04:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-12-04 07:53 - 2012-03-01 03:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-12-04 07:50 - 2014-06-30 20:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-04 07:50 - 2014-06-30 20:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-04 07:50 - 2014-06-06 04:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-04 07:50 - 2014-06-06 04:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-04 07:50 - 2014-03-09 19:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-04 07:50 - 2014-03-09 19:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-04 07:50 - 2014-03-09 19:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-04 07:50 - 2014-03-09 19:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-03 10:08 - 2011-04-09 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-03 10:08 - 2011-04-09 03:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-03 09:52 - 2014-10-14 00:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-03 09:52 - 2014-10-14 00:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-03 09:52 - 2014-10-14 00:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-03 09:52 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-03 09:52 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-03 09:52 - 2014-04-25 00:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-12-03 09:52 - 2014-04-25 00:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-12-03 09:52 - 2014-03-25 00:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-03 09:52 - 2014-03-25 00:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-03 09:52 - 2013-10-19 00:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-12-03 09:52 - 2013-10-18 23:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-12-03 09:52 - 2013-07-09 03:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-12-03 09:52 - 2013-07-09 02:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-12-03 09:52 - 2013-07-04 10:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-12-03 09:52 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-12-03 09:52 - 2011-10-26 03:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-12-03 09:52 - 2011-10-26 03:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-03 09:52 - 2011-10-26 02:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-12-03 09:52 - 2011-10-26 02:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-12-03 09:52 - 2010-12-23 08:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-12-03 09:52 - 2010-12-23 08:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-12-03 09:52 - 2010-12-23 08:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-12-03 09:52 - 2010-12-23 03:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-12-03 09:52 - 2010-12-23 03:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-12-03 09:52 - 2010-12-23 03:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-12-03 09:51 - 2014-06-18 20:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-03 09:51 - 2014-04-05 00:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-03 09:51 - 2014-04-05 00:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-03 09:51 - 2014-01-29 00:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-12-03 09:51 - 2014-01-29 00:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-12-03 09:51 - 2013-11-26 09:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-03 09:51 - 2013-10-05 18:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-03 09:51 - 2013-10-05 17:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-03 09:51 - 2013-07-09 03:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-12-03 09:51 - 2013-07-09 03:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-12-03 09:51 - 2013-07-09 02:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-12-03 09:51 - 2013-07-09 02:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-12-03 09:51 - 2013-04-12 12:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-03 09:51 - 2011-11-17 04:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-12-03 09:51 - 2011-11-17 03:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-12-03 09:51 - 2011-07-09 00:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-12-03 09:51 - 2011-04-27 00:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-12-03 09:51 - 2011-04-27 00:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-12-03 09:50 - 2014-08-21 04:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-03 09:50 - 2014-08-21 04:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-03 09:50 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-03 09:50 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-03 09:50 - 2014-07-16 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-03 09:50 - 2014-07-16 00:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-03 09:50 - 2014-06-18 00:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-03 09:50 - 2014-06-17 23:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-03 09:50 - 2014-06-06 08:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-03 09:50 - 2014-06-06 07:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-03 09:50 - 2014-06-03 07:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-03 09:50 - 2014-06-03 07:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-03 09:50 - 2014-06-03 07:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-03 09:50 - 2014-05-30 04:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-03 09:50 - 2014-03-26 12:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-12-03 09:50 - 2014-03-26 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-12-03 09:50 - 2014-03-26 12:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-12-03 09:50 - 2014-03-26 12:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-12-03 09:50 - 2014-03-04 07:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-03 09:50 - 2014-03-04 07:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-12-03 09:50 - 2014-03-04 07:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-03 09:50 - 2014-03-04 07:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-12-03 09:50 - 2014-03-04 07:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-12-03 09:50 - 2014-03-04 07:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-12-03 09:50 - 2014-03-04 07:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-12-03 09:50 - 2014-03-04 07:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-03 09:50 - 2013-11-26 23:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-12-03 09:50 - 2013-10-04 00:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-12-03 09:50 - 2013-10-03 23:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-12-03 09:50 - 2013-08-02 00:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-12-03 09:50 - 2013-08-02 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-12-03 09:50 - 2013-08-01 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-12-03 09:50 - 2013-08-01 22:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-12-03 09:50 - 2013-07-25 07:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-12-03 09:50 - 2013-07-25 06:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-12-03 09:50 - 2013-07-12 08:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-12-03 09:50 - 2013-07-12 08:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-12-03 09:50 - 2013-07-03 02:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-12-03 09:50 - 2013-07-03 02:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-12-03 09:50 - 2013-06-25 20:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-12-03 09:50 - 2013-06-06 03:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-12-03 09:50 - 2013-06-06 03:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-12-03 09:50 - 2013-06-06 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-12-03 09:50 - 2013-06-06 03:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-12-03 09:50 - 2013-06-06 02:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-12-03 09:50 - 2013-06-06 02:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-12-03 09:50 - 2013-06-06 02:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-12-03 09:50 - 2013-06-06 01:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-12-03 09:50 - 2013-06-06 01:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-12-03 09:50 - 2013-06-06 01:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-12-03 09:50 - 2013-02-27 03:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-12-03 09:50 - 2013-02-12 02:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-12-03 09:50 - 2012-11-28 20:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-12-03 09:50 - 2012-11-28 20:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-12-03 09:50 - 2012-11-28 20:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-12-03 09:50 - 2012-11-02 03:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-12-03 09:50 - 2012-11-02 03:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-12-03 09:50 - 2011-03-11 04:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-12-03 09:50 - 2011-03-11 04:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-12-03 09:50 - 2011-03-11 03:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-12-03 09:50 - 2011-03-11 03:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-12-03 09:50 - 2011-03-03 04:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-03 09:50 - 2011-03-03 04:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-03 09:50 - 2011-03-03 04:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-12-03 09:50 - 2011-03-03 03:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-03 09:50 - 2011-03-03 03:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-12-03 09:49 - 2013-12-24 21:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-03 09:49 - 2013-12-24 20:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-03 09:49 - 2013-11-26 06:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-03 09:49 - 2013-11-22 20:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-03 09:48 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-03 09:48 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-03 09:48 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-03 09:48 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-03 09:48 - 2014-10-14 00:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-03 09:48 - 2014-10-14 00:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-03 09:48 - 2014-10-13 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-03 09:48 - 2014-10-13 23:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-03 09:48 - 2014-10-03 00:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-03 09:48 - 2014-09-04 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-03 09:48 - 2014-09-04 03:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-03 09:48 - 2014-08-12 00:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-03 09:48 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-03 09:48 - 2014-06-16 00:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-03 09:48 - 2014-04-12 00:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-12-03 09:48 - 2014-04-12 00:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-12-03 09:48 - 2014-04-12 00:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-12-03 09:48 - 2014-04-12 00:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-12-03 09:48 - 2014-04-12 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-12-03 09:48 - 2013-07-26 00:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-12-03 09:48 - 2013-07-25 23:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-12-03 09:48 - 2013-04-26 03:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-12-03 09:48 - 2013-04-26 02:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-12-03 09:48 - 2013-04-10 04:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-12-03 09:48 - 2012-11-23 01:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-12-03 09:48 - 2012-09-25 20:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-12-03 09:48 - 2012-09-25 20:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-12-03 09:48 - 2012-03-17 05:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-12-03 09:48 - 2011-08-17 03:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-12-03 09:48 - 2011-08-17 03:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-12-03 09:48 - 2011-08-17 02:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-12-03 09:48 - 2011-08-17 02:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-12-03 09:48 - 2011-05-24 09:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-12-03 09:48 - 2011-05-24 08:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-12-03 09:48 - 2011-05-24 08:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-12-03 09:48 - 2011-05-24 08:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-12-03 09:48 - 2011-05-24 08:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-12-03 09:48 - 2011-04-29 01:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-12-03 09:48 - 2011-04-29 01:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-12-03 09:48 - 2011-04-29 01:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-12-03 09:48 - 2011-02-05 15:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-12-03 09:48 - 2011-02-05 15:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-12-03 09:48 - 2011-02-05 15:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-12-03 09:48 - 2011-02-05 15:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-12-03 09:48 - 2011-02-05 15:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-03 09:48 - 2011-02-05 15:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-12-03 09:48 - 2011-02-05 15:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-03 09:48 - 2011-02-03 09:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-12-03 09:46 - 2014-10-24 23:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-03 09:46 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-03 09:46 - 2014-07-17 00:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-03 09:46 - 2014-07-17 00:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-03 09:46 - 2014-07-16 23:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-03 09:46 - 2014-07-16 23:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-03 09:46 - 2014-07-16 23:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-03 09:46 - 2014-07-16 23:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-03 09:46 - 2014-07-16 23:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-03 09:46 - 2014-07-16 23:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-03 09:46 - 2013-07-20 08:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-03 09:46 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-03 09:46 - 2013-02-15 04:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-03 09:46 - 2013-02-15 04:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-03 09:46 - 2013-02-15 01:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-03 09:46 - 2012-04-26 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-12-03 09:46 - 2012-04-26 03:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-12-03 09:45 - 2014-10-18 00:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-03 09:45 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-03 09:45 - 2014-10-09 22:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-03 09:45 - 2014-08-23 00:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-03 09:45 - 2014-08-22 23:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-12-03 09:45 - 2014-03-04 07:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-12-03 09:45 - 2014-03-04 07:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-03 09:45 - 2014-03-04 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-12-03 09:45 - 2014-03-04 07:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-12-03 09:45 - 2014-03-04 06:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-12-03 09:45 - 2014-03-04 06:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-12-03 09:45 - 2013-10-12 00:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-12-03 09:45 - 2013-10-12 00:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-12-03 09:45 - 2013-10-12 00:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-12-03 09:45 - 2013-10-12 00:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-12-03 09:45 - 2013-10-11 23:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-12-03 09:45 - 2013-10-11 23:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-12-03 09:45 - 2013-10-11 23:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-12-03 09:45 - 2013-10-11 23:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-12-03 09:45 - 2013-08-02 00:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-12-03 09:45 - 2013-08-01 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-12-03 09:45 - 2013-07-04 10:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-12-03 09:45 - 2013-05-13 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-12-03 09:45 - 2013-05-13 01:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-12-03 09:45 - 2013-05-13 01:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-12-03 09:45 - 2013-05-13 01:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-12-03 09:45 - 2013-04-09 21:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-12-03 09:45 - 2013-04-02 20:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-03 09:45 - 2012-07-04 20:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-12-03 09:45 - 2012-07-04 20:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-12-03 09:45 - 2012-07-04 20:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-12-03 09:45 - 2012-07-04 19:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-12-03 09:45 - 2012-07-04 19:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-12-03 09:45 - 2012-05-14 03:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-12-03 09:45 - 2011-12-16 06:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-12-03 09:45 - 2011-12-16 05:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-12-03 09:45 - 2011-10-15 04:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-12-03 09:45 - 2011-10-15 03:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-12-03 09:45 - 2011-08-27 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-12-03 09:45 - 2011-08-27 02:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-12-03 09:45 - 2011-05-03 03:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-03 09:45 - 2011-05-03 02:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-03 09:45 - 2011-02-23 02:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-12-03 09:45 - 2011-02-12 09:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-12-03 09:44 - 2014-07-14 00:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-03 09:44 - 2014-07-13 23:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-03 09:44 - 2013-10-12 00:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-12-03 09:44 - 2013-10-12 00:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-12-03 09:44 - 2013-10-12 00:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-12-03 09:44 - 2013-10-12 00:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-12-03 09:44 - 2013-10-12 00:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-12-03 09:44 - 2012-06-06 04:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-12-03 09:44 - 2012-06-06 03:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-12-03 09:28 - 2012-02-17 04:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-12-03 09:28 - 2012-02-17 03:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-12-03 09:28 - 2012-02-17 02:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-12-03 09:20 - 2014-05-14 14:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-03 09:20 - 2014-05-14 14:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-12-03 09:20 - 2014-05-14 14:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-03 09:20 - 2014-05-14 14:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-03 09:20 - 2014-05-14 14:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-03 09:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-03 09:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-03 09:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-03 09:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-30 11:14 - 2014-11-30 11:20 - 00000000 ____D () C:\Users\Matheus\Documents\ActivePresenter
2014-11-30 11:13 - 2014-12-27 17:53 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\ActivePresenter
2014-11-30 11:13 - 2014-11-30 11:13 - 00001367 _____ () C:\Users\Public\Desktop\Active Presenter.lnk
2014-11-30 11:13 - 2014-11-30 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ActivePresenter
2014-11-30 11:12 - 2014-11-30 11:12 - 00000000 ____D () C:\Program Files (x86)\ATOMI
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-30 10:18 - 2014-10-23 14:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\uTorrent
2014-12-30 10:09 - 2014-10-23 12:56 - 01488346 _____ () C:\Windows\WindowsUpdate.log
2014-12-30 09:55 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-30 09:55 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-28 10:24 - 2014-10-23 14:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\vlc
2014-12-23 21:21 - 2009-07-14 03:13 - 00782462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 21:15 - 2014-10-23 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-23 21:15 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 21:15 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 21:09 - 2009-07-14 01:20 - 00000000 __RHD () C:\Users\Default
2014-12-22 11:55 - 2014-10-23 12:54 - 00000000 ____D () C:\Users\Matheus
2014-12-17 00:49 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PLA
2014-12-16 23:27 - 2014-10-23 15:18 - 00000000 ____D () C:\Users\Matheus\Desktop\TJ
2014-12-16 18:50 - 2014-11-28 11:45 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-12-16 15:26 - 2014-10-23 13:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-16 10:33 - 2009-07-14 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 22:12 - 2014-10-23 13:37 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-11 08:45 - 2014-10-23 18:52 - 00000000 ____D () C:\Windows\Panther
2014-12-10 15:56 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 10:30 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-10 09:51 - 2014-10-23 12:54 - 00001605 _____ () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-10 09:51 - 2009-07-14 03:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 09:47 - 2009-07-14 02:45 - 00284296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-10 09:46 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 09:45 - 2010-11-21 05:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-09 14:46 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\Matheus\Desktop\bkp
2014-12-08 12:56 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Google
2014-12-08 12:54 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Deployment
2014-12-08 10:58 - 2014-11-28 20:14 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Audacity
2014-12-06 21:28 - 2014-10-23 13:04 - 00062976 _____ () C:\Users\Matheus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 08:21 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-04 09:16 - 2014-11-29 15:37 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Windows Live
2014-12-04 08:41 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-30 11:16 - 2014-11-28 11:47 - 00004549 _____ () C:\Users\Matheus\AppData\Roaming\CamStudio.cfg
2014-11-30 11:16 - 2014-11-28 11:47 - 00000408 _____ () C:\Users\Matheus\AppData\Roaming\CamShapes.ini
2014-11-30 11:16 - 2014-11-28 11:47 - 00000408 _____ () C:\Users\Matheus\AppData\Roaming\CamLayout.ini
2014-11-30 11:16 - 2014-11-28 11:47 - 00000109 _____ () C:\Users\Matheus\AppData\Roaming\Camdata.ini
2014-11-30 11:02 - 2014-11-28 11:46 - 00000000 ____D () C:\Users\Matheus\Documents\My CamStudio Temp Files
2014-11-30 10:33 - 2014-11-28 11:45 - 00000096 _____ () C:\Users\Matheus\AppData\Roaming\version2.xml
2014-11-30 10:29 - 2014-11-28 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2014-11-30 10:28 - 2014-11-29 15:55 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Orbit
 
Some content of TEMP:
====================
C:\Users\Matheus\AppData\Local\Temp\avgnt.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-26 14:58
 
==================== End Of Log ============================

Addition

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Matheus at 2014-12-30 10:19:15
Running from C:\Users\Matheus\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.3 - Atomi Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2600 - Broadcom Corporation)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Software Intel® PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warface (HKLM-x32\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.254.035 - Level Up! Games)
WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Realtek (RTL8167) Net  (04/21/2011 7.044.0421.2011) (HKLM\...\BF3DF29FDD6B622C311A7DE6464AA9B597D791A1) (Version: 04/21/2011 7.044.0421.2011 - Realtek)
Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM\...\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
Windows Driver Package - Ricoh Company SD Host Controller (12/17/2010 6.13.10.26) (HKLM\...\43201741444A6BB04A6B0FB2901BDBB2E890B61C) (Version: 12/17/2010 6.13.10.26 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-178241157-3166524979-4280168215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matheus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
 
==================== Restore Points  =========================
 
28-12-2014 11:38:10 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:34 - 2014-12-23 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13E81C99-E673-4E8E-A412-5E8867DAEE2B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {1A357285-BE0A-4C77-A69E-143661F6C138} - \SPDriver No Task File <==== ATTENTION
Task: {37399520-8644-44A9-9CCB-4A79386650A2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {5B1B0E6A-D8CD-4606-B52C-B227930F210D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {6CB7D5C3-10AB-4836-91D0-B0914ADDA3E6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {6D7BB8E3-F85B-4B26-817C-0038B6F94EF4} - \ShopperPro No Task File <==== ATTENTION
Task: {7AF9DF76-440D-46B6-A369-355F6F43BB47} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEDC3847-3E0F-4635-B022-6F4BB070A5C4} - \SMupdate1 No Task File <==== ATTENTION
Task: {AFDEC112-CA44-4100-9EAA-CA2A8C282A2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {B4A8D1AE-0F26-4985-9172-3B5BFBA9B40B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {EE5FBB41-1DE6-4953-90DC-161ECE47BAF9} - \SPBIW_UpdateTask_Time_323536333932393437382d5755326c785a5a5737414534 No Task File <==== ATTENTION
Task: {F2A4EF5C-F30D-4FCA-B359-76B5F0CD284A} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {FF9BE4E7-0B6B-4E9D-A8A9-8BFAB65890F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-23 14:06 - 2014-10-30 00:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-10 09:57 - 2014-12-10 09:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2014-10-23 13:16 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-178241157-3166524979-4280168215-500 - Administrator - Disabled)
Guest (S-1-5-21-178241157-3166524979-4280168215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178241157-3166524979-4280168215-1002 - Limited - Enabled)
Matheus (S-1-5-21-178241157-3166524979-4280168215-1000 - Administrator - Enabled) => C:\Users\Matheus
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 10:02:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x21b4
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:02:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1c3c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1268
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:00:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Launcher.exe version 1.0.247.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20a0
 
