Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"srv" version of .exe files being created


  • This topic is locked This topic is locked
26 replies to this topic

#1 d0dUxDJ

d0dUxDJ

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 20 April 2015 - 08:11 AM

Hello there bleepingcomputer.com, I'm Edoardo and I've been infected by some strange piece of malware. It attached to most of my dll files, exe files, even htm and html files! Not sure about the rest. And when playing certain games, for example, call of duty 4: Modern Warfare, it would create a "srv" copy of the exe that was being ran; for instance, I was using "iw3mp.exe", and when ran, it would generate "iw3mpSrv.exe", which MalwareBytes would detect as "Malware.Packer" and then delete. So what I did was, after many attempts with MalwareBytes (which would detect just a couple of files), was trying out DrWeb CureIt software, and it found a lot of infected files, I just clicked on "Neutralize" and rebooted the system. I'm not sure if the infection is gone though. I'd like technical help if possible.

 

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-04-2015 01
Ran by Edo (administrator) on HAF-X on 20-04-2015 15:00:39
Running from D:\Download
Loaded Profiles: Edo (Available profiles: Edo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-06-18] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2015-04-05] (Intel Corporation)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\MountPoints2: F - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\MountPoints2: {abab7227-cc05-11e4-816d-bc5ff45b0521} - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-08] (Microsoft Corporation)
Startup: C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-04-16]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2460088635-1733690327-3685112268-1000 -> {7432246F-9553-4AF9-9149-BFD1FDEB218B} URL = 
SearchScopes: HKU\S-1-5-21-2460088635-1733690327-3685112268-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95A9A475-92EB-4D83-86B8-82A90908C4FA}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.it/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-02-28]
CHR Extension: (Google Slides) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Tampermonkey) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-20]
CHR Extension: (Google Sheets) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-03-20]
CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-28]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-02-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-20]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-28]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-02-28]
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-03-20]
CHR Extension: (Google Slides) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-20]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-30]
CHR Extension: (Google Sheets) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-03-20]
CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-20]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-03-30]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-20]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-03-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-06-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [129896 2015-04-06] (SeriousBit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-17] ()
S4 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-02-28] (Phoenix Technologies) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [40976 2015-02-05] (SeriousBit)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 15:00 - 2015-04-20 15:00 - 00000000 ____D () C:\FRST
2015-04-20 06:18 - 2015-04-20 06:18 - 02512384 _____ () C:\Users\Edo\Desktop\pb.7z
2015-04-19 21:35 - 2015-04-19 21:35 - 00000000 ____D () C:\Device
2015-04-19 21:33 - 2015-04-19 21:33 - 00000000 ____D () C:\ProgramData\Doctor Web
2015-04-19 21:30 - 2015-04-19 21:35 - 00000000 ____D () C:\Users\Edo\Doctor Web
2015-04-19 21:28 - 2015-04-19 21:26 - 165754296 _____ () C:\Users\Edo\Desktop\xwz8eocj.exe
2015-04-19 21:15 - 2015-04-19 21:15 - 00000000 ____D () C:\Windows\pss
2015-04-19 17:27 - 2015-04-19 17:51 - 00000000 ____D () C:\AdwCleaner
2015-04-19 17:27 - 2015-04-19 17:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAF-X-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 17:27 - 2015-04-19 17:27 - 00000000 ____D () C:\RegBackup
2015-04-19 07:21 - 2015-04-19 07:21 - 00000595 _____ () C:\Users\Edo\Desktop\iw3mp.exe - collegamento.lnk
2015-04-19 07:12 - 2015-04-20 05:57 - 00000982 _____ () C:\Users\Public\Desktop\NetBalancer Tray.lnk
2015-04-19 07:12 - 2015-04-20 05:57 - 00000972 _____ () C:\Users\Public\Desktop\NetBalancer.lnk
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\ProgramData\SeriousBit
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\Program Files\NetBalancer
2015-04-19 07:12 - 2015-02-05 19:47 - 00040976 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Windows\System32\Tasks\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Program Files (x86)\MySQL
2015-04-18 14:33 - 2015-04-20 13:26 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\TS3Client
2015-04-18 07:37 - 2015-04-18 07:37 - 00000713 _____ () C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2015-04-18 06:16 - 2015-04-18 06:16 - 00000000 ____D () C:\Users\Edo\AppData\Local\WinZip
2015-04-18 06:05 - 2015-04-18 06:16 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-18 06:05 - 2015-04-18 06:05 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-04-18 06:05 - 2015-04-18 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-04-18 06:05 - 2015-04-18 06:05 - 00000000 ____D () C:\Program Files\WinZip
2015-04-18 05:42 - 2015-04-19 07:01 - 00000080 _____ () C:\Users\Edo\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-18 05:42 - 2015-04-18 07:37 - 00000000 ____D () C:\Users\Edo\Documents\Rockstar Games
2015-04-18 05:42 - 2015-04-18 07:37 - 00000000 ____D () C:\Users\Edo\AppData\Local\Rockstar Games
2015-04-18 05:42 - 2015-04-18 05:43 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 05:41 - 2015-04-18 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-04-18 05:41 - 2015-04-18 05:43 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Screaming Bee
2015-04-17 10:02 - 2015-04-17 10:04 - 00000000 ____D () C:\ProgramData\Screaming Bee
2015-04-17 10:02 - 2015-04-17 10:02 - 00001734 _____ () C:\Users\Public\Desktop\MorphVOX Pro.lnk
2015-04-17 10:02 - 2015-04-17 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2015-04-16 02:47 - 2015-04-16 02:47 - 00000221 _____ () C:\Users\Edo\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2015-04-15 02:19 - 2015-04-15 02:23 - 00000000 ____D () C:\Users\Edo\AppData\Local\NVIDIA Corporation
2015-04-15 02:19 - 2015-04-15 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-15 02:19 - 2015-04-09 02:58 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-15 02:19 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-15 02:18 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-15 02:18 - 2015-04-09 02:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-15 02:17 - 2015-04-15 02:17 - 00000000 ____D () C:\NVIDIA
2015-04-15 00:24 - 2015-04-15 00:24 - 00000000 ____D () C:\Users\Edo\AppData\Local\ULTIMATE UNLOCKER v3
2015-04-14 21:39 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:39 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:39 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:39 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:39 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:39 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:39 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:39 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:39 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:39 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:39 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:39 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:39 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:39 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:39 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:39 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:39 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:39 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:39 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:39 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:39 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:39 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:39 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:39 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:39 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:39 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:39 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:39 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:39 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:39 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:39 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:39 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:39 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:39 