Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Suspicious boost_interprocess folder


  • This topic is locked This topic is locked
19 replies to this topic

#1 BlackWaves

BlackWaves

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 01 June 2015 - 01:07 PM

Hi , i hope you are fine . I first want to excuse myself for my english , it's not my mother tongue , i can make mistakes

 

Recently , i've been infected by the locker virus , i've paid the ransom (before he uploaded a decrypter XD ) , saved my files and wiped everything then ( new windows , i'm on Windows 8.1 Pro x64 )

 

To protect myself , i'm using Cryptoprevent , MalwareBytes , Hitman Pro , adwcleaner and windows defender

 

In C:\ProgramData , i saw a folder called "boost_interprocess" , inside it there was another folder called "20150527091917.491155" but this last one is empty . What i did is compressing it for further search , then deleted the folder from programdata .

 

Today , after installing some new nvidia drivers , i checked my programdata folder and i found again the boost_interprocess folder , with another folder this time called "20150601082921.491029" , after some search i have found this : http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Backdoor%3AWin32%2FKelihos.A#tab=2 , but i only have an empty folder with no other symptoms

 

I don't understand where it comes from , the antivirus/antimalware programs i have doesn't detect anything wrong or suspicious , Maybe once malwarebytes discovered " PUP.Optional.OpenCandy, C:\Users\Kamal\AppData\Local\Temp\HYDE4C.tmp.1432714464\HTA\install.1432714464.zip " , but i think it's been deleted now , i don't really know

 

I also did a FRST scan , here it is :

 

FRST.txt

 

Quote

 

http://pastebin.com/zYm6eAh0


 

Addition.txt

 

Quote

http://pastebin.com/S6CS41GJ

 

 

Thanks a lot for reading my post , i hope you can help me with my problem , have a nice day !



BC AdBot (Login to Remove)

 


m

#2 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 01 June 2015 - 04:32 PM

Hello BlackWaves and welcome to Bleeping Computer.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

NOTE: Please DO NOT attach logs, just copy and paste them into your reply.

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run AdwCleaner

Download AdwCleaner from here and save it to your desktop.


  • run AdwCleaner
  • when it has finished, select Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

===================================================

Download and run Junkware Removal Tool

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Run Farbar Recovery Scan Tool

Please run FRST again and post the new log plus the Addition.txt[/b] log which was also produced with the first run of FRST.

Logs to include with next post:

AdwCleaner log
JRT.txt
Frst.txt
Addition.txt


Please remember, DO NOT attach them, just copy and paste them into your reply.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 01 June 2015 - 06:20 PM

Hi Satchfan , and thanks for taking from your time to help me

 

Here are the logs you asked me for :

 

AdwCleaner Log :

 

# AdwCleaner v4.206 - Rapport créé le 02/06/2015 à 00:04:14
# Mis à jour le 01/06/2015 par Xplode
# Base de données : 2015-06-01.1 [Serveur]
# Système d'exploitation : Windows 8.1 Pro  (x64)
# Nom d'utilisateur : Kamal - KAMAL-PC
# Exécuté depuis : C:\Users\Kamal\Desktop\adwcleaner_4.206.exe
# Option : Nettoyer

***** [ Services ] *****


***** [ Fichiers / Dossiers ] *****


***** [ Tâches planifiées ] *****


***** [ Raccourcis ] *****


***** [ Registre ] *****


***** [ Navigateurs ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v38.0.1 (x86 fr)


*************************

AdwCleaner[R0].txt - [770 octets] - [29/05/2015 18:10:22]
AdwCleaner[R1].txt - [829 octets] - [29/05/2015 18:11:37]
AdwCleaner[R2].txt - [888 octets] - [29/05/2015 18:26:49]
AdwCleaner[R3].txt - [947 octets] - [30/05/2015 21:15:05]
AdwCleaner[R4].txt - [1012 octets] - [01/06/2015 11:00:55]
AdwCleaner[R5].txt - [1134 octets] - [02/06/2015 00:01:52]
AdwCleaner[S0].txt - [1074 octets] - [01/06/2015 11:01:56]
AdwCleaner[S1].txt - [1056 octets] - [02/06/2015 00:04:14]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1116  octets] ##########
 

 

JRT.txt :

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.7 (06.01.2015:1)
OS: Windows 8.1 Pro x64
Ran by Kamal on 02/06/2015 at  0:06:36,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02/06/2015 at  0:07:46,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 