Start Time: 01d024281ace01ec
 
Termination Time: 15
 
Application Path: C:\Level Up! Games\Warface\Launcher\Launcher.exe
 
Report Id:
 
Error: (12/29/2014 02:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1d6c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/29/2014 01:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1060
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/28/2014 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1660
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/24/2014 03:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0xea0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/24/2014 03:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1948
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/23/2014 11:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x16d8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
 
System errors:
=============
Error: (12/27/2014 05:04:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/23/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:14:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:14:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:11:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2014 09:07:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:06:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 08:40:37 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 10:02:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b21b401d024287acab73cC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllc16f38c8-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:02:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd1c3c01d024287563987aC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb6138076-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b126801d02390ed57ed33C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllad8c9358-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:00:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Launcher.exe1.0.247.3220a001d024281ace01ec15C:\Level Up! Games\Warface\Launcher\Launcher.exe
 
Error: (12/29/2014 02:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b1d6c01d0238059fa046fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllfcdbb6a0-8f75-11e4-be5d-3859f9ee32ed
 
Error: (12/29/2014 01:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b106001d0237f99a0e5efC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll726bb9cc-8f73-11e4-be5d-3859f9ee32ed
 
Error: (12/28/2014 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd166001d0223966626a7bC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll85589010-8e8c-11e4-be5d-3859f9ee32ed
 
Error: (12/24/2014 03:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207bea001d01fa183a093bdC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllcbacdaf3-8b94-11e4-be5d-3859f9ee32ed
 
Error: (12/24/2014 03:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd194801d01fa1279690fdC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb5ed302e-8b94-11e4-be5d-3859f9ee32ed
 
Error: (12/23/2014 11:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd16d801d01f0c8ed8599fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll83547bc6-8b0d-11e4-be5d-3859f9ee32ed
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 21:14:27.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:27.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8173.22 MB
Available physical RAM: 5221.46 MB
Total Pagefile: 16344.62 MB
Available Pagefile: 12671.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:10.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Windows_7_Ultimate_32_Bit) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 31644004)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 31 December 2014 - 03:35 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Matheus at 2014-12-30 10:19:15
Running from C:\Users\Matheus\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.3 - Atomi Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2600 - Broadcom Corporation)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Software Intel® PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warface (HKLM-x32\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.254.035 - Level Up! Games)
WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Realtek (RTL8167) Net  (04/21/2011 7.044.0421.2011) (HKLM\...\BF3DF29FDD6B622C311A7DE6464AA9B597D791A1) (Version: 04/21/2011 7.044.0421.2011 - Realtek)
Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM\...\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
Windows Driver Package - Ricoh Company SD Host Controller (12/17/2010 6.13.10.26) (HKLM\...\43201741444A6BB04A6B0FB2901BDBB2E890B61C) (Version: 12/17/2010 6.13.10.26 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-178241157-3166524979-4280168215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matheus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
 
==================== Restore Points  =========================
 
28-12-2014 11:38:10 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:34 - 2014-12-23 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13E81C99-E673-4E8E-A412-5E8867DAEE2B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {1A357285-BE0A-4C77-A69E-143661F6C138} - \SPDriver No Task File <==== ATTENTION
Task: {37399520-8644-44A9-9CCB-4A79386650A2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {5B1B0E6A-D8CD-4606-B52C-B227930F210D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {6CB7D5C3-10AB-4836-91D0-B0914ADDA3E6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {6D7BB8E3-F85B-4B26-817C-0038B6F94EF4} - \ShopperPro No Task File <==== ATTENTION
Task: {7AF9DF76-440D-46B6-A369-355F6F43BB47} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEDC3847-3E0F-4635-B022-6F4BB070A5C4} - \SMupdate1 No Task File <==== ATTENTION
Task: {AFDEC112-CA44-4100-9EAA-CA2A8C282A2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {B4A8D1AE-0F26-4985-9172-3B5BFBA9B40B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {EE5FBB41-1DE6-4953-90DC-161ECE47BAF9} - \SPBIW_UpdateTask_Time_323536333932393437382d5755326c785a5a5737414534 No Task File <==== ATTENTION
Task: {F2A4EF5C-F30D-4FCA-B359-76B5F0CD284A} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {FF9BE4E7-0B6B-4E9D-A8A9-8BFAB65890F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-23 14:06 - 2014-10-30 00:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-12-10 09:57 - 2014-12-10 09:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2014-10-23 13:16 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-178241157-3166524979-4280168215-500 - Administrator - Disabled)
Guest (S-1-5-21-178241157-3166524979-4280168215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178241157-3166524979-4280168215-1002 - Limited - Enabled)
Matheus (S-1-5-21-178241157-3166524979-4280168215-1000 - Administrator - Enabled) => C:\Users\Matheus
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (12/30/2014 10:02:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x21b4
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:02:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1c3c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1268
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/30/2014 10:00:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Launcher.exe version 1.0.247.32 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 20a0
 
Start Time: 01d024281ace01ec
 
Termination Time: 15
 
Application Path: C:\Level Up! Games\Warface\Launcher\Launcher.exe
 
Report Id:
 
Error: (12/29/2014 02:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1d6c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/29/2014 01:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1060
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/28/2014 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1660
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/24/2014 03:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0xea0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/24/2014 03:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x1948
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/23/2014 11:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x16d8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
 
System errors:
=============
Error: (12/27/2014 05:04:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/23/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:14:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:14:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:11:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2014 09:07:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:06:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 08:40:37 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
 
Microsoft Office Sessions:
=========================
Error: (12/30/2014 10:02:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b21b401d024287acab73cC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllc16f38c8-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:02:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd1c3c01d024287563987aC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb6138076-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:02:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b126801d02390ed57ed33C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllad8c9358-901b-11e4-be5d-3859f9ee32ed
 
Error: (12/30/2014 10:00:33 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Launcher.exe1.0.247.3220a001d024281ace01ec15C:\Level Up! Games\Warface\Launcher\Launcher.exe
 
Error: (12/29/2014 02:16:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b1d6c01d0238059fa046fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllfcdbb6a0-8f75-11e4-be5d-3859f9ee32ed
 
Error: (12/29/2014 01:57:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b106001d0237f99a0e5efC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll726bb9cc-8f73-11e4-be5d-3859f9ee32ed
 
Error: (12/28/2014 10:24:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd166001d0223966626a7bC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll85589010-8e8c-11e4-be5d-3859f9ee32ed
 
Error: (12/24/2014 03:46:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207bea001d01fa183a093bdC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllcbacdaf3-8b94-11e4-be5d-3859f9ee32ed
 
Error: (12/24/2014 03:45:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd194801d01fa1279690fdC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb5ed302e-8b94-11e4-be5d-3859f9ee32ed
 
Error: (12/23/2014 11:38:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd16d801d01f0c8ed8599fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll83547bc6-8b0d-11e4-be5d-3859f9ee32ed
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 21:14:27.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:27.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 36%
Total physical RAM: 8173.22 MB
Available physical RAM: 5221.46 MB
Total Pagefile: 16344.62 MB
Available Pagefile: 12671.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:10.39 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Windows_7_Ultimate_32_Bit) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 31644004)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 01 January 2015 - 07:26 AM

Running from C:\Users\Matheus\Downloads

Would you please follow my instructions?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 02 January 2015 - 08:22 AM