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:39 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:39 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:39 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:39 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:39 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:39 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:39 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:39 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:39 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:39 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:39 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:39 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:39 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:39 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:39 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:39 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:39 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:39 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:39 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:39 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:39 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:39 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:39 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:39 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:39 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:39 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:39 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:39 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:39 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:39 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:39 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:39 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:39 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:39 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:39 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:39 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:39 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:39 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:39 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:39 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:39 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:39 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:39 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:39 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:39 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:39 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:39 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:39 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:39 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:39 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:39 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:39 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:39 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:39 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:38 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:38 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:38 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-10 22:11 - 2015-04-10 22:11 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\MW3 FoV Changer
2015-04-09 19:02 - 2015-04-18 12:49 - 00000000 ____D () C:\Program Files\AutoHotkey
2015-04-09 19:02 - 2015-04-09 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-04-08 04:10 - 2015-04-08 04:10 - 00000771 _____ () C:\Users\Public\Desktop\SpeedRunners.lnk
2015-04-08 04:10 - 2015-04-08 04:10 - 00000000 ____D () C:\Users\Edo\Documents\SavedGames
2015-04-08 04:10 - 2015-04-08 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-07 02:25 - 2015-04-07 20:08 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Gyazo
2015-04-07 02:24 - 2015-04-07 03:24 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-04-07 02:24 - 2015-04-07 02:24 - 00003732 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-04-07 02:24 - 2015-04-07 02:24 - 00000996 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-04-07 02:24 - 2015-04-07 02:24 - 00000996 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-04-07 02:24 - 2015-04-07 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-04-05 22:09 - 2015-04-05 22:09 - 00000739 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-05 20:46 - 2015-04-05 20:46 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____D () C:\ProgramData\Intel
2015-04-05 20:46 - 2014-05-27 11:21 - 00025800 _____ () C:\Windows\system32\Drivers\INETMON.sys
2015-04-05 20:45 - 2015-04-05 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-05 19:07 - 2015-04-05 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2015-04-04 21:25 - 2015-04-04 21:25 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Kolben Games
2015-04-04 21:25 - 2015-04-04 21:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-04-04 17:50 - 2015-04-04 17:50 - 00000222 _____ () C:\Users\Edo\Desktop\The Binding of Isaac Rebirth.url
2015-03-30 17:49 - 2015-04-03 15:53 - 00000000 ____D () C:\ProgramData\{1eafdd21-8905-a348-1eaf-fdd218907486}
2015-03-30 15:48 - 2015-03-30 23:57 - 12025344 _____ () C:\Users\Edo\Documents\locale_it.epk
2015-03-29 23:50 - 2015-03-29 23:51 - 15804416 _____ () C:\Users\Edo\Documents\item.epk
2015-03-29 14:56 - 2015-03-29 14:56 - 00000222 _____ () C:\Users\Edo\Desktop\Commando Jack.url
2015-03-29 08:00 - 2015-03-29 08:00 - 00000765 _____ () C:\Users\Public\Desktop\Metin2.lnk
2015-03-29 08:00 - 2015-03-29 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-03-29 07:51 - 2015-03-29 07:51 - 00000000 ____D () C:\Users\Edo\AppData\Local\Gameforge4d
2015-03-29 07:51 - 2015-03-29 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-28 20:26 - 2015-03-28 20:26 - 00001378 _____ () C:\Users\Edo\Desktop\Rotten Root.lnk
2015-03-25 02:13 - 2015-03-25 02:13 - 00000000 ____D () C:\Users\Edo\Desktop\Robe
2015-03-25 00:35 - 2015-04-20 14:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-25 00:35 - 2015-03-25 00:35 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-25 00:35 - 2015-03-25 00:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-25 00:35 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-25 00:35 - 2015-03-17 07:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-25 00:35 - 2015-03-17 07:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-25 00:35 - 2015-03-17 07:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-24 21:36 - 2015-03-24 21:36 - 00589618 _____ () C:\Users\Edo\Documents\Welcome to Lithuania ritornello.wav
2015-03-24 14:58 - 2015-03-24 14:58 - 00001026 _____ () C:\Users\Edo\Desktop\RepZ MW2.lnk
2015-03-24 02:46 - 2015-03-29 08:06 - 00000000 ____D () C:\Users\Edo\Downloads\Gameforge Live
2015-03-22 17:32 - 2015-03-22 17:32 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\TeamViewer
2015-03-22 16:53 - 2015-03-22 16:53 - 00000755 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-03-22 16:53 - 2015-03-22 16:53 - 00000755 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-21 20:17 - 2015-04-18 16:04 - 00000000 ____D () C:\Users\Edo\Documents\Visual Studio 2013
2015-03-21 20:09 - 2015-03-21 20:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-03-21 20:08 - 2015-03-21 20:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 SDK
2015-03-21 20:08 - 2015-03-21 20:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-03-21 20:06 - 2015-03-21 20:06 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2015-03-21 19:41 - 2015-03-21 20:11 - 00000000 ____D () C:\Program Files\IIS Express
2015-03-21 19:41 - 2015-03-21 20:11 - 00000000 ____D () C:\Program Files (x86)\IIS Express
2015-03-21 19:40 - 2015-03-21 19:40 - 00000000 ____D () C:\Program Files\IIS
2015-03-21 19:40 - 2015-03-21 19:40 - 00000000 ____D () C:\Program Files (x86)\IIS
2015-03-21 19:32 - 2015-03-21 19:36 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2015-03-21 19:31 - 2015-03-21 19:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Help Viewer
2015-03-21 19:25 - 2015-04-18 16:13 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-03-21 19:25 - 2015-03-21 20:30 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-21 19:25 - 2015-03-21 20:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-21 19:12 - 2015-04-18 16:15 - 00000000 ____D () C:\Windows\system32\1033
2015-03-21 19:12 - 2015-04-18 16:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-03-21 18:38 - 2015-03-21 18:38 - 00000000 ____D () C:\Users\Edo\Documents\GitHub
2015-03-21 18:32 - 2015-03-21 18:39 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\GitHub
2015-03-21 18:32 - 2015-03-21 18:39 - 00000000 ____D () C:\Users\Edo\AppData\Local\GitHub
2015-03-21 18:32 - 2015-03-21 18:32 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GitHub, Inc
2015-03-21 18:20 - 2015-03-21 18:20 - 00000000 ____D () C:\Users\Edo\AppData\Local\Red Gate
2015-03-21 18:20 - 2015-03-21 18:20 - 00000000 ____D () C:\Users\Edo\AppData\Local\IsolatedStorage
2015-03-21 18:20 - 2015-03-21 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Red Gate