Frst.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Kamal (administrator) on KAMAL-PC on 02-06-2015 00:10:17
Running from C:\Users\Kamal\Desktop
Loaded Profiles: Kamal (Available Profiles: Kamal)
Platform: Windows 8.1 Pro (X64) OS Language: Français (France)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.11\AsusFanControlService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20856_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2754704 2015-05-23] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7541464 2014-02-18] (Realtek Semiconductor)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [GMouse] => C:\GIGABYTE FORCE\GIGABYTE FORCE.EXE [667648 2011-11-08] ()
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM Group Policy restriction on software: *.gif*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.scr <====== ATTENTION
HKLM Group Policy restriction on software: scsvserv.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: syskey.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: cipher.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.jse <====== ATTENTION
HKLM Group Policy restriction on software: ** <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: vssadmin.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.js <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.js <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.com <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.js <====== ATTENTION
HKLM Group Policy restriction on software: lsassvrtdbks.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *:\$Recycle.Bin <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.docx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.js <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\Appdata\Roaming\Microsoft\Windows\IEUpdate\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.mp4*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programfiles(x86)%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %systemdrive%\*\svchost.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wmv*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.wma*.pif <====== ATTENTION
HKLM Group Policy restriction on software: lsassw86s.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.xls*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pdf*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.xlsx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.zip*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.rtf*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.doc*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.pptx*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.ppt*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.wav*.cmd <====== ATTENTION
HKLM Group Policy restriction on software: *.divx*.bat <====== ATTENTION
HKLM Group Policy restriction on software: *.png*.exe <====== ATTENTION
HKLM Group Policy restriction on software: C:\Users\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.rar*.scr <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.gif*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*\*.js <====== ATTENTION
HKLM Group Policy restriction on software: *.7z*.jse <====== ATTENTION
HKLM Group Policy restriction on software: *.txt*.scr <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.jpg*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.avi*.com <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.bat <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.pub*.pif <====== ATTENTION
HKLM Group Policy restriction on software: *.jpeg*.com <====== ATTENTION
HKLM Group Policy restriction on software: *.mp3*.exe <====== ATTENTION
HKLM Group Policy restriction on software: *.bmp*.com <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\*\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: %allusersprofile%\*.pif <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\*.jse <====== ATTENTION
HKLM Group Policy restriction on software: c:\users\kamal\appdata\roaming\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\LocalLow\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\xboxext.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Local\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %appdata%\utorrent\utorrent.exe <====== ATTENTION
HKLM Group Policy restriction on software: %programdata%\Microsoft\Windows\Start Menu\Programs\Startup\xboxext.exe <====== ATTENTION
HKLM Group Policy restriction on software: %userprofile%\AppData\Roaming\utorrent\utorrent.exe <====== ATTENTION
HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [28920448 2015-05-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2888384 2015-05-15] (Valve Corporation)
Startup: C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XboxExt.exe [2015-05-27] ()
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2248693553-3069304461-830210338-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ar-eg/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-27] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-27] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-27] ()
FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-27] ()
FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [2015-01-13] (EA Digital Illusions CE AB)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-07-03] (Foxit Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-27] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-27] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-05-28] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Extension: MEGA EXTENSION - C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default\Extensions\firefox@mega.co.nz.xpi [2015-05-27]
FF Extension: Adblock Plus - C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-30]
FF HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5 [2015-06-02]
FF HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2014-01-28] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.11\AsusFanControlService.exe [384312 2014-01-28] (ASUSTeK Computer Inc.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
S2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244392 2015-05-11] (Foxit Software Inc.)
S2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1152656 2015-05-23] (NVIDIA Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1893008 2015-05-23] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [23006864 2015-05-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-05-27] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2015-05-27] ()
S2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) [File not signed]
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [792016 2015-02-09] (Tunngle.net GmbH)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-01-28] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [468240 2013-08-29] (Intel Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R1 ISODrive; C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115448 2013-11-21] (EZB Systems, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2015-05-23] (NVIDIA Corporation)
R3 NVVADARM; C:\Windows\system32\drivers\nvvadarm.sys [39056 2015-05-28] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [38032 2015-04-03] (NVIDIA Corporation)
R3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-03-11] ()
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)
R3 xusb22; C:\Windows\system32\DRIVERS\xusb22.sys [87040 2014-11-21] (Microsoft Corporation)