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
  2. Ran by Matheus (administrator) on MATHEUS-PC on 02-01-2015 11:16:12
  3. Running from C:\Users\Matheus\Desktop
  4. Loaded Profile: Matheus (Available profiles: Matheus)
  5. Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
  6. Internet Explorer Version 11 (Default browser: IE)
  7. Boot Mode: Normal
  8.  
  9. ==================== Processes (Whitelisted) =================
  10.  
  11. (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
  12.  
  13. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  14. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
  15. (Microsoft Corporation) C:\Windows\System32\wlanext.exe
  16. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
  17. (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
  18. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
  19. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
  20. (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
  21. (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
  22. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
  23. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
  24. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  25. (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
  26. (Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
  27. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
  28. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
  29. (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
  30. (Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
  31. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  32. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
  33. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
  34. (Microsoft Corporation) C:\Windows\System32\rundll32.exe
  35. (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
  36. (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
  37. (Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
  38. (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
  39. (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
  40. (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
  41. (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
  42. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
  43. (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
  44. (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
  45. (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
  46. (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
  47. (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
  48. (Microsoft Corporation) C:\Windows\System32\dllhost.exe
  49. (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
  50. (Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
  51. (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
  52. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  53. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  54. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  55. (Microsoft Corporation) C:\Windows\System32\taskmgr.exe
  56. (Atomi Systems, Inc.) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
  57. (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
  58. (Foxit Corporation) C:\Users\Matheus\AppData\Local\Temp\Foxit Reader Updater.exe
  59. (Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
  60. () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
  61. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  62. (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
  63.  
  64.  
  65. ==================== Registry (Whitelisted) ==================
  66.  
  67. (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
  68.  
  69. HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
  70. HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-07-20] (Synaptics Incorporated)
  71. HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [1211680 2011-07-27] (Broadcom Corporation.)
  72. HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
  73. HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
  74. HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-07-20] (Realtek Semiconductor)
  75. HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
  76. HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
  77. HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
  78. HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
  79. ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
  80. CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
  81.  
  82. ==================== Internet (Whitelisted) ====================
  83.  
  84. (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
  85.  
  86. HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  87. HKU\S-1-5-21-178241157-3166524979-4280168215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
  88. ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
  89. ProxyServer: [.DEFAULT] => http=127.0.0.1:52743;https=127.0.0.1:52743;
  90. HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
  91. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
  92. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
  93. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
  94. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
  95. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  96. HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
  97. HKU\S-1-5-21-178241157-3166524979-4280168215-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
  98. StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
  99. BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
  100. BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
  101. BHO: HDVid2.6dV09.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\HDVid2.6dV09.12\HDVid2.6dV09.12-bho64.dll No File
  102. BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  103. BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  104. BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
  105. BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
  106. BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
  107. BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
  108. Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
  109.  
  110. FireFox:
  111. ========
  112. FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
  113. FF Plugin: @microsoft.com/GENUINE -> disabled No File
  114. FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  115. FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
  116. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  117. FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
  118. FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
  119. FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
  120. FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
  121. FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
  122. FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
  123. FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
  124. FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
  125. FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
  126. FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
  127. FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
  128. FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
  129. FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
  130. FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
  131.  
  132. Chrome:
  133. =======
  134. CHR HomePage: Default -> hxxp://www.google.com.br/
  135. CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0C0EtA0F0EtD0AyEtByEtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAtC0EzyyCtGyByEzztBtG0D0Azy0DtG0CtDtByCtGtA0E0E0EyByEtB0DyByB0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FyCzztAyCyBtAtGzztCzztCtGyEyByDyEtG0A0CyB0CtGtB0BtD0EyEyC0B0AyB0BtByC2Q&cr=1093509336&ir=", "hxxp://start.qone8.com/?type=hp&ts=1399210072&from=smt&uid=TOSHIBAXMK7559GSXP_51J7F1XCSXX51J7F1XCS", "hxxp://www.mystartsearch.com/?type=hp&ts=1418125480&from=amt&uid=SPK-SF12-M120_SPARK12071100042"
  136. CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
  137. CHR Profile: C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default
  138. CHR Extension: (Google Apresentações) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-08]
  139. CHR Extension: (Google Docs) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
  140. CHR Extension: (Google Drive) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
  141. CHR Extension: (YouTube) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
  142. CHR Extension: (Pesquisa do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
  143. CHR Extension: (Planilhas do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-08]
  144. CHR Extension: (Segurança do navegador Avira) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-08]
  145. CHR Extension: (Google Wallet) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-08]
  146. CHR Extension: (Gmail) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
  147. CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
  148. CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
  149.  
  150. ==================== Services (Whitelisted) =================
  151.  
  152. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  153.  
  154. R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
  155. R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
  156. R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
  157. R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
  158. R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
  159. S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
  160. S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
  161. R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
  162. R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
  163. R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
  164. S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
  165.  
  166. ==================== Drivers (Whitelisted) ====================
  167.  
  168. (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
  169.  
  170. R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-25] (Avira Operations GmbH & Co. KG)
  171. R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-25] (Avira Operations GmbH & Co. KG)
  172. R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-25] (Avira Operations GmbH & Co. KG)
  173. R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
  174. R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
  175. R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-07-20] (REDC)
  176. S3 catchme; \??\C:\ComboFix\catchme.sys [X]
  177. S3 VGPU; System32\drivers\rdvgkmd.sys [X]
  178.  
  179. ==================== NetSvcs (Whitelisted) ===================
  180.  
  181. (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
  182.  
  183.  
  184. ==================== One Month Created Files and Folders ========
  185.  
  186. (If an entry is included in the fixlist, the file\folder will be moved.)
  187.  
  188. 2015-01-02 11:16 - 2015-01-02 11:16 - 00018383 _____ () C:\Users\Matheus\Desktop\FRST.txt
  189. 2015-01-02 09:50 - 2015-01-02 09:50 - 00710745 _____ () C:\Users\Matheus\Downloads\bb0213_edital.zip
  190. 2014-12-31 16:06 - 2014-12-31 16:06 - 00033557 _____ () C:\Users\Matheus\Downloads\ee7276996c299da84632f7811c854fa0128ab2ae.zip
  191. 2014-12-31 16:03 - 2014-12-31 16:03 - 00041907 _____ () C:\Users\Matheus\Downloads\f770803e7cd22da0c79289c548035ab7318b3511.zip
  192. 2014-12-31 15:09 - 2014-12-31 15:09 - 00042579 _____ () C:\Users\Matheus\Downloads\9d48a8beda85acd8b621156983830253.zip
  193. 2014-12-30 10:19 - 2014-12-30 10:19 - 00028382 _____ () C:\Users\Matheus\Downloads\Addition.txt
  194. 2014-12-30 10:18 - 2015-01-02 11:16 - 00000000 ____D () C:\FRST
  195. 2014-12-30 10:18 - 2014-12-30 10:19 - 00096263 _____ () C:\Users\Matheus\Downloads\FRST.txt
  196. 2014-12-30 10:18 - 2014-12-30 10:18 - 02123264 _____ (Farbar) C:\Users\Matheus\Desktop\FRST64.exe
  197. 2014-12-29 10:33 - 2015-01-02 09:54 - 00800122 _____ () C:\Users\Matheus\Desktop\2015.xlsx
  198. 2014-12-29 10:33 - 2014-12-29 10:33 - 00000165 ____H () C:\Users\Matheus\Desktop\~$2015.xlsx
  199. 2014-12-27 14:16 - 2014-12-27 14:16 - 00681220 _____ () C:\Users\Matheus\Downloads\bb0214_edital.zip
  200. 2014-12-26 14:30 - 2014-12-26 14:30 - 00015829 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.interview.2014.720p.web.dl.xvid.mp3.rarbg.torrent
  201. 2014-12-26 14:27 - 2014-12-27 20:28 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn-Time
  202. 2014-12-26 14:27 - 2014-12-26 14:27 - 00002216 _____ () C:\Users\Matheus\Desktop\Popcorn Time.lnk
  203. 2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
  204. 2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn Time
  205. 2014-12-23 21:19 - 2014-12-23 21:19 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Matheus\Downloads\HijackThis.exe
  206. 2014-12-23 21:19 - 2014-12-23 21:19 - 00010265 _____ () C:\Users\Matheus\Downloads\hijackthis.log
  207. 2014-12-23 21:16 - 2014-12-23 21:16 - 00025129 _____ () C:\ComboFix.txt
  208. 2014-12-23 21:04 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
  209. 2014-12-23 21:04 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
  210. 2014-12-23 21:04 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
  211. 2014-12-23 21:04 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
  212. 2014-12-23 21:04 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
  213. 2014-12-23 21:04 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
  214. 2014-12-23 21:04 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
  215. 2014-12-23 21:04 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
  216. 2014-12-23 20:41 - 2014-12-23 21:16 - 00000000 ____D () C:\Qoobox
  217. 2014-12-23 20:41 - 2014-12-23 21:08 - 00000000 ____D () C:\Windows\erdnt
  218. 2014-12-23 19:23 - 2014-12-23 19:25 - 05603465 ____R (Swearware) C:\Users\Matheus\Downloads\ComboFix.exe
  219. 2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\Users\Matheus\.aria2
  220. 2014-12-21 16:47 - 2014-12-21 17:35 - 148255653 _____ () C:\Users\Matheus\Downloads\yCcsUhGum2b0Hf_EJHu1pMxTFLS3W2NTg2HIc8h0UyU.rar
  221. 2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieUserList
  222. 2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieSiteList
  223. 2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieBrowserModeList
  224. 2014-12-20 21:06 - 2014-12-20 21:06 - 00000000 ____D () C:\Users\Matheus\AppData\Local\IsolatedStorage
  225. 2014-12-20 21:05 - 2014-12-20 21:05 - 00000908 _____ () C:\Users\Public\Desktop\Warface.lnk
  226. 2014-12-20 21:05 - 2014-12-20 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up! Games
  227. 2014-12-20 21:03 - 2014-12-20 21:03 - 00000000 ____D () C:\Level Up! Games
  228. 2014-12-20 19:14 - 2014-12-20 19:14 - 00020148 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.unplugged.remastered.deluxe.edition.2013.2cd.320kbps.cbr.mp3.vx.p2pdl.torrent
  229. 2014-12-20 19:01 - 2014-12-20 19:01 - 00019147 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.the.best.of.eric.clapton.2004.320.vtwin88cube.torrent
  230. 2014-12-19 17:45 - 2014-12-19 17:45 - 00055932 _____ () C:\Users\Matheus\Downloads\[kickass.so]rocky.1.6.saga.movies.collection.1976.2006.1080p.bluray.x264.anoxmous.torrent
  231. 2014-12-19 10:43 - 2014-12-19 10:43 - 00018295 _____ () C:\Users\Matheus\Downloads\[kickass.so]good.will.hunting.1997.1080p.brrip.x264.yify.torrent
  232. 2014-12-17 20:14 - 2014-12-17 20:14 - 00011519 _____ () C:\Users\Matheus\Downloads\[kickass.so]heat.1995.1080p.brrip.x264.yify.torrent
  233. 2014-12-17 09:36 - 2014-12-19 09:47 - 00000000 ____D () C:\Users\Matheus\Desktop\Poke
  234. 2014-12-17 00:53 - 2014-12-17 00:53 - 00058187 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon (1).torrent
  235. 2014-12-17 00:49 - 2014-12-23 21:15 - 00025784 _____ () C:\Windows\PFRO.log
  236. 2014-12-17 00:46 - 2014-12-31 14:51 - 00007047 _____ () C:\Windows\setupact.log
  237. 2014-12-17 00:46 - 2014-12-17 00:46 - 00000000 _____ () C:\Windows\setuperr.log
  238. 2014-12-17 00:46 - 2014-11-22 08:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
  239. 2014-12-17 00:46 - 2014-11-22 08:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
  240. 2014-12-16 18:52 - 2015-01-02 09:46 - 00000000 ____D () C:\Users\Matheus\Desktop\Menor ainda
  241. 2014-12-16 18:39 - 2014-12-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
  242. 2014-12-16 18:38 - 2014-12-16 18:38 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
  243. 2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
  244. 2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
  245. 2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
  246. 2014-12-16 18:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
  247. 2014-12-16 18:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
  248. 2014-12-16 18:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
  249. 2014-12-16 18:16 - 2014-12-16 18:16 - 00001013 _____ () C:\Users\Public\Desktop\Video to Video.lnk
  250. 2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\VideoOutput
  251. 2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\Snapshot
  252. 2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
  253. 2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
  254. 2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Program Files (x86)\Video to Video
  255. 2014-12-16 18:03 - 2014-12-16 18:40 - 00000000 ____D () C:\Program Files (x86)\FreeTime
  256. 2014-12-16 18:03 - 2014-12-16 18:03 - 00000000 ____D () C:\FFOutput
  257. 2014-12-16 17:59 - 2014-12-16 17:59 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
  258. 2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
  259. 2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft
  260. 2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
  261. 2014-12-16 17:57 - 2014-12-16 17:57 - 00000000 ____D () C:\Users\Matheus\AppData\Local\iSkysoft
  262. 2014-12-16 10:37 - 2014-12-16 15:24 - 00000000 ____D () C:\Users\Matheus\Documents\My Games
  263. 2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
  264. 2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\ProgramData\Age of Empires 3
  265. 2014-12-15 22:16 - 2014-12-15 22:16 - 00015356 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.3.both.expansions.fully.updated.torrent
  266. 2014-12-15 22:15 - 2014-12-17 18:21 - 00000000 ____D () C:\ProgramData\Steam
  267. 2014-12-15 22:14 - 2014-12-15 22:14 - 00000000 ____D () C:\Games
  268. 2014-12-15 21:43 - 2014-12-15 21:43 - 00016090 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.ii.hd.edition.multi2.fix.repack.audioslave.torrent
  269. 2014-12-15 21:42 - 2014-12-15 21:42 - 00015081 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.2.hd.edition.v.2.0.multi2.repack.fenixx.torrent
  270. 2014-12-14 19:41 - 2014-12-14 19:41 - 00133511 _____ () C:\Users\Matheus\Downloads\[kickass.so]ryse.son.of.rome.codex.torrent
  271. 2014-12-12 18:42 - 2014-12-12 18:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Promotion Software GmbH
  272. 2014-12-12 18:29 - 2014-12-15 21:44 - 00000000 ____D () C:\Program Files (x86)\CatACat
  273. 2014-12-12 14:52 - 2014-12-12 14:52 - 00019712 _____ () C:\Users\Matheus\Downloads\[kickass.so]emergency.5.2014.pc.repack.multi.torrent
  274. 2014-12-11 17:22 - 2014-12-11 17:22 - 00025569 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.wolf.of.wall.street.2013.1080p.brrip.x264.ac3.jyk.torrent
  275. 2014-12-11 17:18 - 2014-12-11 17:18 - 00019667 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.1080p.brrip.x264.yify.torrent
  276. 2014-12-11 15:56 - 2014-12-11 15:56 - 00015137 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.720p.hdcam.x264.jyk.torrent
  277. 2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\Users\Matheus\Documents\My Cheat Tables
  278. 2014-12-11 08:48 - 2014-12-11 08:48 - 00645729 _____ (WDS Team) C:\Users\Matheus\Downloads\windirstat1_1_2_setup.exe
  279. 2014-12-11 08:48 - 2014-12-11 08:48 - 00001031 _____ () C:\Users\Matheus\Desktop\WinDirStat.lnk
  280. 2014-12-11 08:48 - 2014-12-11 08:48 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
  281. 2014-12-10 11:08 - 2014-12-10 11:08 - 00058315 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon.torrent
  282. 2014-12-09 17:06 - 2014-12-09 17:07 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\MKKE
  283. 2014-12-09 17:05 - 2014-12-09 17:05 - 00000000 ____D () C:\Users\Matheus\AppData\Local\SKIDROW
  284. 2014-12-09 16:35 - 2014-12-09 16:35 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Microsoft Games
  285. 2014-12-09 14:52 - 2014-12-09 14:52 - 00103473 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.premium.edition.update.1.2014.pc.repack.r.g.catalyst.torrent
  286. 2014-12-09 13:20 - 2014-12-09 13:20 - 00049645 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.steam.rip.multi6.rg.gameworks.torrent
  287. 2014-12-09 13:17 - 2014-12-09 13:17 - 00183494 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.flt.torrent
  288. 2014-12-09 10:35 - 2014-12-17 18:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Steam
  289. 2014-12-09 10:34 - 2014-12-09 10:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
  290. 2014-12-09 09:54 - 2014-12-09 09:54 - 00000000 ____D () C:\Program Files (x86)\predm
  291. 2014-12-09 09:51 - 2014-12-09 09:51 - 00000000 ____D () C:\Program Files (x86)\47ab82a9-a464-4206-8b1d-b16ca25a37dc
  292. 2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Users\Matheus\AppData\Local\globalUpdate
  293. 2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\d1760ecd-0578-4c50-a026-bfbe89143b20
  294. 2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\0dd50cd4-981a-45e7-b0aa-6429429b6a8d
  295. 2014-12-09 09:46 - 2014-12-10 09:47 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
  296. 2014-12-09 09:46 - 2014-12-09 09:46 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
  297. 2014-12-09 09:46 - 2014-12-09 09:46 - 00003580 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
  298. 2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Users\Matheus\AppData\Local\CrashRpt
  299. 2014-12-08 12:56 - 2014-12-11 14:05 - 00002373 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
  300. 2014-12-08 12:56 - 2014-12-08 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
  301. 2014-12-08 12:54 - 2015-01-02 10:59 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
  302. 2014-12-08 12:54 - 2015-01-02 08:40 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
  303. 2014-12-08 12:54 - 2014-12-08 12:56 - 00000000 ____D () C:\Program Files (x86)\Google
  304. 2014-12-08 12:54 - 2014-12-08 12:54 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
  305. 2014-12-08 12:54 - 2014-12-08 12:54 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
  306. 2014-12-08 10:59 - 2014-12-08 11:00 - 00000000 ____D () C:\ProgramData\Auslogics
  307. 2014-12-08 10:59 - 2014-12-08 10:59 - 00001236 _____ () C:\Users\Matheus\Desktop\Auslogics Registry Cleaner.lnk
  308. 2014-12-08 10:59 - 2014-12-08 10:59 - 00001169 _____ () C:\Users\Matheus\Desktop\Auslogics DiskDefrag.lnk
  309. 2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
  310. 2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\Program Files (x86)\Auslogics
  311. 2014-12-05 08:18 - 2014-12-05 08:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
  312. 2014-12-04 09:52 - 2014-11-06 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
  313. 2014-12-04 09:29 - 2014-12-08 10:38 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
  314. 2014-12-04 09:07 - 2014-12-17 18:22 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Anvsoft
  315. 2014-12-04 09:07 - 2014-12-04 09:07 - 00000000 ____D () C:\Users\Matheus\Documents\Any Video Converter
  316. 2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
  317. 2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
  318. 2014-12-04 08:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
  319. 2014-12-04 08:30 - 2014-12-04 08:30 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
  320. 2014-12-04 08:30 - 2014-12-04 08:30 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