2015-03-21 18:20 - 2015-03-21 18:20 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-03-21 18:20 - 2015-03-21 18:20 - 00000000 ____D () C:\Program Files (x86)\Red Gate
2015-03-21 18:01 - 2015-03-25 00:48 - 00000000 ____D () C:\Program Files (x86)\HexEdit
2015-03-21 18:01 - 2015-03-21 18:01 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\ECSoftware
2015-03-21 18:01 - 2015-03-21 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2015-03-21 17:39 - 2015-03-21 17:39 - 00001595 _____ () C:\Users\Edo\Desktop\muh unpublished.lnk
2015-03-21 10:44 - 2015-03-21 10:44 - 00000880 _____ () C:\Users\Public\Desktop\Titanfall.lnk
2015-03-21 10:44 - 2015-03-21 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Titanfall
2015-03-21 06:06 - 2015-03-21 06:06 - 00000876 _____ () C:\Users\Public\Desktop\Battlefield 3.lnk
2015-03-21 06:06 - 2015-03-21 06:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
2015-03-21 02:22 - 2015-03-21 02:23 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\OBS
2015-03-21 01:05 - 2015-02-23 03:00 - 00004240 _____ () C:\Users\Edo\Documents\MOM GET THE CAMERA.mp3.sfk
2015-03-21 01:05 - 2015-02-23 02:48 - 00033832 _____ () C:\Users\Edo\Documents\OOOOOOOOHMYGOOOOD.mp3.sfk
2015-03-21 01:05 - 2015-02-11 02:15 - 00002872 _____ () C:\Users\Edo\Documents\hehe boooy.MP3.sfk
2015-03-21 01:05 - 2015-02-06 14:11 - 00259616 _____ () C:\Users\Edo\Documents\nukecompetitive#2.veg
2015-03-21 01:05 - 2014-12-31 08:12 - 00331770 _____ () C:\Users\Edo\Documents\ts3_clientui-win64-1407159763-2014-12-31 07_12_36.694435.dmp
2015-03-21 01:05 - 2014-08-12 22:57 - 00369456 _____ () C:\Users\Edo\Documents\icsdididid.wav
2015-03-21 01:05 - 2014-08-01 20:17 - 00010903 _____ () C:\Users\Edo\Documents\syntax.zip
2015-03-21 01:05 - 2014-05-07 20:44 - 02986038 _____ () C:\Users\Edo\Documents\Nuova immagine bitmap.bmp
2015-03-21 01:05 - 2014-03-15 14:23 - 00002376 _____ () C:\Users\Edo\Documents\MumbleAutomaticCertificateBackup.p12
2015-03-21 01:05 - 2013-09-06 16:02 - 00010760 _____ () C:\Users\Edo\Documents\Rhon è sexy porco il papa.veg
2015-03-21 01:05 - 2013-09-06 15:44 - 00010888 _____ () C:\Users\Edo\Documents\Rhon è sexy porco il papa.veg.bak
2015-03-21 01:05 - 2013-09-02 16:47 - 00000104 _____ () C:\Users\Edo\Documents\LOLLAI.ahk
2015-03-21 01:05 - 2013-03-14 17:36 - 20832186 _____ () C:\Users\Edo\Documents\Leone Di Lernia FOGGIA STYLE (Gangnam style).flv
2015-03-21 01:04 - 2015-04-19 21:35 - 00000000 ____D () C:\Users\Edo\Documents\aeris dll
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\FIFA 13
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\C9
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\Battlefield 4
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\Battlefield 3
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\AutoHotkey
2015-03-21 01:04 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\3DMark 11
2015-03-21 01:04 - 2015-02-01 04:40 - 00022264 _____ () C:\Users\Edo\Documents\first video brah.veg
2015-03-21 01:04 - 2015-01-25 04:49 - 00508044 _____ () C:\Users\Edo\Documents\cc_20150125_034849.reg
2015-03-21 01:04 - 2014-07-03 20:09 - 00000651 _____ () C:\Users\Edo\Documents\Edo - collegamento.lnk
2015-03-21 01:04 - 2013-09-06 16:14 - 06860328 _____ () C:\Users\Edo\Documents\Dread 10 ore.veg
2015-03-21 01:04 - 2013-03-07 20:38 - 00000097 _____ () C:\Users\Edo\Documents\DUPE.ahk
2015-03-21 01:04 - 2013-03-07 20:36 - 00001351 _____ () C:\Users\Edo\Documents\AutoHotkey.ahk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 14:59 - 2015-02-28 06:54 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-20 14:28 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 14:28 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 13:30 - 2015-02-28 13:01 - 00741386 _____ () C:\Windows\system32\perfh010.dat
2015-04-20 13:30 - 2015-02-28 13:01 - 00147440 _____ () C:\Windows\system32\perfc010.dat
2015-04-20 13:30 - 2009-07-14 07:13 - 01661180 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 13:29 - 2015-02-28 05:51 - 01253361 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 13:26 - 2015-03-09 15:43 - 00747934 _____ () C:\Windows\PFRO.log
2015-04-20 13:26 - 2015-02-28 13:26 - 00017944 _____ () C:\Windows\setupact.log
2015-04-20 13:26 - 2015-02-28 07:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-20 13:26 - 2015-02-28 06:54 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-20 13:26 - 2015-02-28 05:51 - 00000000 ____D () C:\Users\Edo
2015-04-20 13:26 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-19 23:10 - 2015-03-10 18:50 - 00017388 _____ () C:\Windows\system32\lvcoinst.log
2015-04-19 23:00 - 2015-03-17 18:15 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\EditPlus 3
2015-04-19 22:59 - 2015-03-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Loader
2015-04-19 22:59 - 2015-03-17 18:15 - 00000000 ____D () C:\Program Files (x86)\EditPlus 3
2015-04-19 22:59 - 2015-02-28 07:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-19 21:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2015-04-19 17:28 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2015-04-19 17:23 - 2009-07-14 06:45 - 00303968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-19 07:12 - 2015-03-10 12:25 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\uTorrent
2015-04-18 16:15 - 2015-03-11 17:39 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-18 16:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-18 16:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-18 16:06 - 2015-02-28 06:54 - 00067944 _____ () C:\Users\Edo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 14:32 - 2015-03-08 17:14 - 00275955 _____ () C:\Windows\DirectX.log
2015-04-18 14:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2015-04-18 11:26 - 2015-02-28 13:14 - 00004448 _____ () C:\Windows\windefendam.log
2015-04-18 11:26 - 2015-02-28 13:14 - 00000020 _____ () C:\Windows\capsys184523.log
2015-04-18 10:36 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-18 10:36 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-18 07:37 - 2015-02-28 07:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-18 07:35 - 2015-02-28 07:16 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Skype
2015-04-17 16:47 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-17 16:47 - 2015-03-08 14:36 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-17 06:01 - 2015-02-28 06:54 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 07:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:02 - 2015-02-28 07:03 - 01635066 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 02:39 - 2015-03-11 16:21 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Audacity
2015-04-15 02:23 - 2015-02-28 07:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-15 02:19 - 2015-02-28 07:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-15 02:19 - 2015-02-28 07:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-09 19:02 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew
2015-04-09 02:58 - 2015-03-18 20:47 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2015-02-28 07:03 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2015-02-28 07:03 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2015-02-28 07:03 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 04:40 - 2015-02-28 07:05 - 00000000 ____D () C:\Users\Edo\AppData\Local\Adobe
2015-04-05 20:54 - 2015-02-28 07:37 - 00002049 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-04-05 20:46 - 2015-02-28 13:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-05 20:46 - 2012-01-27 01:39 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2015-04-05 20:46 - 2012-01-27 01:39 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2015-04-05 20:46 - 2012-01-27 01:39 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2015-04-05 20:46 - 2009-07-14 13:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-04-05 20:45 - 2015-02-28 13:39 - 00000000 ____D () C:\Program Files\Intel
2015-04-05 20:45 - 2015-02-28 13:30 - 00012314 _____ () C:\Windows\DPINST.LOG
2015-04-04 17:53 - 2015-02-28 07:06 - 00000000 ____D () C:\Users\Edo\Documents\my games
2015-04-03 15:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-04-02 19:16 - 2015-03-11 18:01 - 00001207 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-03-29 15:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2015-03-25 15:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-03-25 00:48 - 2015-02-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Lame For Audacity
2015-03-25 00:48 - 2015-02-28 07:47 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-03-25 00:48 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-03-21 20:06 - 2015-03-17 00:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-03-21 18:32 - 2015-02-28 06:54 - 00000000 ____D () C:\Users\Edo\AppData\Local\Deployment
2015-03-21 17:21 - 2015-03-09 18:11 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Adobe
2015-03-21 17:15 - 2015-03-20 22:02 - 00000000 ____D () C:\ProgramData\Origin
2015-03-21 10:44 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-03-21 01:05 - 2015-02-28 07:38 - 00000000 ____D () C:\Users\Edo\Documents\Action!
 
==================== Files in the root of some directories =======
 
2015-04-08 04:10 - 2015-04-08 04:10 - 0001576 _____ () C:\Users\Edo\AppData\Roaming\SpeedRunnersLog.txt
 
Some content of TEMP:
====================
C:\Users\Edo\AppData\Local\Temp\130704560093586881.exe
C:\Users\Edo\AppData\Local\Temp\13070456009906719407.exe
C:\Users\Edo\AppData\Local\Temp\bitool.dll
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\ose00000.exe
C:\Users\Edo\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-15 05:35
 
==================== End Of Log ============================
 
Attached addition.txt file as requested.

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,703 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 25 April 2015 - 08:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/573803 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 25 April 2015 - 09:46 AM

Well I clearly described the problems I'm having. After the DrWeb CureIt software ran the scan and neutralized the threats, no more .srv files are being created, but I am not sure whether the infection is completely gone or not.

Sometimes I see a DOS window named "taskeng.exe" which appears on the screen, runs something too fast to see what it writes on screen, and then closes itself.

 

New FRST log below: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by Edo (administrator) on HAF-X on 25-04-2015 16:44:58
Running from C:\Users\Edo\Desktop
Loaded Profiles: Edo (Available profiles: Edo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Italiano (Italia)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Disc Soft Ltd) C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
(Valve Corporation) D:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) D:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2673296 2015-04-09] (NVIDIA Corporation)
HKLM\...\Run: [ISCT Tray] => C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe [5860656 2014-06-18] (Intel Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [RoccatKonePure] => C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.EXE [561152 2014-01-20] (ROCCAT GmbH)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2015-04-05] (Intel Corporation)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [5583120 2015-02-27] (Disc Soft Ltd)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095840 2014-10-27] (Nota Inc.)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\RunOnce: [Application Restart #0] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\MountPoints2: F - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\...\MountPoints2: {abab7227-cc05-11e4-816d-bc5ff45b0521} - F:\setup\rsrc\Autorun.exe
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2015-03-08] (Microsoft Corporation)
Startup: C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk [2015-04-16]
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-02-11] ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2460088635-1733690327-3685112268-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/it-it/?ocid=iehp
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2460088635-1733690327-3685112268-1000 -> {7432246F-9553-4AF9-9149-BFD1FDEB218B} URL = 
SearchScopes: HKU\S-1-5-21-2460088635-1733690327-3685112268-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = 
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-10] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-10] (Oracle Corporation)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{95A9A475-92EB-4D83-86B8-82A90908C4FA}: [NameServer] 8.8.8.8,8.8.4.4
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-02-15] (Adobe Systems)
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-10] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-04-08] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-02-15] (Adobe Systems)
FF Plugin HKU\S-1-5-21-2460088635-1733690327-3685112268-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Edo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-03-27] (Unity Technologies ApS)
 