  321. 2014-12-04 08:30 - 2014-12-04 08:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
  322. 2014-12-04 08:30 - 2014-12-04 08:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
  323. 2014-12-04 08:30 - 2014-12-04 08:30 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
  324. 2014-12-04 08:30 - 2014-12-04 08:30 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
  325. 2014-12-04 08:30 - 2014-12-04 08:30 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
  326. 2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
  327. 2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
  328. 2014-12-04 08:30 - 2014-12-04 08:30 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
  329. 2014-12-04 08:30 - 2014-12-04 08:30 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
  330. 2014-12-04 08:30 - 2014-12-04 08:30 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
  331. 2014-12-04 08:30 - 2014-12-04 08:30 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
  332. 2014-12-04 08:30 - 2014-12-04 08:30 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
  333. 2014-12-04 08:30 - 2014-12-04 08:30 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
  334. 2014-12-04 08:30 - 2014-12-04 08:30 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
  335. 2014-12-04 08:30 - 2014-12-04 08:30 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
  336. 2014-12-04 08:30 - 2014-12-04 08:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
  337. 2014-12-04 08:30 - 2014-12-04 08:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
  338. 2014-12-04 08:30 - 2014-12-04 08:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
  339. 2014-12-04 08:30 - 2014-12-04 08:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
  340. 2014-12-04 08:30 - 2014-12-04 08:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
  341. 2014-12-04 08:30 - 2014-12-04 08:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
  342. 2014-12-04 08:30 - 2014-12-04 08:30 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
  343. 2014-12-04 08:30 - 2014-12-04 08:30 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
  344. 2014-12-04 08:30 - 2014-12-04 08:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
  345. 2014-12-04 08:30 - 2014-12-04 08:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
  346. 2014-12-04 08:30 - 2014-12-04 08:30 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
  347. 2014-12-04 08:30 - 2014-12-04 08:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
  348. 2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
  349. 2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
  350. 2014-12-04 08:30 - 2014-12-04 08:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
  351. 2014-12-04 08:30 - 2014-12-04 08:30 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
  352. 2014-12-04 08:30 - 2014-12-04 08:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
  353. 2014-12-04 08:30 - 2014-12-04 08:30 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
  354. 2014-12-04 08:30 - 2014-12-04 08:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
  355. 2014-12-04 08:30 - 2014-12-04 08:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
  356. 2014-12-04 08:30 - 2014-12-04 08:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
  357. 2014-12-04 08:30 - 2014-12-04 08:30 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
  358. 2014-12-04 08:30 - 2014-12-04 08:30 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
  359. 2014-12-04 08:30 - 2014-12-04 08:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
  360. 2014-12-04 08:30 - 2014-12-04 08:30 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
  361. 2014-12-04 08:30 - 2014-12-04 08:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
  362. 2014-12-04 08:30 - 2014-12-04 08:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
  363. 2014-12-04 08:30 - 2014-12-04 08:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
  364. 2014-12-04 08:30 - 2014-12-04 08:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
  365. 2014-12-04 08:30 - 2014-12-04 08:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
  366. 2014-12-04 08:30 - 2014-12-04 08:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
  367. 2014-12-04 08:30 - 2014-12-04 08:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
  368. 2014-12-04 08:30 - 2014-12-04 08:30 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
  369. 2014-12-04 08:30 - 2014-12-04 08:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
  370. 2014-12-04 08:30 - 2014-12-04 08:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
  371. 2014-12-04 08:30 - 2014-12-04 08:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
  372. 2014-12-04 08:30 - 2014-12-04 08:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
  373. 2014-12-04 08:30 - 2014-12-04 08:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
  374. 2014-12-04 08:30 - 2014-12-04 08:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
  375. 2014-12-04 08:30 - 2014-12-04 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
  376. 2014-12-04 08:30 - 2014-12-04 08:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
  377. 2014-12-04 08:30 - 2014-12-04 08:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
  378. 2014-12-04 08:30 - 2014-12-04 08:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
  379. 2014-12-04 08:30 - 2014-12-04 08:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
  380. 2014-12-04 08:30 - 2014-12-04 08:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
  381. 2014-12-04 08:30 - 2014-12-04 08:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
  382. 2014-12-04 08:30 - 2014-12-04 08:30 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
  383. 2014-12-04 08:30 - 2014-12-04 08:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
  384. 2014-12-04 08:30 - 2014-12-04 08:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
  385. 2014-12-04 08:30 - 2014-12-04 08:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
  386. 2014-12-04 08:30 - 2014-12-04 08:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
  387. 2014-12-04 08:30 - 2014-12-04 08:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
  388. 2014-12-04 08:30 - 2014-12-04 08:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
  389. 2014-12-04 08:30 - 2014-12-04 08:30 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
  390. 2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
  391. 2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
  392. 2014-12-04 08:30 - 2014-12-04 08:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
  393. 2014-12-04 08:30 - 2014-12-04 08:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
  394. 2014-12-04 08:30 - 2014-12-04 08:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
  395. 2014-12-04 08:30 - 2014-12-04 08:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
  396. 2014-12-04 08:30 - 2014-12-04 08:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
  397. 2014-12-04 08:30 - 2014-12-04 08:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
  398. 2014-12-04 08:30 - 2014-12-04 08:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
  399. 2014-12-04 08:30 - 2014-12-04 08:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
  400. 2014-12-04 08:30 - 2014-12-04 08:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
  401. 2014-12-04 08:30 - 2014-12-04 08:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
  402. 2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
  403. 2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
  404. 2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
  405. 2014-12-04 08:30 - 2014-12-04 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
  406. 2014-12-04 08:30 - 2014-12-04 08:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
  407. 2014-12-04 08:30 - 2014-12-04 08:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
  408. 2014-12-04 08:30 - 2014-12-04 08:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
  409. 2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
  410. 2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
  411. 2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
  412. 2014-12-04 08:30 - 2014-12-04 08:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
  413. 2014-12-04 08:30 - 2014-12-04 08:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
  414. 2014-12-04 08:30 - 2014-12-04 08:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
  415. 2014-12-04 08:30 - 2014-12-04 08:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
  416. 2014-12-04 08:30 - 2014-12-04 08:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
  417. 2014-12-04 08:30 - 2014-12-04 08:30 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
  418. 2014-12-04 08:30 - 2014-12-04 08:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
  419. 2014-12-04 08:30 - 2014-12-04 08:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
  420. 2014-12-04 08:30 - 2014-12-04 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
  421. 2014-12-04 08:30 - 2014-12-04 08:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
  422. 2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
  423. 2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
  424. 2014-12-04 08:30 - 2014-12-04 08:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
  425. 2014-12-04 08:30 - 2014-12-04 08:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
  426. 2014-12-04 08:29 - 2014-12-04 08:29 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
  427. 2014-12-04 08:29 - 2014-12-04 08:29 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
  428. 2014-12-04 08:29 - 2014-12-04 08:29 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
  429. 2014-12-04 08:29 - 2014-12-04 08:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
  430. 2014-12-04 08:29 - 2014-12-04 08:29 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
  431. 2014-12-04 08:29 - 2014-12-04 08:29 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
  432. 2014-12-04 08:28 - 2014-12-04 08:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
  433. 2014-12-04 08:28 - 2014-12-04 08:28 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
  434. 2014-12-04 08:24 - 2014-12-04 08:24 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
  435. 2014-12-04 08:24 - 2014-12-04 08:24 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
  436. 2014-12-04 07:53 - 2012-03-01 04:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
  437. 2014-12-04 07:53 - 2012-03-01 04:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
  438. 2014-12-04 07:53 - 2012-03-01 03:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
  439. 2014-12-04 07:50 - 2014-06-30 20:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
  440. 2014-12-04 07:50 - 2014-06-30 20:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
  441. 2014-12-04 07:50 - 2014-06-06 04:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
  442. 2014-12-04 07:50 - 2014-06-06 04:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
  443. 2014-12-04 07:50 - 2014-03-09 19:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
  444. 2014-12-04 07:50 - 2014-03-09 19:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
  445. 2014-12-04 07:50 - 2014-03-09 19:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
  446. 2014-12-04 07:50 - 2014-03-09 19:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
  447. 2014-12-03 10:08 - 2011-04-09 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
  448. 2014-12-03 10:08 - 2011-04-09 03:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
  449. 2014-12-03 09:52 - 2014-10-14 00:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
  450. 2014-12-03 09:52 - 2014-10-14 00:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
  451. 2014-12-03 09:52 - 2014-10-14 00:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
  452. 2014-12-03 09:52 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
  453. 2014-12-03 09:52 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
  454. 2014-12-03 09:52 - 2014-04-25 00:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
  455. 2014-12-03 09:52 - 2014-04-25 00:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
  456. 2014-12-03 09:52 - 2014-03-25 00:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
  457. 2014-12-03 09:52 - 2014-03-25 00:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
  458. 2014-12-03 09:52 - 2013-10-19 00:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
  459. 2014-12-03 09:52 - 2013-10-18 23:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
  460. 2014-12-03 09:52 - 2013-07-09 03:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
  461. 2014-12-03 09:52 - 2013-07-09 02:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
  462. 2014-12-03 09:52 - 2013-07-04 10:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
  463. 2014-12-03 09:52 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
  464. 2014-12-03 09:52 - 2011-10-26 03:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
  465. 2014-12-03 09:52 - 2011-10-26 03:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
  466. 2014-12-03 09:52 - 2011-10-26 02:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
  467. 2014-12-03 09:52 - 2011-10-26 02:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
  468. 2014-12-03 09:52 - 2011-06-15 08:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
  469. 2014-12-03 09:52 - 2011-06-15 08:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
  470. 2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
  471. 2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
  472. 2014-12-03 09:52 - 2011-06-15 06:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
  473. 2014-12-03 09:52 - 2011-06-15 06:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
  474. 2014-12-03 09:52 - 2011-06-15 06:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
  475. 2014-12-03 09:52 - 2011-06-15 06:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
  476. 2014-12-03 09:52 - 2011-06-15 06:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
  477. 2014-12-03 09:52 - 2010-12-23 08:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
  478. 2014-12-03 09:52 - 2010-12-23 08:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
  479. 2014-12-03 09:52 - 2010-12-23 08:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
  480. 2014-12-03 09:52 - 2010-12-23 03:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
  481. 2014-12-03 09:52 - 2010-12-23 03:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
  482. 2014-12-03 09:52 - 2010-12-23 03:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
  483. 2014-12-03 09:51 - 2014-06-18 20:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
  484. 2014-12-03 09:51 - 2014-06-18 20:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
  485. 2014-12-03 09:51 - 2014-06-18 20:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
  486. 2014-12-03 09:51 - 2014-06-18 20:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
  487. 2014-12-03 09:51 - 2014-06-18 20:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
  488. 2014-12-03 09:51 - 2014-06-18 20:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
  489. 2014-12-03 09:51 - 2014-04-05 00:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
  490. 2014-12-03 09:51 - 2014-04-05 00:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
  491. 2014-12-03 09:51 - 2014-01-29 00:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
  492. 2014-12-03 09:51 - 2014-01-29 00:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
  493. 2014-12-03 09:51 - 2013-11-26 09:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
  494. 2014-12-03 09:51 - 2013-10-05 18:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
  495. 2014-12-03 09:51 - 2013-10-05 17:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
  496. 2014-12-03 09:51 - 2013-07-09 03:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
  497. 2014-12-03 09:51 - 2013-07-09 03:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
  498. 2014-12-03 09:51 - 2013-07-09 02:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
  499. 2014-12-03 09:51 - 2013-07-09 02:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
  500. 2014-12-03 09:51 - 2013-04-12 12:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
  501. 2014-12-03 09:51 - 2011-11-17 04:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
  502. 2014-12-03 09:51 - 2011-11-17 03:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
  503. 2014-12-03 09:51 - 2011-07-09 00:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
  504. 2014-12-03 09:51 - 2011-04-27 00:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
  505. 2014-12-03 09:51 - 2011-04-27 00:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
  506. 2014-12-03 09:50 - 2014-08-21 04:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
  507. 2014-12-03 09:50 - 2014-08-21 04:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
  508. 2014-12-03 09:50 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
  509. 2014-12-03 09:50 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
  510. 2014-12-03 09:50 - 2014-07-16 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
  511. 2014-12-03 09:50 - 2014-07-16 00:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
  512. 2014-12-03 09:50 - 2014-06-18 00:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
  513. 2014-12-03 09:50 - 2014-06-17 23:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
  514. 2014-12-03 09:50 - 2014-06-06 08:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
  515. 2014-12-03 09:50 - 2014-06-06 07:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
  516. 2014-12-03 09:50 - 2014-06-03 08:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
  517. 2014-12-03 09:50 - 2014-06-03 08:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
  518. 2014-12-03 09:50 - 2014-06-03 08:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
  519. 2014-12-03 09:50 - 2014-06-03 08:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
  520. 2014-12-03 09:50 - 2014-06-03 07:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
  521. 2014-12-03 09:50 - 2014-06-03 07:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
  522. 2014-12-03 09:50 - 2014-06-03 07:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
  523. 2014-12-03 09:50 - 2014-05-30 04:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
  524. 2014-12-03 09:50 - 2014-03-26 12:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
  525. 2014-12-03 09:50 - 2014-03-26 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
  526. 2014-12-03 09:50 - 2014-03-26 12:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
  527. 2014-12-03 09:50 - 2014-03-26 12:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
  528. 2014-12-03 09:50 - 2014-03-04 07:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
  529. 2014-12-03 09:50 - 2014-03-04 07:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
  530. 2014-12-03 09:50 - 2014-03-04 07:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
  531. 2014-12-03 09:50 - 2014-03-04 07:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
  532. 2014-12-03 09:50 - 2014-03-04 07:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
  533. 2014-12-03 09:50 - 2014-03-04 07:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
  534. 2014-12-03 09:50 - 2014-03-04 07:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
  535. 2014-12-03 09:50 - 2014-03-04 07:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
  536. 2014-12-03 09:50 - 2014-03-04 07:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
  537. 2014-12-03 09:50 - 2014-03-04 07:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
  538. 2014-12-03 09:50 - 2014-03-04 07:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
  539. 2014-12-03 09:50 - 2014-03-04 07:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
  540. 2014-12-03 09:50 - 2014-03-04 07:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
  541. 2014-12-03 09:50 - 2014-03-04 07:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
  542. 2014-12-03 09:50 - 2014-03-04 07:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
  543. 2014-12-03 09:50 - 2014-03-04 07:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
  544. 2014-12-03 09:50 - 2014-03-04 07:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
  545. 2014-12-03 09:50 - 2014-03-04 07:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
  546. 2014-12-03 09:50 - 2014-03-04 07:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
  547. 2014-12-03 09:50 - 2013-11-26 23:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
  548. 2014-12-03 09:50 - 2013-11-26 23:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
  549. 2014-12-03 09:50 - 2013-11-26 23:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
  550. 2014-12-03 09:50 - 2013-11-26 23:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
  551. 2014-12-03 09:50 - 2013-11-26 23:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
  552. 2014-12-03 09:50 - 2013-10-04 00:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
  553. 2014-12-03 09:50 - 2013-10-03 23:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
  554. 2014-12-03 09:50 - 2013-08-02 00:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
  555. 2014-12-03 09:50 - 2013-08-02 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
  556. 2014-12-03 09:50 - 2013-08-01 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
  557. 2014-12-03 09:50 - 2013-08-01 22:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
  558. 2014-12-03 09:50 - 2013-07-25 07:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
  559. 2014-12-03 09:50 - 2013-07-25 06:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
  560. 2014-12-03 09:50 - 2013-07-12 08:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
  561. 2014-12-03 09:50 - 2013-07-12 08:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
  562. 2014-12-03 09:50 - 2013-07-03 02:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
  563. 2014-12-03 09:50 - 2013-07-03 02:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
  564. 2014-12-03 09:50 - 2013-06-25 20:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
  565. 2014-12-03 09:50 - 2013-06-06 03:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
  566. 2014-12-03 09:50 - 2013-06-06 03:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
  567. 2014-12-03 09:50 - 2013-06-06 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
  568. 2014-12-03 09:50 - 2013-06-06 03:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
  569. 2014-12-03 09:50 - 2013-06-06 02:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
  570. 2014-12-03 09:50 - 2013-06-06 02:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
  571. 2014-12-03 09:50 - 2013-06-06 02:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
  572. 2014-12-03 09:50 - 2013-06-06 01:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
  573. 2014-12-03 09:50 - 2013-06-06 01:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
  574. 2014-12-03 09:50 - 2013-06-06 01:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
  575. 2014-12-03 09:50 - 2013-02-27 03:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
  576. 2014-12-03 09:50 - 2013-02-12 02:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
  577. 2014-12-03 09:50 - 2012-11-28 20:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
  578. 2014-12-03 09:50 - 2012-11-28 20:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
  579. 2014-12-03 09:50 - 2012-11-28 20:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
  580. 2014-12-03 09:50 - 2012-11-02 03:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
  581. 2014-12-03 09:50 - 2012-11-02 03:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
  582. 2014-12-03 09:50 - 2011-03-11 04:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
  583. 2014-12-03 09:50 - 2011-03-11 04:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
  584. 2014-12-03 09:50 - 2011-03-11 03:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
  585. 2014-12-03 09:50 - 2011-03-11 03:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
  586. 2014-12-03 09:50 - 2011-03-03 04:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