Chrome: 
=======
CHR HomePage: Profile 1 -> hxxp://www.google.it/
CHR StartupUrls: Profile 1 -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-02-28]
CHR Extension: (Google Slides) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-28]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-02-28]
CHR Extension: (Google Docs) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-28]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-28]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-02-28]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-28]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-28]
CHR Extension: (Tampermonkey) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-20]
CHR Extension: (Google Sheets) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-28]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-03-20]
CHR Extension: (AdBlock) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-02-28]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-02-28]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-20]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-02-28]
CHR Extension: (Google Wallet) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-28]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-28]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-02-28]
CHR Profile: C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Steam Community SteamRep Integration) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aaclmldkenecanphogeaacolljiphmnk [2015-03-20]
CHR Extension: (Google Slides) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-20]
CHR Extension: (Steam item search between friends.) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ajlddciniccidokpjhppahkoefohkchg [2015-03-20]
CHR Extension: (Google Docs) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-20]
CHR Extension: (Google Drive) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-20]
CHR Extension: (MEGA) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2015-03-20]
CHR Extension: (YouTube) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-20]
CHR Extension: (Google Search) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-20]
CHR Extension: (Tampermonkey) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2015-03-30]
CHR Extension: (Google Sheets) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-20]
CHR Extension: (Stylish) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe [2015-03-20]
CHR Extension: (BetaFish Adblocker) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-03-20]
CHR Extension: (Bookmark Manager) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (Last.fm Scrobbler) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\hhinaapppaileiechjoiifaancjggfjm [2015-03-30]
CHR Extension: (Reddit Enhancement Suite) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2015-03-20]
CHR Extension: (Window Resizer) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\kkelicaakdanhinjdeammmilcgefonfh [2015-03-20]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-20]
CHR Extension: (Gmail) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-20]
CHR Extension: (Reddit Trading Flair Linker Enhanced) - C:\Users\Edo\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pnahghpneiabcncanmccahgloopbbbgp [2015-03-20]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ACTION_SVC; C:\Program Files (x86)\Mirillis\Action!\action_svc.exe [16064 2014-10-25] ()
R3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152144 2015-04-09] (NVIDIA Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319376 2014-10-02] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [209712 2014-06-18] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S4 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [129896 2015-04-06] (SeriousBit)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1878672 2015-04-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [22995600 2015-04-09] (NVIDIA Corporation)
S4 Origin Client Service; D:\Program Files (x86)\Origin\OriginClientService.exe [1910640 2015-03-20] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-04-17] ()
S4 TeamViewer; D:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DrvAgent64; C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS [13824 2015-02-28] (Phoenix Technologies) [File not signed]
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-17] (Disc Soft Ltd)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [22216 2014-05-27] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [22728 2014-05-27] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [25800 2014-05-27] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD.sys [44744 2014-05-27] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [40976 2015-02-05] (SeriousBit)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-04-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2015-02-05] (NVIDIA Corporation)
S3 WinRing0_1_2_0; D:\Program Files (x86)\RealTemp\WinRing0x64.sys [14544 2008-07-26] (OpenLibSys.org)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 16:44 - 2015-04-25 16:44 - 02099712 _____ (Farbar) C:\Users\Edo\Desktop\FRST64.exe
2015-04-24 16:46 - 2015-04-24 16:46 - 00000000 __SHD () C:\Users\Edo\AppData\Local\EmieUserList
2015-04-24 16:46 - 2015-04-24 16:46 - 00000000 __SHD () C:\Users\Edo\AppData\Local\EmieSiteList
2015-04-24 16:46 - 2015-04-24 16:46 - 00000000 __SHD () C:\Users\Edo\AppData\Local\EmieBrowserModeList
2015-04-23 18:34 - 2015-04-23 18:34 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Unity
2015-04-23 18:17 - 2015-04-23 18:17 - 00000000 ____D () C:\Users\Edo\AppData\Local\Unity
2015-04-23 15:33 - 2015-04-23 18:16 - 00010789 _____ () C:\Users\Edo\Desktop\cheryl maths problem.txt
2015-04-23 00:28 - 2015-04-23 00:28 - 00000739 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-04-23 00:28 - 2015-04-23 00:28 - 00000739 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-04-22 21:14 - 2015-04-22 21:14 - 05958811 _____ () C:\Users\Edo\Documents\white boy can rap fast as hell.mp4
2015-04-22 21:14 - 2015-04-22 21:14 - 01414561 _____ () C:\Users\Edo\Documents\white boy can rap fast as hell 128 kbps (Audio Only).m4a
2015-04-22 10:52 - 2015-04-22 10:52 - 00000814 _____ () C:\Users\Edo\Desktop\Counter-Strike WaRzOnE.lnk
2015-04-22 10:52 - 2015-04-22 10:52 - 00000712 _____ () C:\Users\Edo\Desktop\Half-Life WaRzOnE.lnk
2015-04-22 10:52 - 2015-04-22 10:52 - 00000646 _____ () C:\Users\Edo\Desktop\HLDS.lnk
2015-04-22 10:52 - 2015-04-22 10:52 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HLDS
2015-04-22 10:52 - 2015-04-22 10:52 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Half-Life
2015-04-22 10:52 - 2015-04-22 10:52 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike
2015-04-20 16:53 - 2015-04-20 16:53 - 00001072 _____ () C:\Users\Edo\Desktop\MW3 FoV Changer.exe - collegamento.lnk
2015-04-20 15:25 - 2015-04-24 15:44 - 00001021 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-04-20 15:25 - 2015-04-20 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-04-20 15:25 - 2015-04-20 15:25 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-04-20 15:01 - 2015-04-25 16:44 - 00022537 _____ () C:\Users\Edo\Desktop\FRST.txt
2015-04-20 15:01 - 2015-04-20 15:01 - 00039708 _____ () C:\Users\Edo\Desktop\Addition.txt
2015-04-20 15:00 - 2015-04-25 16:44 - 00000000 ____D () C:\FRST
2015-04-20 06:18 - 2015-04-20 06:18 - 02512384 _____ () C:\Users\Edo\Desktop\pb.7z
2015-04-19 21:35 - 2015-04-19 21:35 - 00000000 ____D () C:\Device
2015-04-19 21:33 - 2015-04-19 21:33 - 00000000 ____D () C:\ProgramData\Doctor Web
2015-04-19 21:30 - 2015-04-19 21:35 - 00000000 ____D () C:\Users\Edo\Doctor Web
2015-04-19 21:28 - 2015-04-19 21:26 - 165754296 _____ () C:\Users\Edo\Desktop\xwz8eocj.exe
2015-04-19 21:15 - 2015-04-19 21:15 - 00000000 ____D () C:\Windows\pss
2015-04-19 17:27 - 2015-04-19 17:51 - 00000000 ____D () C:\AdwCleaner
2015-04-19 17:27 - 2015-04-19 17:27 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HAF-X-Windows-7-Home-Premium-(64-bit).dat
2015-04-19 17:27 - 2015-04-19 17:27 - 00000000 ____D () C:\RegBackup
2015-04-19 07:21 - 2015-04-19 07:21 - 00000595 _____ () C:\Users\Edo\Desktop\iw3mp.exe - collegamento.lnk
2015-04-19 07:12 - 2015-04-20 05:57 - 00000982 _____ () C:\Users\Public\Desktop\NetBalancer Tray.lnk
2015-04-19 07:12 - 2015-04-20 05:57 - 00000972 _____ () C:\Users\Public\Desktop\NetBalancer.lnk
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\ProgramData\SeriousBit
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBalancer
2015-04-19 07:12 - 2015-04-19 07:12 - 00000000 ____D () C:\Program Files\NetBalancer
2015-04-19 07:12 - 2015-02-05 19:47 - 00040976 _____ (SeriousBit) C:\Windows\system32\Drivers\nbdrv.sys
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Windows\System32\Tasks\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2015-04-18 16:15 - 2015-04-18 16:15 - 00000000 ____D () C:\Program Files (x86)\MySQL
2015-04-18 14:33 - 2015-04-25 16:23 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\TS3Client
2015-04-18 07:37 - 2015-04-18 07:37 - 00000713 _____ () C:\Users\Public\Desktop\Grand Theft Auto V.lnk
2015-04-18 06:16 - 2015-04-18 06:16 - 00000000 ____D () C:\Users\Edo\AppData\Local\WinZip
2015-04-18 06:05 - 2015-04-18 06:16 - 00000000 ____D () C:\ProgramData\WinZip
2015-04-18 06:05 - 2015-04-18 06:05 - 00002221 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-04-18 06:05 - 2015-04-18 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-04-18 06:05 - 2015-04-18 06:05 - 00000000 ____D () C:\Program Files\WinZip
2015-04-18 05:42 - 2015-04-22 11:19 - 00000080 _____ () C:\Users\Edo\AppData\Local剜捯獫慴⁲慇敭屳呇⁁屖湥楴汴浥湥⹴湩潦
2015-04-18 05:42 - 2015-04-18 07:37 - 00000000 ____D () C:\Users\Edo\Documents\Rockstar Games
2015-04-18 05:42 - 2015-04-18 07:37 - 00000000 ____D () C:\Users\Edo\AppData\Local\Rockstar Games
2015-04-18 05:42 - 2015-04-18 05:43 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-04-18 05:41 - 2015-04-18 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
2015-04-18 05:41 - 2015-04-18 05:43 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-04-17 10:04 - 2015-04-17 10:04 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Screaming Bee
2015-04-17 10:02 - 2015-04-17 10:04 - 00000000 ____D () C:\ProgramData\Screaming Bee
2015-04-17 10:02 - 2015-04-17 10:02 - 00001734 _____ () C:\Users\Public\Desktop\MorphVOX Pro.lnk
2015-04-17 10:02 - 2015-04-17 10:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Screaming Bee
2015-04-16 02:47 - 2015-04-16 02:47 - 00000221 _____ () C:\Users\Edo\Desktop\Call of Duty Modern Warfare 3 - Multiplayer.url
2015-04-15 02:19 - 2015-04-15 02:23 - 00000000 ____D () C:\Users\Edo\AppData\Local\NVIDIA Corporation
2015-04-15 02:19 - 2015-04-15 02:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-04-15 02:19 - 2015-04-09 02:58 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01570672 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-04-15 02:19 - 2015-04-09 02:58 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-04-15 02:19 - 2015-04-08 22:32 - 00560968 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-04-15 02:18 - 2015-04-09 02:58 - 31570064 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 30397072 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 25375048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 24053576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 15818528 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 15716232 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 14006752 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 12852784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 11380728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 10423952 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-04-15 02:18 - 2015-04-09 02:58 - 03317344 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 02896528 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 02573456 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01895568 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435012.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435012.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01086424 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01047368 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 01037640 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00970568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00962192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00927440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00499344 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00402576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00390472 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00346256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-04-15 02:18 - 2015-04-09 02:58 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-04-15 02:17 - 2015-04-15 02:17 - 00000000 ____D () C:\NVIDIA
2015-04-15 00:24 - 2015-04-15 00:24 - 00000000 ____D () C:\Users\Edo\AppData\Local\ULTIMATE UNLOCKER v3
2015-04-14 21:39 - 2015-04-02 02:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-14 21:39 - 2015-04-02 01:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-14 21:39 - 2015-03-25 05:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-14 21:39 - 2015-03-25 05:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-14 21:39 - 2015-03-25 05:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-14 21:39 - 2015-03-25 05:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-14 21:39 - 2015-03-25 05:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-14 21:39 - 2015-03-25 05:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-14 21:39 - 2015-03-17 07:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-14 21:39 - 2015-03-17 07:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-14 21:39 - 2015-03-17 07:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-14 21:39 - 2015-03-17 07:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-14 21:39 - 2015-03-17 07:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-14 21:39 - 2015-03-17 07:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-14 21:39 - 2015-03-17 07:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-14 21:39 - 2015-03-17 07:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-14 21:39 - 2015-03-17 07:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-14 21:39 - 2015-03-17 07:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-14 21:39 - 2015-03-17 07:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-14 21:39 - 2015-03-17 07:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-14 21:39 - 2015-03-17 07:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 07:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-14 21:39 - 2015-03-17 07:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-14 21:39 - 2015-03-17 06:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-14 21:39 - 2015-03-17 06:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-14 21:39 - 2015-03-17 06:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-14 21:39 - 2015-03-17 06:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-14 21:39 - 2015-03-17 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-14 21:39 - 2015-03-17 06:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-14 21:39 - 2015-03-17 06:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 06:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-14 21:39 - 2015-03-17 05:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-14 21:39 - 2015-03-17 05:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-14 21:39 - 2015-03-17 05:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-14 21:39 - 2015-03-13 06:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-14 21:39 - 2015-03-13 06:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-14 21:39 - 2015-03-13 06:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-14 21:39 - 2015-03-13 06:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-14 21:39 - 2015-03-13 06:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-14 21:39 - 2015-03-13 06:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-14 21:39 - 2015-03-13 06:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-14 21:39 - 2015-03-13 06:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-14 21:39 - 2015-03-13 06:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-14 21:39 - 2015-03-13 06:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-14 21:39 - 2015-03-13 05:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-14 21:39 - 2015-03-13 05:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-14 21:39 - 2015-03-13 05:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-14 21:39 - 2015-03-13 05:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-14 21:39 - 2015-03-13 05:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-14 21:39 - 2015-03-13 05:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-14 21:39 - 2015-03-13 05:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-14 21:39 - 2015-03-13 05:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-14 21:39 - 2015-03-13 05:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-14 21:39 - 2015-03-13 05:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-14 21:39 - 2015-03-13 05:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-14 21:39 - 2015-03-13 05:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-14 21:39 - 2015-03-13 05:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-14 21:39 - 2015-03-13 05:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-14 21:39 - 2015-03-13 05:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-14 21:39 - 2015-03-13 05:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-14 21:39 - 2015-03-13 05:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-14 21:39 - 2015-03-13 05:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-14 21:39 - 2015-03-13 05:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-14 21:39 - 2015-03-13 05:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-14 21:39 - 2015-03-13 05:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-14 21:39 - 2015-03-13 05:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-14 21:39 - 2015-03-13 05:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-14 21:39 - 2015-03-13 05:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-14 21:39 - 2015-03-13 05:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-14 21:39 - 2015-03-13 05:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-14 21:39 - 2015-03-13 05:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-14 21:39 - 2015-03-13 05:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-14 21:39 - 2015-03-13 05:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-14 21:39 - 2015-03-13 05:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-14 21:39 - 2015-03-13 05:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-14 21:39 - 2015-03-13 05:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-14 21:39 - 2015-03-13 04:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-14 21:39 - 2015-03-13 04:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-14 21:39 - 2015-03-13 04:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-14 21:39 - 2015-03-13 04:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-14 21:39 - 2015-03-13 04:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-14 21:39 - 2015-03-13 04:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-14 21:39 - 2015-03-13 04:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-14 21:39 - 2015-03-13 04:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-14 21:39 - 2015-03-13 04:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-14 21:39 - 2015-03-13 04:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-14 21:39 - 2015-03-13 04:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-14 21:39 - 2015-03-13 04:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-14 21:39 - 2015-03-13 04:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-14 21:39 - 2015-03-13 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-14 21:39 - 2015-03-10 05:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-14 21:39 - 2015-03-10 05:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-14 21:39 - 2015-03-10 05:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-14 21:39 - 2015-03-10 05:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-14 21:39 - 2015-03-05 07:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-14 21:39 - 2015-03-05 06:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-14 21:39 - 2015-02-25 05:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-14 21:38 - 2015-03-04 06:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-14 21:38 - 2015-03-04 06:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-14 21:38 - 2015-03-04 06:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-10 22:11 - 2015-04-10 22:11 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\MW3 FoV Changer