  587. 2014-12-03 09:50 - 2011-03-03 04:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
  588. 2014-12-03 09:50 - 2011-03-03 04:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
  589. 2014-12-03 09:50 - 2011-03-03 03:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
  590. 2014-12-03 09:50 - 2011-03-03 03:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
  591. 2014-12-03 09:49 - 2013-12-24 21:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
  592. 2014-12-03 09:49 - 2013-12-24 20:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
  593. 2014-12-03 09:49 - 2013-11-26 06:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
  594. 2014-12-03 09:49 - 2013-11-22 20:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
  595. 2014-12-03 09:48 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
  596. 2014-12-03 09:48 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
  597. 2014-12-03 09:48 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
  598. 2014-12-03 09:48 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
  599. 2014-12-03 09:48 - 2014-10-14 00:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
  600. 2014-12-03 09:48 - 2014-10-14 00:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
  601. 2014-12-03 09:48 - 2014-10-13 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
  602. 2014-12-03 09:48 - 2014-10-13 23:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
  603. 2014-12-03 09:48 - 2014-10-03 00:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
  604. 2014-12-03 09:48 - 2014-10-03 00:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
  605. 2014-12-03 09:48 - 2014-10-03 00:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
  606. 2014-12-03 09:48 - 2014-10-03 00:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
  607. 2014-12-03 09:48 - 2014-10-03 00:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
  608. 2014-12-03 09:48 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
  609. 2014-12-03 09:48 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
  610. 2014-12-03 09:48 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
  611. 2014-12-03 09:48 - 2014-09-04 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
  612. 2014-12-03 09:48 - 2014-09-04 03:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
  613. 2014-12-03 09:48 - 2014-08-12 00:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
  614. 2014-12-03 09:48 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
  615. 2014-12-03 09:48 - 2014-06-16 00:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
  616. 2014-12-03 09:48 - 2014-04-12 00:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
  617. 2014-12-03 09:48 - 2014-04-12 00:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
  618. 2014-12-03 09:48 - 2014-04-12 00:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
  619. 2014-12-03 09:48 - 2014-04-12 00:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
  620. 2014-12-03 09:48 - 2014-04-12 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
  621. 2014-12-03 09:48 - 2013-07-26 00:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
  622. 2014-12-03 09:48 - 2013-07-25 23:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
  623. 2014-12-03 09:48 - 2013-04-26 03:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
  624. 2014-12-03 09:48 - 2013-04-26 02:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
  625. 2014-12-03 09:48 - 2013-04-10 04:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
  626. 2014-12-03 09:48 - 2012-11-23 01:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
  627. 2014-12-03 09:48 - 2012-09-25 20:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
  628. 2014-12-03 09:48 - 2012-09-25 20:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
  629. 2014-12-03 09:48 - 2012-03-17 05:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
  630. 2014-12-03 09:48 - 2011-08-17 03:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
  631. 2014-12-03 09:48 - 2011-08-17 03:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
  632. 2014-12-03 09:48 - 2011-08-17 02:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
  633. 2014-12-03 09:48 - 2011-08-17 02:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
  634. 2014-12-03 09:48 - 2011-05-24 09:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
  635. 2014-12-03 09:48 - 2011-05-24 08:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
  636. 2014-12-03 09:48 - 2011-05-24 08:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
  637. 2014-12-03 09:48 - 2011-05-24 08:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
  638. 2014-12-03 09:48 - 2011-05-24 08:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
  639. 2014-12-03 09:48 - 2011-04-29 01:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
  640. 2014-12-03 09:48 - 2011-04-29 01:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
  641. 2014-12-03 09:48 - 2011-04-29 01:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
  642. 2014-12-03 09:48 - 2011-02-05 15:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
  643. 2014-12-03 09:48 - 2011-02-05 15:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
  644. 2014-12-03 09:48 - 2011-02-05 15:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
  645. 2014-12-03 09:48 - 2011-02-05 15:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
  646. 2014-12-03 09:48 - 2011-02-05 15:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
  647. 2014-12-03 09:48 - 2011-02-05 15:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
  648. 2014-12-03 09:48 - 2011-02-05 15:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
  649. 2014-12-03 09:48 - 2011-02-03 09:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
  650. 2014-12-03 09:46 - 2014-10-24 23:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
  651. 2014-12-03 09:46 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
  652. 2014-12-03 09:46 - 2014-09-19 07:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
  653. 2014-12-03 09:46 - 2014-09-19 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
  654. 2014-12-03 09:46 - 2014-09-19 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
  655. 2014-12-03 09:46 - 2014-09-19 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
  656. 2014-12-03 09:46 - 2014-09-19 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
  657. 2014-12-03 09:46 - 2014-09-19 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
  658. 2014-12-03 09:46 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
  659. 2014-12-03 09:46 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
  660. 2014-12-03 09:46 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
  661. 2014-12-03 09:46 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
  662. 2014-12-03 09:46 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
  663. 2014-12-03 09:46 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
  664. 2014-12-03 09:46 - 2014-07-17 00:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
  665. 2014-12-03 09:46 - 2014-07-17 00:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
  666. 2014-12-03 09:46 - 2014-07-17 00:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
  667. 2014-12-03 09:46 - 2014-07-17 00:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
  668. 2014-12-03 09:46 - 2014-07-17 00:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
  669. 2014-12-03 09:46 - 2014-07-17 00:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
  670. 2014-12-03 09:46 - 2014-07-16 23:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
  671. 2014-12-03 09:46 - 2014-07-16 23:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
  672. 2014-12-03 09:46 - 2014-07-16 23:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
  673. 2014-12-03 09:46 - 2014-07-16 23:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
  674. 2014-12-03 09:46 - 2014-07-16 23:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
  675. 2014-12-03 09:46 - 2014-07-16 23:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
  676. 2014-12-03 09:46 - 2013-07-20 08:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
  677. 2014-12-03 09:46 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
  678. 2014-12-03 09:46 - 2013-02-15 04:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
  679. 2014-12-03 09:46 - 2013-02-15 04:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
  680. 2014-12-03 09:46 - 2013-02-15 01:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
  681. 2014-12-03 09:46 - 2012-04-26 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
  682. 2014-12-03 09:46 - 2012-04-26 03:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
  683. 2014-12-03 09:45 - 2014-10-18 00:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
  684. 2014-12-03 09:45 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
  685. 2014-12-03 09:45 - 2014-10-09 22:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
  686. 2014-12-03 09:45 - 2014-08-23 00:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
  687. 2014-12-03 09:45 - 2014-08-22 23:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
  688. 2014-12-03 09:45 - 2014-03-04 07:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
  689. 2014-12-03 09:45 - 2014-03-04 07:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
  690. 2014-12-03 09:45 - 2014-03-04 07:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
  691. 2014-12-03 09:45 - 2014-03-04 07:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
  692. 2014-12-03 09:45 - 2014-03-04 07:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
  693. 2014-12-03 09:45 - 2014-03-04 07:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
  694. 2014-12-03 09:45 - 2014-03-04 07:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
  695. 2014-12-03 09:45 - 2014-03-04 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
  696. 2014-12-03 09:45 - 2014-03-04 07:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
  697. 2014-12-03 09:45 - 2014-03-04 06:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
  698. 2014-12-03 09:45 - 2014-03-04 06:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
  699. 2014-12-03 09:45 - 2013-10-12 00:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
  700. 2014-12-03 09:45 - 2013-10-12 00:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
  701. 2014-12-03 09:45 - 2013-10-12 00:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
  702. 2014-12-03 09:45 - 2013-10-12 00:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
  703. 2014-12-03 09:45 - 2013-10-11 23:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
  704. 2014-12-03 09:45 - 2013-10-11 23:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
  705. 2014-12-03 09:45 - 2013-10-11 23:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
  706. 2014-12-03 09:45 - 2013-10-11 23:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
  707. 2014-12-03 09:45 - 2013-08-02 00:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
  708. 2014-12-03 09:45 - 2013-08-02 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
  709. 2014-12-03 09:45 - 2013-08-02 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
  710. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
  711. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
  712. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
  713. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
  714. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
  715. 2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
  716. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
  717. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
  718. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
  719. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
  720. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
  721. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
  722. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
  723. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
  724. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
  725. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
  726. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
  727. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
  728. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
  729. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
  730. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
  731. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
  732. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
  733. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
  734. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
  735. 2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
  736. 2014-12-03 09:45 - 2013-08-01 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
  737. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
  738. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
  739. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
  740. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
  741. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
  742. 2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
  743. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
  744. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
  745. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
  746. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
  747. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
  748. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
  749. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
  750. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
  751. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
  752. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
  753. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
  754. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
  755. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
  756. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
  757. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
  758. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
  759. 2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
  760. 2014-12-03 09:45 - 2013-08-01 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
  761. 2014-12-03 09:45 - 2013-08-01 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
  762. 2014-12-03 09:45 - 2013-08-01 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
  763. 2014-12-03 09:45 - 2013-08-01 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
  764. 2014-12-03 09:45 - 2013-08-01 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
  765. 2014-12-03 09:45 - 2013-07-04 10:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
  766. 2014-12-03 09:45 - 2013-05-13 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
  767. 2014-12-03 09:45 - 2013-05-13 01:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
  768. 2014-12-03 09:45 - 2013-05-13 01:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
  769. 2014-12-03 09:45 - 2013-05-13 01:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
  770. 2014-12-03 09:45 - 2013-04-09 21:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
  771. 2014-12-03 09:45 - 2013-04-02 20:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
  772. 2014-12-03 09:45 - 2012-07-04 20:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
  773. 2014-12-03 09:45 - 2012-07-04 20:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
  774. 2014-12-03 09:45 - 2012-07-04 20:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
  775. 2014-12-03 09:45 - 2012-07-04 19:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
  776. 2014-12-03 09:45 - 2012-07-04 19:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
  777. 2014-12-03 09:45 - 2012-05-14 03:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
  778. 2014-12-03 09:45 - 2011-12-16 06:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
  779. 2014-12-03 09:45 - 2011-12-16 05:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
  780. 2014-12-03 09:45 - 2011-10-15 04:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
  781. 2014-12-03 09:45 - 2011-10-15 03:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
  782. 2014-12-03 09:45 - 2011-08-27 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
  783. 2014-12-03 09:45 - 2011-08-27 02:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
  784. 2014-12-03 09:45 - 2011-05-03 03:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
  785. 2014-12-03 09:45 - 2011-05-03 02:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
  786. 2014-12-03 09:45 - 2011-02-23 02:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
  787. 2014-12-03 09:45 - 2011-02-12 09:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
  788. 2014-12-03 09:44 - 2014-07-14 00:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
  789. 2014-12-03 09:44 - 2014-07-13 23:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
  790. 2014-12-03 09:44 - 2013-10-12 00:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
  791. 2014-12-03 09:44 - 2013-10-12 00:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
  792. 2014-12-03 09:44 - 2013-10-12 00:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
  793. 2014-12-03 09:44 - 2013-10-12 00:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
  794. 2014-12-03 09:44 - 2013-10-12 00:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
  795. 2014-12-03 09:44 - 2012-06-06 04:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
  796. 2014-12-03 09:44 - 2012-06-06 03:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
  797. 2014-12-03 09:28 - 2012-02-17 04:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
  798. 2014-12-03 09:28 - 2012-02-17 03:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
  799. 2014-12-03 09:28 - 2012-02-17 02:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
  800. 2014-12-03 09:20 - 2014-05-14 14:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
  801. 2014-12-03 09:20 - 2014-05-14 14:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
  802. 2014-12-03 09:20 - 2014-05-14 14:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
  803. 2014-12-03 09:20 - 2014-05-14 14:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
  804. 2014-12-03 09:20 - 2014-05-14 14:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
  805. 2014-12-03 09:20 - 2014-05-14 14:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
  806. 2014-12-03 09:20 - 2014-05-14 14:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
  807. 2014-12-03 09:20 - 2014-05-14 14:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
  808. 2014-12-03 09:20 - 2014-05-14 14:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
  809. 2014-12-03 09:20 - 2014-05-14 14:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
  810. 2014-12-03 09:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
  811. 2014-12-03 09:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
  812. 2014-12-03 09:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
  813. 2014-12-03 09:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
  814.  
  815. ==================== One Month Modified Files and Folders =======
  816.  
  817. (If an entry is included in the fixlist, the file\folder will be moved.)
  818.  
  819. 2015-01-02 10:28 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
  820. 2015-01-02 10:28 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
  821. 2015-01-02 09:47 - 2014-10-23 12:56 - 01492911 _____ () C:\Windows\WindowsUpdate.log
  822. 2015-01-02 09:14 - 2014-11-30 11:13 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\ActivePresenter
  823. 2014-12-31 18:28 - 2014-10-23 14:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\uTorrent
  824. 2014-12-31 16:53 - 2014-10-23 14:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\vlc
  825. 2014-12-23 21:21 - 2009-07-14 03:13 - 00782462 _____ () C:\Windows\system32\PerfStringBackup.INI
  826. 2014-12-23 21:15 - 2014-10-23 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
  827. 2014-12-23 21:15 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
  828. 2014-12-23 21:15 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
  829. 2014-12-23 21:09 - 2009-07-14 01:20 - 00000000 __RHD () C:\Users\Default
  830. 2014-12-22 11:55 - 2014-10-23 12:54 - 00000000 ____D () C:\Users\Matheus
  831. 2014-12-17 00:49 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PLA
  832. 2014-12-16 23:27 - 2014-10-23 15:18 - 00000000 ____D () C:\Users\Matheus\Desktop\TJ
  833. 2014-12-16 18:50 - 2014-11-28 11:45 - 00000000 ____D () C:\Program Files\CamStudio 2.7
  834. 2014-12-16 15:26 - 2014-10-23 13:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
  835. 2014-12-16 10:33 - 2009-07-14 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
  836. 2014-12-12 22:12 - 2014-10-23 13:37 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
  837. 2014-12-12 22:12 - 2014-10-23 13:37 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
  838. 2014-12-12 22:12 - 2014-10-23 13:37 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
  839. 2014-12-12 22:12 - 2014-10-23 13:37 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
  840. 2014-12-11 08:45 - 2014-10-23 18:52 - 00000000 ____D () C:\Windows\Panther
  841. 2014-12-10 15:56 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
  842. 2014-12-10 10:30 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\System
  843. 2014-12-10 09:51 - 2014-10-23 12:54 - 00001605 _____ () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
  844. 2014-12-10 09:51 - 2009-07-14 03:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
  845. 2014-12-10 09:47 - 2009-07-14 02:45 - 00284296 _____ () C:\Windows\system32\FNTCACHE.DAT
  846. 2014-12-10 09:46 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
  847. 2014-12-10 09:45 - 2010-11-21 05:16 - 00000000 ____D () C:\Program Files\Windows Journal
  848. 2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files\Windows Defender
  849. 2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
  850. 2014-12-09 14:46 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\Matheus\Desktop\bkp
  851. 2014-12-08 12:56 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Google
  852. 2014-12-08 12:54 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Deployment
  853. 2014-12-08 10:58 - 2014-11-28 20:14 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Audacity
  854. 2014-12-06 21:28 - 2014-10-23 13:04 - 00062976 _____ () C:\Users\Matheus\AppData\Local\GDIPFONTCACHEV1.DAT
  855. 2014-12-05 08:21 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
  856. 2014-12-04 09:16 - 2014-11-29 15:37 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Windows Live
  857. 2014-12-04 08:41 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
  858.  
  859. Some content of TEMP:
  860. ====================
  861. C:\Users\Matheus\AppData\Local\Temp\avgnt.exe
  862. C:\Users\Matheus\AppData\Local\Temp\Foxit Reader Updater.exe
  863.  
  864.  
  865. ==================== Bamital & volsnap Check =================
  866.  
  867. (There is no automatic fix for files that do not pass verification.)
  868.  
  869. C:\Windows\System32\winlogon.exe => File is digitally signed
  870. C:\Windows\System32\wininit.exe => File is digitally signed
  871. C:\Windows\SysWOW64\wininit.exe => File is digitally signed
  872. C:\Windows\explorer.exe => File is digitally signed
  873. C:\Windows\SysWOW64\explorer.exe => File is digitally signed
  874. C:\Windows\System32\svchost.exe => File is digitally signed
  875. C:\Windows\SysWOW64\svchost.exe => File is digitally signed
  876. C:\Windows\System32\services.exe => File is digitally signed
  877. C:\Windows\System32\User32.dll => File is digitally signed
  878. C:\Windows\SysWOW64\User32.dll => File is digitally signed
  879. C:\Windows\System32\userinit.exe => File is digitally signed
  880. C:\Windows\SysWOW64\userinit.exe => File is digitally signed
  881. C:\Windows\System32\rpcss.dll => File is digitally signed
  882. C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
  883.  
  884.  
  885. LastRegBack: 2014-12-26 14:58
  886.  
  887. ==================== End Of Log ============================

Edited by pianomath, 03 January 2015 - 05:34 AM.


#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 03 January 2015 - 04:44 AM

Please split it up in more posts ...

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 03 January 2015 - 05:35 AM

  1. Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
  2. Ran by Matheus at 2015-01-02 11:16:40
  3. Running from C:\Users\Matheus\Desktop
  4. Boot Mode: Normal
  5. ==========================================================
  6.  
  7.  
  8. ==================== Security Center ========================
  9.  
  10. (If an entry is included in the fixlist, it will be removed.)
  11.  
  12. AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
  13. AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
  14. AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
  15.  
  16. ==================== Installed Programs ======================
  17.  
  18. (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
  19.  
  20. µTorrent (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
  21. ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.3 - Atomi Systems, Inc.)
  22. Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
  23. Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
  24. Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
  25. Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
  26. Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
  27. Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
  28. Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2600 - Broadcom Corporation)
  29. CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
  30. CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
  31. D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
  32. Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
  33. Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
  34. Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
  35. Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
  36. HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
  37. Intel PROSet Wireless (x32 Version:  - ) Hidden
  38. Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
  39. Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
  40. Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
  41. LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
  42. LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
  43. Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
  44. Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
  45. Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
  46. Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
  47. Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
  48. Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
  49. Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
  50. Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
  51. Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
  52. NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
  53. NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
  54. NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
  55. NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
  56. NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
  57. Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
  58. Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
  59. Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
  60. Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
  61. Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
  62. Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
  63. SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
  64. SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
  65. Software Intel® PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
  66. Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
  67. System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
  68. Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
  69. VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
  70. VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
  71. Warface (HKLM-x32\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.254.035 - Level Up! Games)
  72. WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2600 - Broadcom Corporation)
  73. WinDirStat 1.1.2 (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\WinDirStat) (Version:  - )
  74. Windows Driver Package - Realtek (RTL8167) Net  (04/21/2011 7.044.0421.2011) (HKLM\...\BF3DF29FDD6B622C311A7DE6464AA9B597D791A1) (Version: 04/21/2011 7.044.0421.2011 - Realtek)
  75. Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM\...\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
  76. Windows Driver Package - Ricoh Company SD Host Controller (12/17/2010 6.13.10.26) (HKLM\...\43201741444A6BB04A6B0FB2901BDBB2E890B61C) (Version: 12/17/2010 6.13.10.26 - Ricoh Company)
  77. Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
  78. Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
  79. WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
  80.  
  81. ==================== Custom CLSID (selected items): ==========================
  82.  
  83. (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
  84.  
  85. CustomCLSID: HKU\S-1-5-21-178241157-3166524979-4280168215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matheus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
  86.  
  87. ==================== Restore Points  =========================
  88.  
  89.  
  90. ==================== Hosts content: ==========================
  91.  
  92. (If needed Hosts: directive could be included in the fixlist to reset Hosts.)
  93.  
  94. 2009-07-14 00:34 - 2014-12-23 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
  95. 127.0.0.1       localhost
  96.  
  97. ==================== Scheduled Tasks (whitelisted) =============
  98.  
  99. (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
  100.  
  101. Task: {13E81C99-E673-4E8E-A412-5E8867DAEE2B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
  102. Task: {1A357285-BE0A-4C77-A69E-143661F6C138} - \SPDriver No Task File <==== ATTENTION
  103. Task: {37399520-8644-44A9-9CCB-4A79386650A2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
  104. Task: {5B1B0E6A-D8CD-4606-B52C-B227930F210D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
  105. Task: {6CB7D5C3-10AB-4836-91D0-B0914ADDA3E6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
  106. Task: {6D7BB8E3-F85B-4B26-817C-0038B6F94EF4} - \ShopperPro No Task File <==== ATTENTION
  107. Task: {7AF9DF76-440D-46B6-A369-355F6F43BB47} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
  108. Task: {AEDC3847-3E0F-4635-B022-6F4BB070A5C4} - \SMupdate1 No Task File <==== ATTENTION
  109. Task: {AFDEC112-CA44-4100-9EAA-CA2A8C282A2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
  110. Task: {B4A8D1AE-0F26-4985-9172-3B5BFBA9B40B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
  111. Task: {EE5FBB41-1DE6-4953-90DC-161ECE47BAF9} - \SPBIW_UpdateTask_Time_323536333932393437382d5755326c785a5a5737414534 No Task File <==== ATTENTION
  112. Task: {F2A4EF5C-F30D-4FCA-B359-76B5F0CD284A} - \ShopperProJSUpd No Task File <==== ATTENTION
  113. Task: {FF9BE4E7-0B6B-4E9D-A8A9-8BFAB65890F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
  114. Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  115. Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  116.  
  117. ==================== Loaded Modules (whitelisted) =============
  118.  
  119. 2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
  120. 2014-10-23 14:06 - 2014-10-30 00:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
  121. 2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
  122. 2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
  123. 2014-10-23 14:20 - 2013-05-24 15:12 - 33846336 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
  124. 2014-12-10 09:57 - 2014-12-10 09:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
  125. 2014-10-23 13:16 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
  126. 2014-12-11 14:05 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
  127. 2014-12-11 14:05 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
  128. 2014-12-11 14:05 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
  129. 2014-12-11 14:05 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
  130. 2014-11-30 11:12 - 2014-07-21 14:48 - 00435200 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxcurlu.dll
  131. 2014-11-30 11:12 - 2014-07-21 14:28 - 00229888 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\webconnect.dll
  132. 2014-11-30 11:12 - 2014-06-27 15:25 - 11341838 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avcodec-54.dll
  133. 2014-11-30 11:12 - 2014-06-27 15:25 - 00210958 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avutil-52.dll
  134. 2014-11-30 11:12 - 2014-06-27 15:25 - 00024590 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avdevice-54.dll
  135. 2014-11-30 11:12 - 2014-06-27 12:32 - 00432654 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avfilter-3.dll
  136. 2014-11-30 11:12 - 2014-06-27 15:25 - 01566222 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avformat-54.dll
  137. 2014-11-30 11:12 - 2014-06-27 15:25 - 00098318 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swresample-0.dll
  138. 2014-11-30 11:12 - 2014-06-27 15:25 - 00357902 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swscale-2.dll
  139. 2014-11-30 11:12 - 2014-06-27 12:32 - 00745472 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\libming.dll
  140. 2014-11-30 11:12 - 2014-11-24 11:41 - 00116736 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\rltext2speech.dll
  141. 2014-11-30 11:12 - 2014-06-27 15:25 - 00098816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\portaudio.dll
  142. 2014-11-30 11:12 - 2014-07-21 15:00 - 02082816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxpdfdoc.dll
  143. 2014-11-30 11:12 - 2014-06-27 15:25 - 00847440 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\xulrunner\js3250.dll
  144. 2014-10-23 14:20 - 2013-04-12 18:14 - 00557056 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi
  145. 2014-10-23 14:20 - 2013-03-29 16:00 - 01791488 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Speech.fpi
  146.  
  147. ==================== Alternate Data Streams (whitelisted) =========
  148.  
  149. (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
  150.  
  151.  
  152. ==================== Safe Mode (whitelisted) ===================
  153.  
  154. (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
  155.  
  156.  
  157. ==================== EXE Association (whitelisted) =============
  158.  
  159. (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
  160.  
  161.  
  162. ==================== MSCONFIG/TASK MANAGER disabled items =========
  163.  
  164. (Currently there is no automatic fix for this section.)
  165.  
  166. MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
  167. MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
  168. MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
  169.  
  170. ========================= Accounts: ==========================
  171.  
  172. Administrator (S-1-5-21-178241157-3166524979-4280168215-500 - Administrator - Disabled)
  173. Guest (S-1-5-21-178241157-3166524979-4280168215-501 - Limited - Disabled)
  174. HomeGroupUser$ (S-1-5-21-178241157-3166524979-4280168215-1002 - Limited - Enabled)
  175. Matheus (S-1-5-21-178241157-3166524979-4280168215-1000 - Administrator - Enabled) => C:\Users\Matheus
  176.  
  177. ==================== Faulty Device Manager Devices =============
  178.  
  179. Name:
  180. Description:
  181. Class Guid:
  182. Manufacturer:
  183. Service:
  184. Problem: : The drivers for this device are not installed. (Code 28)
  185. Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  186.  
  187. Name:
  188. Description:
  189. Class Guid:
  190. Manufacturer:
  191. Service:
  192. Problem: : The drivers for this device are not installed. (Code 28)
  193. Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
  194.  
  195.  
  196. ==================== Event log errors: =========================
  197.  
  198. Application errors:
  199. ==================
  200. Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
  201. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  202. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  203. Exception code: 0xc0000005
  204. Fault offset: 0x00000000000506dd
  205. Faulting process id: 0x684
  206. Faulting application start time: 0xAUDIODG.EXE0
  207. Faulting application path: AUDIODG.EXE1
  208. Faulting module path: AUDIODG.EXE2
  209. Report Id: AUDIODG.EXE3
  210.  
  211. Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
  212. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  213. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  214. Exception code: 0xc0000005
  215. Fault offset: 0x000000000010207b
  216. Faulting process id: 0x18b4
  217. Faulting application start time: 0xAUDIODG.EXE0
  218. Faulting application path: AUDIODG.EXE1
  219. Faulting module path: AUDIODG.EXE2
  220. Report Id: AUDIODG.EXE3
  221.  
  222. Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
  223. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  224. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  225. Exception code: 0xc0000005
  226. Fault offset: 0x000000000010207b
  227. Faulting process id: 0x15b0
  228. Faulting application start time: 0xAUDIODG.EXE0
  229. Faulting application path: AUDIODG.EXE1
  230. Faulting module path: AUDIODG.EXE2
  231. Report Id: AUDIODG.EXE3
  232.  
  233. Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
  234. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  235. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  236. Exception code: 0xc0000005
  237. Fault offset: 0x000000000010207b
  238. Faulting process id: 0x21e0
  239. Faulting application start time: 0xAUDIODG.EXE0
  240. Faulting application path: AUDIODG.EXE1
  241. Faulting module path: AUDIODG.EXE2
  242. Report Id: AUDIODG.EXE3
  243.  
  244. Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
  245. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  246. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  247. Exception code: 0xc0000005
  248. Fault offset: 0x00000000000506dd
  249. Faulting process id: 0x2270
  250. Faulting application start time: 0xAUDIODG.EXE0
  251. Faulting application path: AUDIODG.EXE1
  252. Faulting module path: AUDIODG.EXE2
  253. Report Id: AUDIODG.EXE3
  254.  
  255. Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
  256. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  257. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  258. Exception code: 0xc0000005
  259. Fault offset: 0x00000000000506dd
  260. Faulting process id: 0x113c
  261. Faulting application start time: 0xAUDIODG.EXE0
  262. Faulting application path: AUDIODG.EXE1
  263. Faulting module path: AUDIODG.EXE2
  264. Report Id: AUDIODG.EXE3
  265.  
  266. Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
  267. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  268. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  269. Exception code: 0xc0000005
  270. Fault offset: 0x000000000010207b
  271. Faulting process id: 0x25b8
  272. Faulting application start time: 0xAUDIODG.EXE0
  273. Faulting application path: AUDIODG.EXE1
  274. Faulting module path: AUDIODG.EXE2
  275. Report Id: AUDIODG.EXE3
  276.  
  277. Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
  278. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  279. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  280. Exception code: 0xc0000005
  281. Fault offset: 0x000000000010207b
  282. Faulting process id: 0x1100
  283. Faulting application start time: 0xAUDIODG.EXE0
  284. Faulting application path: AUDIODG.EXE1
  285. Faulting module path: AUDIODG.EXE2
  286. Report Id: AUDIODG.EXE3
  287.  
  288. Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
  289. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  290. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  291. Exception code: 0xc0000005
  292. Fault offset: 0x000000000010207b
  293. Faulting process id: 0x2180
  294. Faulting application start time: 0xAUDIODG.EXE0
  295. Faulting application path: AUDIODG.EXE1
  296. Faulting module path: AUDIODG.EXE2
  297. Report Id: AUDIODG.EXE3
  298.  
  299. Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
  300. Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
  301. Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
  302. Exception code: 0xc0000005
  303. Fault offset: 0x00000000000506dd
  304. Faulting process id: 0x17bc
  305. Faulting application start time: 0xAUDIODG.EXE0
  306. Faulting application path: AUDIODG.EXE1
  307. Faulting module path: AUDIODG.EXE2
  308. Report Id: AUDIODG.EXE3
  309.  
  310.  
  311. System errors:
  312. =============
  313. Error: (01/02/2015 09:46:42 AM) (Source: volsnap) (EventID: 36) (User: )
  314. Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
  315.  
  316. Error: (12/31/2014 06:47:40 PM) (Source: volsnap) (EventID: 36) (User: )
  317. Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
  318.  
  319. Error: (12/27/2014 05:04:52 PM) (Source: volsnap) (EventID: 36) (User: )
  320. Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
  321.  
  322. Error: (12/23/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
  323. Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
  324.  
  325. Error: (12/23/2014 09:14:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
  326. Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
  327.  
  328. Error: (12/23/2014 09:14:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
  329. Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
  330.  
  331. Error: (12/23/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
  332. Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
  333.  
  334. Error: (12/23/2014 09:11:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
  335. Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
  336.  
  337. Error: (12/23/2014 09:07:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
  338. Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
  339.  
  340. Error: (12/23/2014 09:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
  341. Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
  342.  
  343.  
  344. Microsoft Office Sessions:
  345. =========================
  346. Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
  347. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd68401d0268df16611c8C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll66d65504-9281-11e4-be5d-3859f9ee32ed
  348.  
  349. Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
  350. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b18b401d0268c25fbc5aeC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll10fa417a-9281-11e4-be5d-3859f9ee32ed
  351.  
  352. Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
  353. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b15b001d0267d375a8f42C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll9b929ff1-9270-11e4-be5d-3859f9ee32ed
  354.  
  355. Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
  356. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b21e001d02539a201b39fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll4d22ec7b-912d-11e4-be5d-3859f9ee32ed
  357.  
  358. Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
  359. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd227001d0253865b76f9cC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllaa72ce34-912b-11e4-be5d-3859f9ee32ed
  360.  
  361. Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
  362. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd113c01d0253825fa32b3C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlla12d72fb-912b-11e4-be5d-3859f9ee32ed
  363.  
  364. Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
  365. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b25b801d0251c969f6c0bC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb3693982-911e-11e4-be5d-3859f9ee32ed
  366.  
  367. Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
  368. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b110001d0251a1499bf06C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll5a29cc35-910d-11e4-be5d-3859f9ee32ed
  369.  
  370. Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
  371. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b218001d024ecf3f1e50eC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlld5c4186d-90e8-11e4-be5d-3859f9ee32ed
  372.  
  373. Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
  374. Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd17bc01d0245806b95ceaC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll29a18ad3-90e0-11e4-be5d-3859f9ee32ed
  375.  
  376.  
  377. CodeIntegrity Errors:
  378. ===================================
  379.   Date: 2014-12-23 21:14:27.039
  380.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  381.  
  382.   Date: 2014-12-23 21:14:27.023
  383.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  384.  
  385.   Date: 2014-12-23 21:14:26.992
  386.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  387.  
  388.   Date: 2014-12-23 21:14:26.977
  389.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  390.  
  391.   Date: 2014-12-23 21:07:21.932
  392.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  393.  
  394.   Date: 2014-12-23 21:07:21.901
  395.   Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
  396.  
  397.  
  398. ==================== Memory info ===========================
  399.  
  400. Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
  401. Percentage of memory in use: 32%
  402. Total physical RAM: 8173.22 MB
  403. Available physical RAM: 5553.49 MB
  404. Total Pagefile: 16344.62 MB
  405. Available Pagefile: 13333.44 MB
  406. Total Virtual: 8192 MB
  407. Available Virtual: 8191.84 MB
  408.  
  409. ==================== Drives ================================
  410.  
  411. Drive c: () (Fixed) (Total:111.79 GB) (Free:40.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
  412. Drive d: (Windows_7_Ultimate_32_Bit) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF
  413.  
  414. ==================== MBR & Partition Table ==================
  415.  
  416. ========================================================
  417. Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 31644004)
  418. Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
  419.  
  420. ==================== End Of Log ============================