2015-04-09 19:02 - 2015-04-18 12:49 - 00000000 ____D () C:\Program Files\AutoHotkey
2015-04-09 19:02 - 2015-04-09 19:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
2015-04-08 04:10 - 2015-04-08 04:10 - 00000771 _____ () C:\Users\Public\Desktop\SpeedRunners.lnk
2015-04-08 04:10 - 2015-04-08 04:10 - 00000000 ____D () C:\Users\Edo\Documents\SavedGames
2015-04-08 04:10 - 2015-04-08 04:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\(Default)
2015-04-07 02:25 - 2015-04-07 20:08 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Gyazo
2015-04-07 02:24 - 2015-04-07 03:24 - 00000000 ____D () C:\Program Files (x86)\Gyazo
2015-04-07 02:24 - 2015-04-07 02:24 - 00003732 _____ () C:\Windows\System32\Tasks\GyazoUpdateTaskMachine
2015-04-07 02:24 - 2015-04-07 02:24 - 00000996 _____ () C:\Users\Public\Desktop\Gyazo.lnk
2015-04-07 02:24 - 2015-04-07 02:24 - 00000996 _____ () C:\Users\Public\Desktop\Gyazo GIF.lnk
2015-04-07 02:24 - 2015-04-07 02:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
2015-04-05 20:46 - 2015-04-05 20:46 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_INETMON_01011.Wdf
2015-04-05 20:46 - 2015-04-05 20:46 - 00000000 ____D () C:\ProgramData\Intel
2015-04-05 20:46 - 2014-05-27 11:21 - 00025800 _____ () C:\Windows\system32\Drivers\INETMON.sys
2015-04-05 20:45 - 2015-04-05 20:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-05 19:07 - 2015-04-05 19:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ROCCAT
2015-04-04 21:25 - 2015-04-04 21:25 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Kolben Games
2015-04-04 21:25 - 2015-04-04 21:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft XNA
2015-04-04 17:50 - 2015-04-04 17:50 - 00000222 _____ () C:\Users\Edo\Desktop\The Binding of Isaac Rebirth.url
2015-03-30 17:49 - 2015-04-03 15:53 - 00000000 ____D () C:\ProgramData\{1eafdd21-8905-a348-1eaf-fdd218907486}
2015-03-30 15:48 - 2015-03-30 23:57 - 12025344 _____ () C:\Users\Edo\Documents\locale_it.epk
2015-03-29 23:50 - 2015-03-29 23:51 - 15804416 _____ () C:\Users\Edo\Documents\item.epk
2015-03-29 14:56 - 2015-03-29 14:56 - 00000222 _____ () C:\Users\Edo\Desktop\Commando Jack.url
2015-03-29 08:00 - 2015-03-29 08:00 - 00000765 _____ () C:\Users\Public\Desktop\Metin2.lnk
2015-03-29 08:00 - 2015-03-29 08:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Metin2
2015-03-29 07:51 - 2015-03-29 07:51 - 00000000 ____D () C:\Users\Edo\AppData\Local\Gameforge4d
2015-03-29 07:51 - 2015-03-29 07:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge Live
2015-03-28 20:26 - 2015-03-28 20:26 - 00001378 _____ () C:\Users\Edo\Desktop\Rotten Root.lnk
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 15:59 - 2015-02-28 06:54 - 00001144 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-25 14:11 - 2015-03-25 00:35 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-25 13:58 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-25 13:58 - 2009-07-14 06:45 - 00022784 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-25 13:54 - 2015-02-28 13:01 - 00741386 _____ () C:\Windows\system32\perfh010.dat
2015-04-25 13:54 - 2015-02-28 13:01 - 00147440 _____ () C:\Windows\system32\perfc010.dat
2015-04-25 13:54 - 2009-07-14 07:13 - 01661180 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-25 13:53 - 2015-02-28 05:51 - 01474791 _____ () C:\Windows\WindowsUpdate.log
2015-04-25 13:50 - 2015-02-28 13:26 - 00022900 _____ () C:\Windows\setupact.log
2015-04-25 13:50 - 2015-02-28 07:03 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-25 13:50 - 2015-02-28 06:54 - 00001140 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-25 13:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-23 15:48 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-04-23 15:48 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-04-23 09:38 - 2015-03-08 14:36 - 00281768 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-04-23 00:55 - 2015-03-11 16:21 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Audacity
2015-04-23 00:05 - 2015-03-25 00:35 - 00001116 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-23 00:05 - 2015-03-25 00:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-22 17:39 - 2015-02-28 13:14 - 00004456 _____ () C:\Windows\windefendam.log
2015-04-22 17:39 - 2015-02-28 13:14 - 00000020 _____ () C:\Windows\capsys184523.log
2015-04-21 01:28 - 2015-02-28 05:51 - 00000000 ____D () C:\Users\Edo
2015-04-20 22:03 - 2015-03-08 17:14 - 00312749 _____ () C:\Windows\DirectX.log
2015-04-20 19:54 - 2015-03-21 02:22 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\OBS
2015-04-20 19:54 - 2015-02-28 07:35 - 00000000 ____D () C:\Program Files (x86)\OBS
2015-04-20 13:26 - 2015-03-09 15:43 - 00747934 _____ () C:\Windows\PFRO.log
2015-04-19 23:10 - 2015-03-10 18:50 - 00017388 _____ () C:\Windows\system32\lvcoinst.log
2015-04-19 23:00 - 2015-03-17 18:15 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\EditPlus 3
2015-04-19 22:59 - 2015-03-20 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Loader
2015-04-19 22:59 - 2015-03-17 18:15 - 00000000 ____D () C:\Program Files (x86)\EditPlus 3
2015-04-19 21:35 - 2015-03-21 01:04 - 00000000 ____D () C:\Users\Edo\Documents\aeris dll
2015-04-19 21:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Cursors
2015-04-19 17:28 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\Performance
2015-04-19 17:23 - 2009-07-14 06:45 - 00303968 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-19 07:12 - 2015-03-10 12:25 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\uTorrent
2015-04-18 16:15 - 2015-03-21 19:12 - 00000000 ____D () C:\Windows\system32\1033
2015-04-18 16:15 - 2015-03-11 17:39 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-18 16:15 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-04-18 16:15 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-18 16:14 - 2015-03-21 19:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft SDKs
2015-04-18 16:13 - 2015-03-21 19:25 - 00000000 ____D () C:\Windows\SysWOW64\1033
2015-04-18 16:06 - 2015-02-28 06:54 - 00067944 _____ () C:\Users\Edo\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-18 16:04 - 2015-03-21 20:17 - 00000000 ____D () C:\Users\Edo\Documents\Visual Studio 2013
2015-04-18 14:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2015-04-18 07:37 - 2015-02-28 07:50 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-18 07:35 - 2015-02-28 07:16 - 00000000 ____D () C:\Users\Edo\AppData\Roaming\Skype
2015-04-17 16:47 - 2015-03-08 14:36 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-04-17 06:01 - 2015-02-28 06:54 - 00002191 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 07:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-15 03:02 - 2015-02-28 07:03 - 01635066 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-15 02:23 - 2015-02-28 07:03 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-04-15 02:19 - 2015-02-28 07:03 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-04-15 02:19 - 2015-02-28 07:00 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-04-14 09:37 - 2015-03-25 00:35 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2015-03-25 00:35 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2015-03-25 00:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-09 19:02 - 2009-07-14 09:45 - 00000000 ____D () C:\Windows\ShellNew
2015-04-09 02:58 - 2015-03-18 20:47 - 02935416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 17176128 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 14617288 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 12689592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-04-09 02:58 - 2015-02-28 07:01 - 00029329 _____ () C:\Windows\system32\nvinfo.pb
2015-04-08 23:30 - 2015-02-28 07:03 - 06841488 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 03478344 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 00936264 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-04-08 23:30 - 2015-02-28 07:03 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-04-08 23:30 - 2015-02-28 07:03 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-04-08 19:52 - 2015-02-28 07:03 - 04336074 _____ () C:\Windows\system32\nvcoproc.bin
2015-04-06 04:40 - 2015-02-28 07:05 - 00000000 ____D () C:\Users\Edo\AppData\Local\Adobe
2015-04-05 20:54 - 2015-02-28 07:37 - 00002049 _____ () C:\Users\Public\Desktop\Action!.lnk
2015-04-05 20:46 - 2015-02-28 13:26 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-05 20:46 - 2012-01-27 01:39 - 00787736 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2015-04-05 20:46 - 2012-01-27 01:39 - 00356120 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2015-04-05 20:46 - 2012-01-27 01:39 - 00016152 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys
2015-04-05 20:46 - 2009-07-14 13:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-04-05 20:45 - 2015-02-28 13:39 - 00000000 ____D () C:\Program Files\Intel
2015-04-05 20:45 - 2015-02-28 13:30 - 00012314 _____ () C:\Windows\DPINST.LOG
2015-04-04 17:53 - 2015-02-28 07:06 - 00000000 ____D () C:\Users\Edo\Documents\my games
2015-04-03 15:53 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\schemas
2015-04-02 19:16 - 2015-03-11 18:01 - 00001207 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk
2015-03-29 15:28 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system
2015-03-29 08:06 - 2015-03-24 02:46 - 00000000 ____D () C:\Users\Edo\Downloads\Gameforge Live
 