#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 03 January 2015 - 05:44 AM

And please without line numbers.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 04 January 2015 - 02:05 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by Matheus (administrator) on MATHEUS-PC on 02-01-2015 11:16:12
Running from C:\Users\Matheus\Desktop
Loaded Profile: Matheus (Available profiles: Matheus)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Red Bend Ltd.) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Atomi Systems, Inc.) C:\Program Files (x86)\ATOMI\ActivePresenter\ActivePresenter.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Foxit Corporation) C:\Users\Matheus\AppData\Local\Temp\Foxit Reader Updater.exe
(Alexander Roshal) C:\Program Files\WinRAR\WinRAR.exe
() C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelPAN] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-06-01] (Intel® Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2011-07-20] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [1211680 2011-07-27] (Broadcom Corporation.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11895400 2011-07-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-12] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [702768 2014-12-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavShx64.dll No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-178241157-3166524979-4280168215-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:52743;https=127.0.0.1:52743;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-178241157-3166524979-4280168215-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Object Browser -> {11111111-1111-1111-1111-110311281150} -> C:\Program Files (x86)\Object Browser\Object Browser-bho64.dll No File
BHO: iWebar -> {11111111-1111-1111-1111-110611511123} -> C:\Program Files (x86)\iWebar\iWebar-bho64.dll No File
BHO: HDVid2.6dV09.12 -> {11111111-1111-1111-1111-110611571181} -> C:\Program Files (x86)\HDVid2.6dV09.12\HDVid2.6dV09.12-bho64.dll No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.2
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [ISVCU@iSkysoft.com] - C:\ProgramData\iSkysoft\Video Converter Ultimate\ISVCU@iSkysoft.com
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com.br/
CHR StartupUrls: Default -> "hxxp://start.mysearchdial.com/?f=1&a=ir_14_11_ch&cd=2XzuyEtN2Y1L1Qzu0FtD0B0FzyyB0C0EtA0F0EtD0AyEtByEtN0D0Tzu0SzztDyDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyD0FtAtC0EzyyCtGyByEzztBtG0D0Azy0DtG0CtDtByCtGtA0E0E0EyByEtB0DyByB0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0FyCzztAyCyBtAtGzztCzztCtGyEyByDyEtG0A0CyB0CtGtB0BtD0EyEyC0B0AyB0BtByC2Q&cr=1093509336&ir=", "hxxp://start.qone8.com/?type=hp&ts=1399210072&from=smt&uid=TOSHIBAXMK7559GSXP_51J7F1XCSXX51J7F1XCS", "hxxp://www.mystartsearch.com/?type=hp&ts=1418125480&from=amt&uid=SPK-SF12-M120_SPARK12071100042"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-08]
CHR Extension: (Google Docs) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-08]
CHR Extension: (Google Drive) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-08]
CHR Extension: (YouTube) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-08]
CHR Extension: (Pesquisa do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-08]
CHR Extension: (Planilhas do Google) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-08]
CHR Extension: (Segurança do navegador Avira) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-12-08]
CHR Extension: (Google Wallet) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-08]
CHR Extension: (Gmail) - C:\Users\Matheus\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-08]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - No Path
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [431920 2014-12-16] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
R2 DMAgent; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [498688 2011-06-14] (Red Bend Ltd.) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-06-01] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 WiMAXAppSrv; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [986112 2011-06-14] (Intel® Corporation) [File not signed]
S3 globalUpdatem; C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-09-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-09-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-25] (Avira Operations GmbH & Co. KG)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R2 risdsnpe; C:\Windows\System32\DRIVERS\risdsnxc64.sys [98816 2011-07-20] (REDC)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 11:16 - 2015-01-02 11:16 - 00018383 _____ () C:\Users\Matheus\Desktop\FRST.txt
2015-01-02 09:50 - 2015-01-02 09:50 - 00710745 _____ () C:\Users\Matheus\Downloads\bb0213_edital.zip
2014-12-31 16:06 - 2014-12-31 16:06 - 00033557 _____ () C:\Users\Matheus\Downloads\ee7276996c299da84632f7811c854fa0128ab2ae.zip
2014-12-31 16:03 - 2014-12-31 16:03 - 00041907 _____ () C:\Users\Matheus\Downloads\f770803e7cd22da0c79289c548035ab7318b3511.zip
2014-12-31 15:09 - 2014-12-31 15:09 - 00042579 _____ () C:\Users\Matheus\Downloads\9d48a8beda85acd8b621156983830253.zip
2014-12-30 10:19 - 2014-12-30 10:19 - 00028382 _____ () C:\Users\Matheus\Downloads\Addition.txt
2014-12-30 10:18 - 2015-01-02 11:16 - 00000000 ____D () C:\FRST
2014-12-30 10:18 - 2014-12-30 10:19 - 00096263 _____ () C:\Users\Matheus\Downloads\FRST.txt
2014-12-30 10:18 - 2014-12-30 10:18 - 02123264 _____ (Farbar) C:\Users\Matheus\Desktop\FRST64.exe
2014-12-29 10:33 - 2015-01-02 09:54 - 00800122 _____ () C:\Users\Matheus\Desktop\2015.xlsx
2014-12-29 10:33 - 2014-12-29 10:33 - 00000165 ____H () C:\Users\Matheus\Desktop\~$2015.xlsx
2014-12-27 14:16 - 2014-12-27 14:16 - 00681220 _____ () C:\Users\Matheus\Downloads\bb0214_edital.zip
2014-12-26 14:30 - 2014-12-26 14:30 - 00015829 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.interview.2014.720p.web.dl.xvid.mp3.rarbg.torrent
2014-12-26 14:27 - 2014-12-27 20:28 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn-Time
2014-12-26 14:27 - 2014-12-26 14:27 - 00002216 _____ () C:\Users\Matheus\Desktop\Popcorn Time.lnk
2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time
2014-12-26 14:27 - 2014-12-26 14:27 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Popcorn Time
2014-12-23 21:19 - 2014-12-23 21:19 - 00218112 _____ (Soeperman Enterprises Ltd.) C:\Users\Matheus\Downloads\HijackThis.exe
2014-12-23 21:19 - 2014-12-23 21:19 - 00010265 _____ () C:\Users\Matheus\Downloads\hijackthis.log
2014-12-23 21:16 - 2014-12-23 21:16 - 00025129 _____ () C:\ComboFix.txt
2014-12-23 21:04 - 2011-06-26 04:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-12-23 21:04 - 2010-11-07 15:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-12-23 21:04 - 2009-04-20 02:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00098816 _____ () C:\Windows\sed.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00080412 _____ () C:\Windows\grep.exe
2014-12-23 21:04 - 2000-08-30 22:00 - 00068096 _____ () C:\Windows\zip.exe
2014-12-23 20:41 - 2014-12-23 21:16 - 00000000 ____D () C:\Qoobox
2014-12-23 20:41 - 2014-12-23 21:08 - 00000000 ____D () C:\Windows\erdnt
2014-12-23 19:23 - 2014-12-23 19:25 - 05603465 ____R (Swearware) C:\Users\Matheus\Downloads\ComboFix.exe
2014-12-22 11:55 - 2014-12-22 11:55 - 00000000 ____D () C:\Users\Matheus\.aria2
2014-12-21 16:47 - 2014-12-21 17:35 - 148255653 _____ () C:\Users\Matheus\Downloads\yCcsUhGum2b0Hf_EJHu1pMxTFLS3W2NTg2HIc8h0UyU.rar
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieUserList
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieSiteList
2014-12-21 16:06 - 2014-12-21 16:06 - 00000000 __SHD () C:\Users\Matheus\AppData\Local\EmieBrowserModeList
2014-12-20 21:06 - 2014-12-20 21:06 - 00000000 ____D () C:\Users\Matheus\AppData\Local\IsolatedStorage
2014-12-20 21:05 - 2014-12-20 21:05 - 00000908 _____ () C:\Users\Public\Desktop\Warface.lnk
2014-12-20 21:05 - 2014-12-20 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Level Up! Games
2014-12-20 21:03 - 2014-12-20 21:03 - 00000000 ____D () C:\Level Up! Games
2014-12-20 19:14 - 2014-12-20 19:14 - 00020148 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.unplugged.remastered.deluxe.edition.2013.2cd.320kbps.cbr.mp3.vx.p2pdl.torrent
2014-12-20 19:01 - 2014-12-20 19:01 - 00019147 _____ () C:\Users\Matheus\Downloads\[kickass.so]eric.clapton.the.best.of.eric.clapton.2004.320.vtwin88cube.torrent
2014-12-19 17:45 - 2014-12-19 17:45 - 00055932 _____ () C:\Users\Matheus\Downloads\[kickass.so]rocky.1.6.saga.movies.collection.1976.2006.1080p.bluray.x264.anoxmous.torrent
2014-12-19 10:43 - 2014-12-19 10:43 - 00018295 _____ () C:\Users\Matheus\Downloads\[kickass.so]good.will.hunting.1997.1080p.brrip.x264.yify.torrent
2014-12-17 20:14 - 2014-12-17 20:14 - 00011519 _____ () C:\Users\Matheus\Downloads\[kickass.so]heat.1995.1080p.brrip.x264.yify.torrent
2014-12-17 09:36 - 2014-12-19 09:47 - 00000000 ____D () C:\Users\Matheus\Desktop\Poke
2014-12-17 00:53 - 2014-12-17 00:53 - 00058187 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon (1).torrent
2014-12-17 00:49 - 2014-12-23 21:15 - 00025784 _____ () C:\Windows\PFRO.log
2014-12-17 00:46 - 2014-12-31 14:51 - 00007047 _____ () C:\Windows\setupact.log
2014-12-17 00:46 - 2014-12-17 00:46 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-17 00:46 - 2014-11-22 08:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-12-17 00:46 - 2014-11-22 08:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-12-16 18:52 - 2015-01-02 09:46 - 00000000 ____D () C:\Users\Matheus\Desktop\Menor ainda
2014-12-16 18:39 - 2014-12-16 18:43 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-16 18:38 - 2014-12-16 18:38 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-16 18:38 - 2014-12-16 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-16 18:38 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-16 18:38 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-16 18:38 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-16 18:16 - 2014-12-16 18:16 - 00001013 _____ () C:\Users\Public\Desktop\Video to Video.lnk
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\VideoOutput
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Users\Matheus\Documents\Snapshot
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Video to Video
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LAV Filters
2014-12-16 18:16 - 2014-12-16 18:16 - 00000000 ____D () C:\Program Files (x86)\Video to Video
2014-12-16 18:03 - 2014-12-16 18:40 - 00000000 ____D () C:\Program Files (x86)\FreeTime
2014-12-16 18:03 - 2014-12-16 18:03 - 00000000 ____D () C:\FFOutput
2014-12-16 17:59 - 2014-12-16 17:59 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft Video Converter Ultimate
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\ProgramData\iSkysoft
2014-12-16 17:57 - 2014-12-16 18:01 - 00000000 ____D () C:\Program Files (x86)\iSkysoft
2014-12-16 17:57 - 2014-12-16 17:57 - 00000000 ____D () C:\Users\Matheus\AppData\Local\iSkysoft
2014-12-16 10:37 - 2014-12-16 15:24 - 00000000 ____D () C:\Users\Matheus\Documents\My Games
2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-16 10:37 - 2014-12-16 10:37 - 00000000 ____D () C:\ProgramData\Age of Empires 3
2014-12-15 22:16 - 2014-12-15 22:16 - 00015356 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.3.both.expansions.fully.updated.torrent
2014-12-15 22:15 - 2014-12-17 18:21 - 00000000 ____D () C:\ProgramData\Steam
2014-12-15 22:14 - 2014-12-15 22:14 - 00000000 ____D () C:\Games
2014-12-15 21:43 - 2014-12-15 21:43 - 00016090 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.ii.hd.edition.multi2.fix.repack.audioslave.torrent
2014-12-15 21:42 - 2014-12-15 21:42 - 00015081 _____ () C:\Users\Matheus\Downloads\[kickass.so]age.of.empires.2.hd.edition.v.2.0.multi2.repack.fenixx.torrent
2014-12-14 19:41 - 2014-12-14 19:41 - 00133511 _____ () C:\Users\Matheus\Downloads\[kickass.so]ryse.son.of.rome.codex.torrent
2014-12-12 18:42 - 2014-12-12 18:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Promotion Software GmbH
2014-12-12 18:29 - 2014-12-15 21:44 - 00000000 ____D () C:\Program Files (x86)\CatACat
2014-12-12 14:52 - 2014-12-12 14:52 - 00019712 _____ () C:\Users\Matheus\Downloads\[kickass.so]emergency.5.2014.pc.repack.multi.torrent
2014-12-11 17:22 - 2014-12-11 17:22 - 00025569 _____ () C:\Users\Matheus\Downloads\[kickass.so]the.wolf.of.wall.street.2013.1080p.brrip.x264.ac3.jyk.torrent
2014-12-11 17:18 - 2014-12-11 17:18 - 00019667 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.1080p.brrip.x264.yify.torrent
2014-12-11 15:56 - 2014-12-11 15:56 - 00015137 _____ () C:\Users\Matheus\Downloads\[kickass.so]guardians.of.the.galaxy.2014.720p.hdcam.x264.jyk.torrent
2014-12-11 14:44 - 2014-12-11 14:44 - 00000000 ____D () C:\Users\Matheus\Documents\My Cheat Tables
2014-12-11 08:48 - 2014-12-11 08:48 - 00645729 _____ (WDS Team) C:\Users\Matheus\Downloads\windirstat1_1_2_setup.exe
2014-12-11 08:48 - 2014-12-11 08:48 - 00001031 _____ () C:\Users\Matheus\Desktop\WinDirStat.lnk
2014-12-11 08:48 - 2014-12-11 08:48 - 00000000 ____D () C:\Program Files (x86)\WinDirStat
2014-12-10 11:08 - 2014-12-10 11:08 - 00058315 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.decepticon.torrent
2014-12-09 17:06 - 2014-12-09 17:07 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\MKKE
2014-12-09 17:05 - 2014-12-09 17:05 - 00000000 ____D () C:\Users\Matheus\AppData\Local\SKIDROW
2014-12-09 16:35 - 2014-12-09 16:35 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Microsoft Games
2014-12-09 14:52 - 2014-12-09 14:52 - 00103473 _____ () C:\Users\Matheus\Downloads\[kickass.so]middle.earth.shadow.of.mordor.premium.edition.update.1.2014.pc.repack.r.g.catalyst.torrent
2014-12-09 13:20 - 2014-12-09 13:20 - 00049645 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.steam.rip.multi6.rg.gameworks.torrent
2014-12-09 13:17 - 2014-12-09 13:17 - 00183494 _____ () C:\Users\Matheus\Downloads\[kickass.so]mortal.kombat.komplete.edition.flt.torrent
2014-12-09 10:35 - 2014-12-17 18:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Steam
2014-12-09 10:34 - 2014-12-09 10:34 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-12-09 09:54 - 2014-12-09 09:54 - 00000000 ____D () C:\Program Files (x86)\predm
2014-12-09 09:51 - 2014-12-09 09:51 - 00000000 ____D () C:\Program Files (x86)\47ab82a9-a464-4206-8b1d-b16ca25a37dc
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Users\Matheus\AppData\Local\globalUpdate
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\d1760ecd-0578-4c50-a026-bfbe89143b20
2014-12-09 09:48 - 2014-12-09 09:48 - 00000000 ____D () C:\Program Files (x86)\0dd50cd4-981a-45e7-b0aa-6429429b6a8d
2014-12-09 09:46 - 2014-12-10 09:47 - 00000000 ____D () C:\Program Files (x86)\YTDownloader
2014-12-09 09:46 - 2014-12-09 09:46 - 00003590 _____ () C:\Windows\System32\Tasks\YTDownloader
2014-12-09 09:46 - 2014-12-09 09:46 - 00003580 _____ () C:\Windows\System32\Tasks\YTDownloaderUpd
2014-12-09 09:45 - 2014-12-09 09:45 - 00000000 ____D () C:\Users\Matheus\AppData\Local\CrashRpt
2014-12-08 12:56 - 2014-12-11 14:05 - 00002373 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-08 12:56 - 2014-12-08 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-08 12:54 - 2015-01-02 10:59 - 00001070 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-08 12:54 - 2015-01-02 08:40 - 00001066 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-08 12:54 - 2014-12-08 12:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-08 12:54 - 2014-12-08 12:54 - 00004066 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-08 12:54 - 2014-12-08 12:54 - 00003814 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-08 10:59 - 2014-12-08 11:00 - 00000000 ____D () C:\ProgramData\Auslogics
2014-12-08 10:59 - 2014-12-08 10:59 - 00001236 _____ () C:\Users\Matheus\Desktop\Auslogics Registry Cleaner.lnk
2014-12-08 10:59 - 2014-12-08 10:59 - 00001169 _____ () C:\Users\Matheus\Desktop\Auslogics DiskDefrag.lnk
2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-12-08 10:59 - 2014-12-08 10:59 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-12-05 08:18 - 2014-12-05 08:18 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-12-04 09:52 - 2014-11-06 01:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-04 09:29 - 2014-12-08 10:38 - 00000000 ____D () C:\Program Files (x86)\DsNET Corp
2014-12-04 09:07 - 2014-12-17 18:22 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Anvsoft
2014-12-04 09:07 - 2014-12-04 09:07 - 00000000 ____D () C:\Users\Matheus\Documents\Any Video Converter
2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-12-04 08:42 - 2014-12-04 08:42 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-04 08:33 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-12-04 08:30 - 2014-12-04 08:30 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-04 08:30 - 2014-12-04 08:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-04 08:30 - 2014-12-04 08:30 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-04 08:30 - 2014-12-04 08:30 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-04 08:30 - 2014-12-04 08:30 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-12-04 08:30 - 2014-12-04 08:30 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-12-04 08:30 - 2014-12-04 08:30 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-04 08:30 - 2014-12-04 08:30 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-04 08:30 - 2014-12-04 08:30 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-12-04 08:30 - 2014-12-04 08:30 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-12-04 08:30 - 2014-12-04 08:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-12-04 08:30 - 2014-12-04 08:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-12-04 08:29 - 2014-12-04 08:29 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-12-04 08:28 - 2014-12-04 08:28 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-12-04 08:28 - 2014-12-04 08:28 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-12-04 08:24 - 2014-12-04 08:24 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-04 08:24 - 2014-12-04 08:24 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-04 07:53 - 2012-03-01 04:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-12-04 07:53 - 2012-03-01 04:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-12-04 07:53 - 2012-03-01 03:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-12-04 07:50 - 2014-06-30 20:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-12-04 07:50 - 2014-06-30 20:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-12-04 07:50 - 2014-06-06 04:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-04 07:50 - 2014-06-06 04:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-12-04 07:50 - 2014-03-09 19:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-12-04 07:50 - 2014-03-09 19:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-12-04 07:50 - 2014-03-09 19:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-12-04 07:50 - 2014-03-09 19:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-12-03 10:08 - 2011-04-09 04:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-03 10:08 - 2011-04-09 03:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-03 09:52 - 2014-10-14 00:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-12-03 09:52 - 2014-10-14 00:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-12-03 09:52 - 2014-10-14 00:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-12-03 09:52 - 2014-10-13 23:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-12-03 09:52 - 2014-10-13 23:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-12-03 09:52 - 2014-04-25 00:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-12-03 09:52 - 2014-04-25 00:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-12-03 09:52 - 2014-03-25 00:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-03 09:52 - 2014-03-25 00:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-03 09:52 - 2013-10-19 00:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-12-03 09:52 - 2013-10-18 23:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-12-03 09:52 - 2013-07-09 03:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-12-03 09:52 - 2013-07-09 02:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-12-03 09:52 - 2013-07-04 10:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-12-03 09:52 - 2013-07-04 09:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-12-03 09:52 - 2011-10-26 03:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-12-03 09:52 - 2011-10-26 03:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-12-03 09:52 - 2011-10-26 02:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-12-03 09:52 - 2011-10-26 02:32 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2014-12-03 09:52 - 2011-06-15 08:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2014-12-03 09:52 - 2011-06-15 06:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2014-12-03 09:52 - 2010-12-23 08:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2014-12-03 09:52 - 2010-12-23 08:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2014-12-03 09:52 - 2010-12-23 08:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2014-12-03 09:52 - 2010-12-23 03:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2014-12-03 09:52 - 2010-12-23 03:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2014-12-03 09:52 - 2010-12-23 03:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2014-12-03 09:51 - 2014-06-18 20:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-12-03 09:51 - 2014-06-18 20:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-12-03 09:51 - 2014-04-05 00:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-03 09:51 - 2014-04-05 00:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-12-03 09:51 - 2014-01-29 00:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-12-03 09:51 - 2014-01-29 00:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-12-03 09:51 - 2013-11-26 09:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-03 09:51 - 2013-10-05 18:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-03 09:51 - 2013-10-05 17:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-03 09:51 - 2013-07-09 03:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-12-03 09:51 - 2013-07-09 03:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-12-03 09:51 - 2013-07-09 02:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-12-03 09:51 - 2013-07-09 02:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-12-03 09:51 - 2013-04-12 12:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-03 09:51 - 2011-11-17 04:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2014-12-03 09:51 - 2011-11-17 03:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2014-12-03 09:51 - 2011-07-09 00:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-12-03 09:51 - 2011-04-27 00:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-12-03 09:51 - 2011-04-27 00:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-12-03 09:50 - 2014-08-21 04:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-03 09:50 - 2014-08-21 04:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-12-03 09:50 - 2014-08-21 04:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-03 09:50 - 2014-08-21 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-12-03 09:50 - 2014-07-16 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-03 09:50 - 2014-07-16 00:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-03 09:50 - 2014-06-18 00:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-12-03 09:50 - 2014-06-17 23:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-12-03 09:50 - 2014-06-06 08:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-03 09:50 - 2014-06-06 07:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-12-03 09:50 - 2014-06-03 08:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-12-03 09:50 - 2014-06-03 07:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-12-03 09:50 - 2014-06-03 07:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-03 09:50 - 2014-06-03 07:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-12-03 09:50 - 2014-05-30 04:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-12-03 09:50 - 2014-03-26 12:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-12-03 09:50 - 2014-03-26 12:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-12-03 09:50 - 2014-03-26 12:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-12-03 09:50 - 2014-03-26 12:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-12-03 09:50 - 2014-03-04 07:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-03 09:50 - 2014-03-04 07:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-12-03 09:50 - 2014-03-04 07:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-03 09:50 - 2014-03-04 07:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-12-03 09:50 - 2014-03-04 07:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-12-03 09:50 - 2014-03-04 07:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-12-03 09:50 - 2014-03-04 07:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-12-03 09:50 - 2014-03-04 07:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-12-03 09:50 - 2014-03-04 07:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-03 09:50 - 2013-11-26 23:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-12-03 09:50 - 2013-11-26 23:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-12-03 09:50 - 2013-10-04 00:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-12-03 09:50 - 2013-10-03 23:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-12-03 09:50 - 2013-08-02 00:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-12-03 09:50 - 2013-08-02 00:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-12-03 09:50 - 2013-08-01 23:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-12-03 09:50 - 2013-08-01 22:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-12-03 09:50 - 2013-07-25 07:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-12-03 09:50 - 2013-07-25 06:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-12-03 09:50 - 2013-07-12 08:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-12-03 09:50 - 2013-07-12 08:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-12-03 09:50 - 2013-07-03 02:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-12-03 09:50 - 2013-07-03 02:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-12-03 09:50 - 2013-06-25 20:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-12-03 09:50 - 2013-06-06 03:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-12-03 09:50 - 2013-06-06 03:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-12-03 09:50 - 2013-06-06 03:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-12-03 09:50 - 2013-06-06 03:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-12-03 09:50 - 2013-06-06 02:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-12-03 09:50 - 2013-06-06 02:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-12-03 09:50 - 2013-06-06 02:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-12-03 09:50 - 2013-06-06 01:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-12-03 09:50 - 2013-06-06 01:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-12-03 09:50 - 2013-06-06 01:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-12-03 09:50 - 2013-02-27 03:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-12-03 09:50 - 2013-02-12 02:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-12-03 09:50 - 2012-11-28 20:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-12-03 09:50 - 2012-11-28 20:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-12-03 09:50 - 2012-11-28 20:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-12-03 09:50 - 2012-11-02 03:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-12-03 09:50 - 2012-11-02 03:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-12-03 09:50 - 2011-03-11 04:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2014-12-03 09:50 - 2011-03-11 04:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2014-12-03 09:50 - 2011-03-11 03:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2014-12-03 09:50 - 2011-03-11 03:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2014-12-03 09:50 - 2011-03-03 04:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-03 09:50 - 2011-03-03 04:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-03 09:50 - 2011-03-03 04:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2014-12-03 09:50 - 2011-03-03 03:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-03 09:50 - 2011-03-03 03:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2014-12-03 09:49 - 2013-12-24 21:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-03 09:49 - 2013-12-24 20:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-03 09:49 - 2013-11-26 06:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-03 09:49 - 2013-11-22 20:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-03 09:48 - 2014-11-11 01:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-03 09:48 - 2014-11-11 01:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-12-03 09:48 - 2014-11-11 00:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-03 09:48 - 2014-11-11 00:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-12-03 09:48 - 2014-10-14 00:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-12-03 09:48 - 2014-10-14 00:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-03 09:48 - 2014-10-13 23:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-12-03 09:48 - 2014-10-13 23:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-03 09:48 - 2014-10-03 00:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-03 09:48 - 2014-10-03 00:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-12-03 09:48 - 2014-10-02 23:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-03 09:48 - 2014-09-04 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-03 09:48 - 2014-09-04 03:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-03 09:48 - 2014-08-12 00:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-12-03 09:48 - 2014-08-11 23:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-12-03 09:48 - 2014-06-16 00:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-03 09:48 - 2014-04-12 00:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-12-03 09:48 - 2014-04-12 00:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-12-03 09:48 - 2014-04-12 00:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-12-03 09:48 - 2014-04-12 00:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-12-03 09:48 - 2014-04-12 00:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-12-03 09:48 - 2013-07-26 00:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-12-03 09:48 - 2013-07-25 23:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-12-03 09:48 - 2013-04-26 03:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-12-03 09:48 - 2013-04-26 02:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-12-03 09:48 - 2013-04-10 04:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-12-03 09:48 - 2012-11-23 01:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-12-03 09:48 - 2012-09-25 20:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-12-03 09:48 - 2012-09-25 20:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-12-03 09:48 - 2012-03-17 05:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-12-03 09:48 - 2011-08-17 03:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2014-12-03 09:48 - 2011-08-17 03:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2014-12-03 09:48 - 2011-08-17 02:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2014-12-03 09:48 - 2011-08-17 02:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2014-12-03 09:48 - 2011-05-24 09:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-12-03 09:48 - 2011-05-24 08:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2014-12-03 09:48 - 2011-05-24 08:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2014-12-03 09:48 - 2011-05-24 08:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2014-12-03 09:48 - 2011-05-24 08:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-12-03 09:48 - 2011-04-29 01:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-12-03 09:48 - 2011-04-29 01:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-12-03 09:48 - 2011-04-29 01:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-12-03 09:48 - 2011-02-05 15:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-12-03 09:48 - 2011-02-05 15:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2014-12-03 09:48 - 2011-02-05 15:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2014-12-03 09:48 - 2011-02-05 15:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2014-12-03 09:48 - 2011-02-05 15:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-03 09:48 - 2011-02-05 15:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-12-03 09:48 - 2011-02-05 15:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-03 09:48 - 2011-02-03 09:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-12-03 09:46 - 2014-10-24 23:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-12-03 09:46 - 2014-10-24 23:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-12-03 09:46 - 2014-09-19 07:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-12-03 09:46 - 2014-09-19 07:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-03 09:46 - 2014-07-17 00:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-12-03 09:46 - 2014-07-17 00:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-12-03 09:46 - 2014-07-17 00:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-12-03 09:46 - 2014-07-16 23:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-12-03 09:46 - 2014-07-16 23:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-03 09:46 - 2014-07-16 23:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-03 09:46 - 2014-07-16 23:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-03 09:46 - 2014-07-16 23:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-12-03 09:46 - 2014-07-16 23:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-12-03 09:46 - 2013-07-20 08:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-03 09:46 - 2013-07-20 08:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-03 09:46 - 2013-02-15 04:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-03 09:46 - 2013-02-15 04:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-03 09:46 - 2013-02-15 01:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-03 09:46 - 2012-04-26 03:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-12-03 09:46 - 2012-04-26 03:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-12-03 09:45 - 2014-10-18 00:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-03 09:45 - 2014-10-17 23:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-03 09:45 - 2014-10-09 22:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-03 09:45 - 2014-08-23 00:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-03 09:45 - 2014-08-22 23:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-12-03 09:45 - 2014-03-04 07:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-12-03 09:45 - 2014-03-04 07:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-12-03 09:45 - 2014-03-04 07:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-03 09:45 - 2014-03-04 07:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-12-03 09:45 - 2014-03-04 07:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-12-03 09:45 - 2014-03-04 06:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-12-03 09:45 - 2014-03-04 06:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-12-03 09:45 - 2013-10-12 00:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-12-03 09:45 - 2013-10-12 00:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-12-03 09:45 - 2013-10-12 00:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-12-03 09:45 - 2013-10-12 00:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-12-03 09:45 - 2013-10-11 23:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-12-03 09:45 - 2013-10-11 23:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-12-03 09:45 - 2013-10-11 23:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-12-03 09:45 - 2013-10-11 23:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-12-03 09:45 - 2013-08-02 00:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-12-03 09:45 - 2013-08-02 00:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 23:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-12-03 09:45 - 2013-08-01 22:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-12-03 09:45 - 2013-08-01 22:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-12-03 09:45 - 2013-07-04 10:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-12-03 09:45 - 2013-05-13 03:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-12-03 09:45 - 2013-05-13 01:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-12-03 09:45 - 2013-05-13 01:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-12-03 09:45 - 2013-05-13 01:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-12-03 09:45 - 2013-04-09 21:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-12-03 09:45 - 2013-04-02 20:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-12-03 09:45 - 2012-07-04 20:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-12-03 09:45 - 2012-07-04 20:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-12-03 09:45 - 2012-07-04 20:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-12-03 09:45 - 2012-07-04 19:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-12-03 09:45 - 2012-07-04 19:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-12-03 09:45 - 2012-05-14 03:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-12-03 09:45 - 2011-12-16 06:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-12-03 09:45 - 2011-12-16 05:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-12-03 09:45 - 2011-10-15 04:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2014-12-03 09:45 - 2011-10-15 03:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2014-12-03 09:45 - 2011-08-27 03:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2014-12-03 09:45 - 2011-08-27 02:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2014-12-03 09:45 - 2011-05-03 03:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-03 09:45 - 2011-05-03 02:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-03 09:45 - 2011-02-23 02:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-12-03 09:45 - 2011-02-12 09:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2014-12-03 09:44 - 2014-07-14 00:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-12-03 09:44 - 2014-07-13 23:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-12-03 09:44 - 2013-10-12 00:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-12-03 09:44 - 2013-10-12 00:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-12-03 09:44 - 2013-10-12 00:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-12-03 09:44 - 2013-10-12 00:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-12-03 09:44 - 2013-10-12 00:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-12-03 09:44 - 2012-06-06 04:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-12-03 09:44 - 2012-06-06 03:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-12-03 09:28 - 2012-02-17 04:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-12-03 09:28 - 2012-02-17 03:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-12-03 09:28 - 2012-02-17 02:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2014-12-03 09:20 - 2014-05-14 14:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-03 09:20 - 2014-05-14 14:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-03 09:20 - 2014-05-14 14:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-12-03 09:20 - 2014-05-14 14:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-03 09:20 - 2014-05-14 14:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-03 09:20 - 2014-05-14 14:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-12-03 09:20 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-03 09:20 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-12-03 09:20 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-03 09:20 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-02 10:28 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-02 10:28 - 2009-07-14 02:45 - 00016640 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-02 09:47 - 2014-10-23 12:56 - 01492911 _____ () C:\Windows\WindowsUpdate.log
2015-01-02 09:14 - 2014-11-30 11:13 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\ActivePresenter
2014-12-31 18:28 - 2014-10-23 14:42 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\uTorrent
2014-12-31 16:53 - 2014-10-23 14:21 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\vlc
2014-12-23 21:21 - 2009-07-14 03:13 - 00782462 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-23 21:15 - 2014-10-23 14:06 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-23 21:15 - 2009-07-14 03:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-23 21:15 - 2009-07-14 00:34 - 00000215 _____ () C:\Windows\system.ini
2014-12-23 21:09 - 2009-07-14 01:20 - 00000000 __RHD () C:\Users\Default
2014-12-22 11:55 - 2014-10-23 12:54 - 00000000 ____D () C:\Users\Matheus
2014-12-17 00:49 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PLA
2014-12-16 23:27 - 2014-10-23 15:18 - 00000000 ____D () C:\Users\Matheus\Desktop\TJ
2014-12-16 18:50 - 2014-11-28 11:45 - 00000000 ____D () C:\Program Files\CamStudio 2.7
2014-12-16 15:26 - 2014-10-23 13:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-16 10:33 - 2009-07-14 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-12 22:12 - 2014-10-23 13:37 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-12-12 22:12 - 2014-10-23 13:37 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-12-11 08:45 - 2014-10-23 18:52 - 00000000 ____D () C:\Windows\Panther
2014-12-10 15:56 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\rescache
2014-12-10 10:30 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-12-10 09:51 - 2014-10-23 12:54 - 00001605 _____ () C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-10 09:51 - 2009-07-14 03:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-12-10 09:47 - 2009-07-14 02:45 - 00284296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-10 09:46 - 2009-07-14 01:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-10 09:45 - 2010-11-21 05:16 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-10 09:45 - 2009-07-14 03:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-09 14:46 - 2014-10-23 14:38 - 00000000 ____D () C:\Users\Matheus\Desktop\bkp
2014-12-08 12:56 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Google
2014-12-08 12:54 - 2014-10-23 13:04 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Deployment
2014-12-08 10:58 - 2014-11-28 20:14 - 00000000 ____D () C:\Users\Matheus\AppData\Roaming\Audacity
2014-12-06 21:28 - 2014-10-23 13:04 - 00062976 _____ () C:\Users\Matheus\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-05 08:21 - 2014-10-23 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-04 09:16 - 2014-11-29 15:37 - 00000000 ____D () C:\Users\Matheus\AppData\Local\Windows Live
2014-12-04 08:41 - 2009-07-14 01:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
 