==================== Files in the root of some directories =======
 
2015-04-08 04:10 - 2015-04-08 04:10 - 0001576 _____ () C:\Users\Edo\AppData\Roaming\SpeedRunnersLog.txt
 
Some content of TEMP:
====================
C:\Users\Edo\AppData\Local\Temp\130704560093586881.exe
C:\Users\Edo\AppData\Local\Temp\13070456009906719407.exe
C:\Users\Edo\AppData\Local\Temp\bitool.dll
C:\Users\Edo\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Edo\AppData\Local\Temp\nvStInst.exe
C:\Users\Edo\AppData\Local\Temp\ose00000.exe
C:\Users\Edo\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-24 12:09
 
==================== End Of Log ============================
 
No, i don't have a Windows CD/DVD available.


#4 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 30 April 2015 - 05:03 AM

Hello Edoardo and welcome to BleepingComputer!         :)

 

My name is Sirawit and I'm here to help you.

 

Please note that I'm currently in training and my fixes need to be approved first, that may delay our fix a bit, but I will normally reply back in 24 hours.

 

If I don't reply after 3 days, feel free to PM me.          :)

==========================================================================

Some points for you to keep in mind:

  • Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • Periodically update me on the condition of your computer, and provide detail in every post.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end with some additional information on how to stay malware-free.
  • Lastly, I would like to remind you that most members here are volunteers, and sometimes "real life" can get in the way of our malware hunt. I will notify you if I know I will need to be away for longer than 48 hours.

==========================================================================

 

 

I don't see an Anti Virus Program running on your machine

Download and install an antivirus program, and make sure that you keep it updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
Three good antivirus programs free for non-commercial home use are Avast!Antivir and Microsoft Security Essentials
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#5 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 30 April 2015 - 05:15 AM

Hello Sirawit and thanks for the reply!

I currently have the full version of MalwareBytes (which I know is an anti-malware) installed, and if I remember correctly, it does have real-time protection. Do I really need to install another one? I really like MBAM. I might have disabled some features unintentionally.

Thanks in advance

#6 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 30 April 2015 - 05:21 AM

Hi Edoardo.

 

Although Malwarebytes Anti-malware has real-time protection, it couldn't replace Antivirus software.

 

Read more here: https://support.malwarebytes.org/customer/portal/articles/1834872-does-malwarebytes-anti-malware-replace-antivirus-software-?b_id=6438

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#7 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 30 April 2015 - 05:41 AM

Alright, I installed Avira free version.

Just let me know if I have to post scans or do anything else :)



#8 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 30 April 2015 - 11:43 PM

HI Edoardo.

 

I've submitted my next steps to my instructor and will reply as soon as it got approved.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#9 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 01 May 2015 - 06:37 AM

Alright. In the meantime, I just ran a scan with Avira, which found some files infected with ramnit (which is the infection I was plagued by), and some false positives (with injectors and similar things), I just moved those to quarantine.

 

I'll be waiting for a response, and thanks again.



#10 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 02 May 2015 - 11:47 AM

Important note: The old reply is a mistake and doesn't valid, please read this reply instead.

 

Hi Edoardo.

 

I'm afraid I have very bad news.

Win32/Ramnit (and related variants) is a dangerous file infector with IRCBot functionality which infects .exe, and .HTML/HTM files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files. The infected .HTML or .HTM files may be detected as Virus:VBS/Ramnit.A or VBS/GenericWin32/Ramnit.A!dll is a related file infector often seen with this infection. It too has IRCBot functionality which infects .exe, .dll and .HTML/HTM files and opens a back doorthat compromises your computer. This component is injected into the default web browser by Worm:Win32/Ramnit.A which is dropped by a Ramnit infected executable file.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.

With this particular infection the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? The malware injects code in legitimate files similar to the Virut virus and in many cases the infected files (which could number in thethousandscannot be disinfected properly by your anti-virus. When disinfection is attempted, the files often become corrupted and the system may become unstable or irreparable. The longer Ramnit.A remains on a computer, the more files it infects and corrupts so the degree of damage can vary.

Ramnit is commonly spread via a flash drive (usb, pen, thumb, jump) infection where it copies Worm:Win32/Ramnit.A with a random file name. The infection is often contracted by visiting remotecrack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection. However, a variant called the Ramnit worm targets Facebook users....can bypass two-factor authentication and transaction signing systems, gain remote access to financial institutions and compromise online banking.

In my opinion, Ramnit is not effectively disinfectable, so your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again.It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean,reformat and reinstall the OS. Please read: 

 

Please let me know what do you want to do next.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#11 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 02 May 2015 - 12:43 PM

Hello Sirawit and thanks for the reply. I'd really like to try and remove all the infected files; It's not an issue for me to format the C drive, but I'd rather not format my D drive, which contains a lot of data I'd rather not lose if possible.

The OS is on drive C, so my thought process was something along the lines of:

 

- Make sure my PC is clean from infected data

- Format C drive and clean reinstall Windows 7

 

If that's something we can do, I'd really really like to give it a go. I know formatting is the best choice here, but I don't want to lose 400-500 GB of data. I'd rather lose part of those if it's infected data, no problem with that, but not everything.

 

Thanks in advance. If you think that's not possible, I know how to format myself, I'm not a complete newbie to computers, there's no need to explain that; I just wanted to try and get rid of this without "brute force".

 

Hope you understand :)


Edited by d0dUxDJ, 02 May 2015 - 12:47 PM.


#12 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 05 May 2015 - 07:16 AM

Hi Edoardo.

 

Yes you can keep files on your D drive. Ramnit infects executable files and webpage files, other documents should be safe to open. If you don't save any executable files to your D drive then you can just reformat.

 

But after you reinstall your Windows, please don't open anything there until you has installed+updated your Antivirus software and scan your D drive first. If you need to install any programs or drivers please download fresh copy from vendor's website, don't use old copies.

 

Thank you.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#13 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 05 May 2015 - 07:26 AM

Hello Sirawit, I actually do have executable files on drive D, which would be my steam library, plus a handful of programs. Is there a way you know of to be sure those exes aren't infected? A really powerful tool? I don't mind if part of those has to be deleted, I'd rather redownload a dozen of programs or games rather than 100. If there's no way, I guess I'll just have backup movies pictures and stuff that can't be infected... What would you recommend to do? Is there a way? I will reinstall Windows after the cleanup, whether it'll be a format or a way to clean the D drive 100% without formatting.

Thanks in advance!

#14 Sirawit

Sirawit

    Bleepin' Brony


  • Malware Response Team
  • 4,161 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Thailand
  • Local time:02:26 AM

Posted 05 May 2015 - 07:33 AM

Actually I believe that ramnit already infected all exe files on your system. You don't need to format your D drive. Just don't use any executable files there. If it's a Steam game you can use Steam to redownload damaged files. However, you will need to redownload other programs yourself.


If I don't reply back to you in 2 days, feel free to send me a PM.

 

“You’re lying… just like you were lying to me before. You have to hate me. I’ve been the worst daughter in the world… you should hate me.”

“But I don’t, Nyx. Because, Nyx, I’m your mother, and a mother will always love her daughter, no matter what.” -Past sins by Pen stroke.


#15 d0dUxDJ

d0dUxDJ
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 05 May 2015 - 07:56 AM

I don't know for sure but my files shouldn't be infected, as I mentioned in my first post, I deleted lots of infected files via DrWeb Cure It! (Around 15 thousand if I remember correctly) so most of the system should be clean, what I asked (with probably wrong words) was if there's a way to check for possible, still present, infected files, that way I can delete those remaining infected files and just redownload programs that had infected files and keep clean ones as is. I don't know if this makes any more sense to you, hope it does.

Or, as an alternative, do you know of some file deleter which deletes only an extension you specify? So I could delete all exe and dll files on D and just fix the games via steam / redownload and reinstall programs.

 

UPDATE: Scanned with both MBAM and Avira, no threats found in any drive. Is it safe to assume the files on the D drive are clean now? I know I can redownload damaged files via Steam, but what I was asking is different, basically something really powerful that checks more stuff than MBAM and Avira (which may slip on a threat or two I guess?), and then proceeds to delete or put those threats in quarantine. What I'm asking is, is there a definitive tool or program which detects infected data? Just to be on the safe side, even though MBAM and Avira are pretty powerful. Then yeah, I could use Steam's cache verification to redownload damaged files, but until then...


Edited by d0dUxDJ, 06 May 2015 - 03:02 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users