Some content of TEMP:
====================
C:\Users\Matheus\AppData\Local\Temp\avgnt.exe
C:\Users\Matheus\AppData\Local\Temp\Foxit Reader Updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-26 14:58
 
==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Matheus at 2015-01-02 11:16:40
Running from C:\Users\Matheus\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.3 - Atomi Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2600 - Broadcom Corporation)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Software Intel® PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warface (HKLM-x32\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.254.035 - Level Up! Games)
WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Realtek (RTL8167) Net  (04/21/2011 7.044.0421.2011) (HKLM\...\BF3DF29FDD6B622C311A7DE6464AA9B597D791A1) (Version: 04/21/2011 7.044.0421.2011 - Realtek)
Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM\...\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
Windows Driver Package - Ricoh Company SD Host Controller (12/17/2010 6.13.10.26) (HKLM\...\43201741444A6BB04A6B0FB2901BDBB2E890B61C) (Version: 12/17/2010 6.13.10.26 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-178241157-3166524979-4280168215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matheus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:34 - 2014-12-23 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13E81C99-E673-4E8E-A412-5E8867DAEE2B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {1A357285-BE0A-4C77-A69E-143661F6C138} - \SPDriver No Task File <==== ATTENTION
Task: {37399520-8644-44A9-9CCB-4A79386650A2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {5B1B0E6A-D8CD-4606-B52C-B227930F210D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {6CB7D5C3-10AB-4836-91D0-B0914ADDA3E6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {6D7BB8E3-F85B-4B26-817C-0038B6F94EF4} - \ShopperPro No Task File <==== ATTENTION
Task: {7AF9DF76-440D-46B6-A369-355F6F43BB47} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEDC3847-3E0F-4635-B022-6F4BB070A5C4} - \SMupdate1 No Task File <==== ATTENTION
Task: {AFDEC112-CA44-4100-9EAA-CA2A8C282A2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {B4A8D1AE-0F26-4985-9172-3B5BFBA9B40B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {EE5FBB41-1DE6-4953-90DC-161ECE47BAF9} - \SPBIW_UpdateTask_Time_323536333932393437382d5755326c785a5a5737414534 No Task File <==== ATTENTION
Task: {F2A4EF5C-F30D-4FCA-B359-76B5F0CD284A} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {FF9BE4E7-0B6B-4E9D-A8A9-8BFAB65890F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-23 14:06 - 2014-10-30 00:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-10-23 14:20 - 2013-05-24 15:12 - 33846336 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
2014-12-10 09:57 - 2014-12-10 09:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2014-10-23 13:16 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-11-30 11:12 - 2014-07-21 14:48 - 00435200 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxcurlu.dll
2014-11-30 11:12 - 2014-07-21 14:28 - 00229888 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\webconnect.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 11341838 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avcodec-54.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00210958 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avutil-52.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00024590 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avdevice-54.dll
2014-11-30 11:12 - 2014-06-27 12:32 - 00432654 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avfilter-3.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 01566222 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avformat-54.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00098318 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swresample-0.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00357902 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swscale-2.dll
2014-11-30 11:12 - 2014-06-27 12:32 - 00745472 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\libming.dll
2014-11-30 11:12 - 2014-11-24 11:41 - 00116736 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\rltext2speech.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00098816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\portaudio.dll
2014-11-30 11:12 - 2014-07-21 15:00 - 02082816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxpdfdoc.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00847440 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\xulrunner\js3250.dll
2014-10-23 14:20 - 2013-04-12 18:14 - 00557056 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi
2014-10-23 14:20 - 2013-03-29 16:00 - 01791488 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Speech.fpi
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-178241157-3166524979-4280168215-500 - Administrator - Disabled)
Guest (S-1-5-21-178241157-3166524979-4280168215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178241157-3166524979-4280168215-1002 - Limited - Enabled)
Matheus (S-1-5-21-178241157-3166524979-4280168215-1000 - Administrator - Enabled) => C:\Users\Matheus
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x684
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x18b4
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x15b0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x21e0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x2270
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x113c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x25b8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1100
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x2180
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x17bc
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
 
System errors:
=============
Error: (01/02/2015 09:46:42 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/31/2014 06:47:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/27/2014 05:04:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/23/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:14:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:14:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:11:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2014 09:07:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd68401d0268df16611c8C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll66d65504-9281-11e4-be5d-3859f9ee32ed
 
Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b18b401d0268c25fbc5aeC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll10fa417a-9281-11e4-be5d-3859f9ee32ed
 
Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b15b001d0267d375a8f42C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll9b929ff1-9270-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b21e001d02539a201b39fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll4d22ec7b-912d-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd227001d0253865b76f9cC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllaa72ce34-912b-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd113c01d0253825fa32b3C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlla12d72fb-912b-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b25b801d0251c969f6c0bC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb3693982-911e-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b110001d0251a1499bf06C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll5a29cc35-910d-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b218001d024ecf3f1e50eC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlld5c4186d-90e8-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd17bc01d0245806b95ceaC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll29a18ad3-90e0-11e4-be5d-3859f9ee32ed
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 21:14:27.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:27.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8173.22 MB
Available physical RAM: 5553.49 MB
Total Pagefile: 16344.62 MB
Available Pagefile: 13333.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:40.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Windows_7_Ultimate_32_Bit) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 31644004)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#12 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 04 January 2015 - 02:08 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by Matheus at 2015-01-02 11:16:40
Running from C:\Users\Matheus\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\uTorrent) (Version: 3.4.2.35702 - BitTorrent Inc.)
ActivePresenter (HKLM-x32\...\{A2A40277-D807-4754-95A3-2F294C2C51D3}_is1) (Version: 4.0.3 - Atomi Systems, Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 4.1.0.0 - Auslogics Labs Pty Ltd)
Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2600 - Broadcom Corporation)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.3.524 - Foxit Corporation)
Galeria de Fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HijackThis 1.99.1 (HKLM-x32\...\HijackThis) (Version: 1.99.1 - Soeperman Enterprises Ltd.)
Intel PROSet Wireless (x32 Version:  - ) Hidden
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® PROSet/Wireless WiMAX Software (HKLM\...\{5C1DA3D9-F590-4317-A4FB-274F658E504B}) (Version: 6.05.0000 - Intel Corporation)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.55.3 (HKLM-x32\...\lavfilters_is1) (Version: 0.55.3 - Hendrik Leppkes)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
NVIDIA 3D Vision Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.60 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.60 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6400 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Software Intel® PROSet/Wireless WiFi (HKLM\...\{3C41721F-AF0F-4086-AA1C-4C7F29076228}) (Version: 14.01.1000 - Intel Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.6.0 - Synaptics Incorporated)
System Requirements Lab CYRI (HKLM-x32\...\{1110A014-1471-4B66-BFDC-E8EED120CC59}) (Version: 6.0.20.0 - Husdawg, LLC)
Video to Video (HKLM-x32\...\{7F95A744-78DA-4AED-A8F0-A0AF330B8411}_is1) (Version:  - Media Converters)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Warface (HKLM-x32\...\{094FAADD-5A39-4C64-911A-B4C9AD818484}_is1) (Version: 1.0.254.035 - Level Up! Games)
WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2600 - Broadcom Corporation)
WinDirStat 1.1.2 (HKU\S-1-5-21-178241157-3166524979-4280168215-1000\...\WinDirStat) (Version:  - )
Windows Driver Package - Realtek (RTL8167) Net  (04/21/2011 7.044.0421.2011) (HKLM\...\BF3DF29FDD6B622C311A7DE6464AA9B597D791A1) (Version: 04/21/2011 7.044.0421.2011 - Realtek)
Windows Driver Package - Ricoh Company MS Host Controller (12/24/2010 6.13.10.25) (HKLM\...\95010B497C1DFEC62132F796273E6920E538715F) (Version: 12/24/2010 6.13.10.25 - Ricoh Company)
Windows Driver Package - Ricoh Company SD Host Controller (12/17/2010 6.13.10.26) (HKLM\...\43201741444A6BB04A6B0FB2901BDBB2E890B61C) (Version: 12/17/2010 6.13.10.26 - Ricoh Company)
Windows Driver Package - Sony Corporation (SFEP) HIDClass  (11/27/2009 8.0.1.2) (HKLM\...\4E827A70BAA738C408DBDD024BCACE5085D946F1) (Version: 11/27/2009 8.0.1.2 - Sony Corporation)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-178241157-3166524979-4280168215-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Matheus\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 00:34 - 2014-12-23 21:14 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {13E81C99-E673-4E8E-A412-5E8867DAEE2B} - \Microsoft\Windows\Multimedia\SMupdate3 No Task File <==== ATTENTION
Task: {1A357285-BE0A-4C77-A69E-143661F6C138} - \SPDriver No Task File <==== ATTENTION
Task: {37399520-8644-44A9-9CCB-4A79386650A2} - System32\Tasks\YTDownloader => C:\Program Files (x86)\YTDownloader\YTDownloader.exe <==== ATTENTION
Task: {5B1B0E6A-D8CD-4606-B52C-B227930F210D} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {6CB7D5C3-10AB-4836-91D0-B0914ADDA3E6} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {6D7BB8E3-F85B-4B26-817C-0038B6F94EF4} - \ShopperPro No Task File <==== ATTENTION
Task: {7AF9DF76-440D-46B6-A369-355F6F43BB47} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {AEDC3847-3E0F-4635-B022-6F4BB070A5C4} - \SMupdate1 No Task File <==== ATTENTION
Task: {AFDEC112-CA44-4100-9EAA-CA2A8C282A2E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: {B4A8D1AE-0F26-4985-9172-3B5BFBA9B40B} - \Microsoft\Windows\Maintenance\SMupdate2 No Task File <==== ATTENTION
Task: {EE5FBB41-1DE6-4953-90DC-161ECE47BAF9} - \SPBIW_UpdateTask_Time_323536333932393437382d5755326c785a5a5737414534 No Task File <==== ATTENTION
Task: {F2A4EF5C-F30D-4FCA-B359-76B5F0CD284A} - \ShopperProJSUpd No Task File <==== ATTENTION
Task: {FF9BE4E7-0B6B-4E9D-A8A9-8BFAB65890F6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-12-08] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-10-23 14:06 - 2014-10-30 00:10 - 00117064 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2011-05-31 17:32 - 2011-05-31 17:32 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2014-10-23 14:20 - 2013-05-24 15:12 - 33846336 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe
2014-12-10 09:57 - 2014-12-10 09:57 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9b1cac8d98bd69d3e56a26ff2f96f266\IsdiInterop.ni.dll
2014-10-23 13:16 - 2011-01-12 17:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-11 14:05 - 2014-12-05 23:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-11-30 11:12 - 2014-07-21 14:48 - 00435200 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxcurlu.dll
2014-11-30 11:12 - 2014-07-21 14:28 - 00229888 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\webconnect.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 11341838 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avcodec-54.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00210958 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avutil-52.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00024590 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avdevice-54.dll
2014-11-30 11:12 - 2014-06-27 12:32 - 00432654 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avfilter-3.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 01566222 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\avformat-54.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00098318 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swresample-0.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00357902 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\swscale-2.dll
2014-11-30 11:12 - 2014-06-27 12:32 - 00745472 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\libming.dll
2014-11-30 11:12 - 2014-11-24 11:41 - 00116736 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\rltext2speech.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00098816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\portaudio.dll
2014-11-30 11:12 - 2014-07-21 15:00 - 02082816 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\wxpdfdoc.dll
2014-11-30 11:12 - 2014-06-27 15:25 - 00847440 _____ () C:\Program Files (x86)\ATOMI\ActivePresenter\xulrunner\js3250.dll
2014-10-23 14:20 - 2013-04-12 18:14 - 00557056 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\CommentsSummary.fpi
2014-10-23 14:20 - 2013-03-29 16:00 - 01791488 _____ () C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\Speech.fpi
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: iSkysoft Helper Compact.exe => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
MSCONFIG\startupreg: VirtualCloneDrive => "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-178241157-3166524979-4280168215-500 - Administrator - Disabled)
Guest (S-1-5-21-178241157-3166524979-4280168215-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-178241157-3166524979-4280168215-1002 - Limited - Enabled)
Matheus (S-1-5-21-178241157-3166524979-4280168215-1000 - Administrator - Enabled) => C:\Users\Matheus
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x684
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x18b4
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x15b0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x21e0
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x2270
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x113c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x25b8
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x1100
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x000000000010207b
Faulting process id: 0x2180
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 6.1.7601.17514, time stamp: 0x4ce7abf9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x00000000000506dd
Faulting process id: 0x17bc
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
 
 
System errors:
=============
Error: (01/02/2015 09:46:42 AM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/31/2014 06:47:40 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/27/2014 05:04:52 PM) (Source: volsnap) (EventID: 36) (User: )
Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
 
Error: (12/23/2014 09:14:41 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:14:27 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:14:26 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (12/23/2014 09:13:09 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:11:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Avira Service Host service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (12/23/2014 09:07:37 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (12/23/2014 09:07:21 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
 
Microsoft Office Sessions:
=========================
Error: (01/02/2015 11:15:21 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd68401d0268df16611c8C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll66d65504-9281-11e4-be5d-3859f9ee32ed
 
Error: (01/02/2015 11:12:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b18b401d0268c25fbc5aeC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll10fa417a-9281-11e4-be5d-3859f9ee32ed
 
Error: (01/02/2015 09:15:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b15b001d0267d375a8f42C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll9b929ff1-9270-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:40:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b21e001d02539a201b39fC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll4d22ec7b-912d-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd227001d0253865b76f9cC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllaa72ce34-912b-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 06:28:51 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd113c01d0253825fa32b3C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlla12d72fb-912b-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 04:56:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b25b801d0251c969f6c0bC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dllb3693982-911e-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 02:52:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b110001d0251a1499bf06C:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll5a29cc35-910d-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 10:30:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c0000005000000000010207b218001d024ecf3f1e50eC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dlld5c4186d-90e8-11e4-be5d-3859f9ee32ed
 
Error: (12/31/2014 09:28:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AUDIODG.EXE6.1.7601.175144ce7abf9ntdll.dll6.1.7601.18247521eaf24c000000500000000000506dd17bc01d0245806b95ceaC:\Windows\system32\AUDIODG.EXEC:\Windows\SYSTEM32\ntdll.dll29a18ad3-90e0-11e4-be5d-3859f9ee32ed
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-12-23 21:14:27.039
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:27.023
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.992
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:14:26.977
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.932
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-12-23 21:07:21.901
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2670QM CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8173.22 MB
Available physical RAM: 5553.49 MB
Total Pagefile: 16344.62 MB
Available Pagefile: 13333.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.79 GB) (Free:40.21 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Windows_7_Ultimate_32_Bit) (CDROM) (Total:2.27 GB) (Free:0 GB) UDF
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 31644004)
Partition 1: (Active) - (Size=111.8 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#13 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,030 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:50 AM

Posted 04 January 2015 - 04:28 PM

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#14 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 05 January 2015 - 04:42 PM

# AdwCleaner v4.106 - Report created 05/01/2015 at 18:51:19
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Matheus - MATHEUS-PC
# Running from : C:\Users\Matheus\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdatem
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\Program Files (x86)\YTDownloader
Folder Deleted : C:\Users\Matheus\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Matheus\AppData\Local\CrashRpt
Folder Deleted : C:\Users\Matheus\AppData\Roaming\baidu
Folder Deleted : C:\Users\Public\Documents\baidu
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : ShopperPro
Task Deleted : ShopperProJSUpd
Task Deleted : SMupdate1
Task Deleted : SPDriver
Task Deleted : YTDownloader
 
***** [ Shortcuts ] *****
 
Shortcut Disinfected : C:\Users\Public\Desktop\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Shortcut Disinfected : C:\Users\Matheus\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03C0AC00-86DE-4B55-81BA-2E7CD61C51B1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\BRS
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\iWebar-nv
Key Deleted : HKCU\Software\SecuredDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Object Browser
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\iWebar-nv
Key Deleted : HKLM\SOFTWARE\PIP
Key Deleted : HKLM\SOFTWARE\ShopperPro
Key Deleted : HKLM\SOFTWARE\Baidu
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : [x64] HKLM\SOFTWARE\YTDownloader
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v39.0.2171.95
 
 
*************************
 
AdwCleaner[R0].txt - [3668 octets] - [05/01/2015 18:50:24]
AdwCleaner[S0].txt - [4291 octets] - [05/01/2015 18:51:19]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4351 octets] ##########


#15 pianomath

pianomath
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:06:50 AM

Posted 05 January 2015 - 04:53 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 05/01/2015
Scan Time: 19:44:31
Logfile: 
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2015.01.05.13
Rootkit Database: v2014.12.30.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Matheus
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 339976
Time Elapsed: 6 min, 18 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users