S3 GPU-Z; \??\C:\Users\Kamal\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 00:10 - 2015-06-02 00:10 - 00041081 _____ () C:\Users\Kamal\Desktop\FRST.txt
2015-06-02 00:07 - 2015-06-02 00:07 - 00001048 _____ () C:\Users\Kamal\Desktop\JRT.txt
2015-06-02 00:06 - 2015-06-02 00:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KAMAL-PC-Windows-8.1-Pro-(64-bit).dat
2015-06-02 00:06 - 2015-06-02 00:06 - 00000000 ____D () C:\RegBackup
2015-06-02 00:05 - 2015-06-02 00:05 - 00001197 _____ () C:\Users\Kamal\Desktop\AdwCleaner[S1].txt
2015-06-02 00:01 - 2015-06-01 11:25 - 02108928 _____ (Farbar) C:\Users\Kamal\Desktop\FRST64.exe
2015-06-02 00:00 - 2015-06-02 00:00 - 02947766 _____ (Thisisu) C:\Users\Kamal\Desktop\JRT.exe
2015-06-02 00:00 - 2015-06-01 11:00 - 02231296 _____ () C:\Users\Kamal\Desktop\adwcleaner_4.206.exe
2015-06-01 11:25 - 2015-06-02 00:10 - 00000000 ____D () C:\FRST
2015-06-01 11:21 - 2015-06-01 11:21 - 00000000 ____D () C:\Users\Kamal\AppData\Local\GWX
2015-06-01 10:47 - 2015-06-01 10:47 - 00000261 _____ () C:\Users\Kamal\AppData\Local\GWX.rar
2015-06-01 10:39 - 2015-05-28 04:52 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-06-01 10:38 - 2015-06-01 10:39 - 00000000 ____D () C:\Windows\LastGood.Tmp
2015-06-01 10:38 - 2015-05-28 08:04 - 42719888 _____ () C:\Windows\system32\nvcompiler.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 37741712 _____ () C:\Windows\SysWOW64\nvcompiler.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 30480528 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 22946960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 16185352 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 14495448 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 13304280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 11830512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 10995528 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-06-01 10:38 - 2015-05-28 08:04 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 02599056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435306.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435306.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 01099808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 01059984 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 01050440 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00982856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00974480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00939080 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00878816 _____ () C:\Windows\system32\nvmcumd.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00503408 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00408208 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00407112 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00364176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00175880 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00154256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00150648 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00128512 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00117576 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcaparm.dll
2015-06-01 10:38 - 2015-05-28 08:04 - 00039056 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvadarm.sys
2015-05-31 18:28 - 2015-05-31 18:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-05-30 21:44 - 2015-05-30 21:44 - 00000000 ____D () C:\Windows\CryptoGuard
2015-05-30 14:29 - 2015-05-30 14:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-05-30 14:28 - 2015-05-30 14:28 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-05-30 13:03 - 2015-05-30 13:03 - 00000000 ____D () C:\ProgramData\IDM
2015-05-29 18:10 - 2015-06-02 00:04 - 00000000 ____D () C:\AdwCleaner
2015-05-29 17:50 - 2015-06-01 11:22 - 00000236 _____ () C:\ProgramData\boost_interprocess.rar
2015-05-28 17:38 - 2015-05-28 17:37 - 01734440 _____ (techPowerUp (www.techpowerup.com)) C:\Users\Kamal\Desktop\GPU-Z.0.8.3.exe
2015-05-28 09:41 - 2015-05-28 09:41 - 00000000 ____D () C:\Users\Kamal\AppData\Local\2K Games
2015-05-27 20:41 - 2015-06-01 19:27 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2015-05-27 20:41 - 2015-05-27 20:41 - 00000000 ____D () C:\Users\Kamal\AppData\Local\PunkBuster
2015-05-27 16:50 - 2015-05-27 16:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-27 16:50 - 2015-05-27 16:49 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-27 16:49 - 2015-05-27 16:50 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-27 16:49 - 2015-05-27 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-27 13:56 - 2015-05-27 13:56 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Foxit Reader
2015-05-27 13:28 - 2014-04-16 00:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-05-27 13:28 - 2014-04-16 00:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-05-27 13:25 - 2015-04-24 22:32 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-27 13:25 - 2015-03-05 00:09 - 01429504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-27 13:19 - 2015-05-05 18:59 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-27 13:19 - 2015-05-05 18:59 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-27 13:17 - 2015-05-27 13:19 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-27 13:17 - 2015-05-27 13:17 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-27 13:17 - 2015-05-27 13:17 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-27 13:11 - 2015-03-03 14:17 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-05-27 13:09 - 2015-04-30 21:35 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-27 13:09 - 2015-04-30 21:35 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-27 13:05 - 2015-05-27 13:07 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-27 13:05 - 2015-04-30 10:07 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-27 12:51 - 2015-01-06 04:01 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-05-27 12:51 - 2015-01-06 03:59 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-05-27 12:51 - 2015-01-06 02:12 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-05-27 12:51 - 2015-01-06 02:02 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-05-27 12:45 - 2015-04-21 18:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-27 12:45 - 2015-04-21 17:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-27 12:45 - 2015-04-21 17:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-27 12:45 - 2015-04-21 17:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-27 12:45 - 2015-04-21 17:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-27 12:45 - 2015-04-21 17:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-27 12:45 - 2015-04-21 17:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-27 12:45 - 2015-04-21 17:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-27 12:45 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-27 12:45 - 2015-04-21 17:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-27 12:45 - 2015-04-21 17:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-27 12:45 - 2015-04-21 17:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-27 12:45 - 2015-04-21 17:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-27 12:45 - 2015-04-21 17:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-27 12:45 - 2015-04-21 17:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-27 12:45 - 2015-04-21 16:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-05-27 12:45 - 2015-04-21 16:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-27 12:45 - 2015-04-21 16:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-27 12:45 - 2015-04-21 16:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-27 12:45 - 2015-04-21 16:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-27 12:45 - 2015-04-21 16:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-27 12:45 - 2015-04-21 16:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-27 12:45 - 2015-04-21 16:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-27 12:45 - 2015-04-21 16:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-27 12:45 - 2015-04-21 16:37 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-27 12:45 - 2015-04-21 16:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-27 12:45 - 2015-04-21 16:32 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-05-27 12:45 - 2015-04-21 16:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-27 12:45 - 2015-04-21 16:28 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-27 12:45 - 2015-04-21 16:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-27 12:45 - 2015-04-21 16:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-27 12:45 - 2015-04-21 16:26 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-27 12:45 - 2015-04-21 16:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-27 12:45 - 2015-04-21 16:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-27 12:45 - 2015-04-21 16:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-27 12:45 - 2015-04-21 16:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-27 12:45 - 2015-04-21 16:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-27 12:45 - 2015-04-21 15:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-27 12:45 - 2015-04-21 15:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-27 12:45 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-27 12:45 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-27 12:45 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-27 12:45 - 2015-02-20 02:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-05-27 12:45 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-27 12:45 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-27 12:43 - 2015-02-04 00:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-05-27 12:43 - 2015-02-04 00:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-05-27 12:43 - 2015-02-04 00:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-05-27 12:43 - 2015-02-03 00:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-05-27 12:43 - 2015-02-03 00:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-05-27 12:43 - 2014-12-09 02:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-27 12:43 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-05-27 12:43 - 2014-11-17 21:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-05-27 12:43 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-27 12:43 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-27 12:43 - 2014-11-14 07:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-05-27 12:43 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-05-27 12:43 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-05-27 12:43 - 2014-11-14 07:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-05-27 12:43 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-05-27 12:43 - 2014-11-10 19:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-27 12:43 - 2014-11-10 19:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-05-27 12:43 - 2014-11-10 19:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-27 12:43 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-05-27 12:43 - 2014-11-10 03:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-05-27 12:43 - 2014-11-10 02:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-05-27 12:43 - 2014-11-10 02:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-27 12:43 - 2014-11-10 02:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-27 12:43 - 2014-11-10 02:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-05-27 12:43 - 2014-11-10 02:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-27 12:43 - 2014-11-10 02:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-05-27 12:43 - 2014-11-10 02:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-27 12:43 - 2014-11-10 01:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-05-27 12:43 - 2014-11-10 01:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-27 12:43 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-05-27 12:43 - 2014-11-08 04:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-05-27 12:43 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-05-27 12:43 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-05-27 12:43 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-05-27 12:43 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-05-27 12:43 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-05-27 12:43 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-05-27 12:43 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-05-27 12:43 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-05-27 12:43 - 2014-11-08 03:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-05-27 12:43 - 2014-11-08 03:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-05-27 12:43 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-05-27 12:43 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-05-27 12:43 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-05-27 12:43 - 2014-11-07 04:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-05-27 12:43 - 2014-11-07 04:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-05-27 12:43 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-05-27 12:43 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-05-27 12:43 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-05-27 12:43 - 2014-11-05 02:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-05-27 12:43 - 2014-11-05 02:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-05-27 12:43 - 2014-11-05 02:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-05-27 12:43 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-05-27 12:43 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-05-27 12:43 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-05-27 12:43 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-05-27 12:43 - 2014-11-05 02:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-05-27 12:43 - 2014-11-05 02:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-05-27 12:43 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-05-27 12:43 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-05-27 12:43 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-05-27 12:43 - 2014-11-04 20:25 - 00059712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-05-27 12:43 - 2014-11-04 20:25 - 00051008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-05-27 12:43 - 2014-11-04 07:55 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-05-27 12:43 - 2014-11-04 07:54 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-05-27 12:43 - 2014-11-04 07:54 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-05-27 12:43 - 2014-11-04 07:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-05-27 12:43 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-05-27 12:43 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-05-27 12:43 - 2014-10-31 01:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-05-27 12:43 - 2014-10-31 01:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-05-27 12:43 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-27 12:43 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-27 12:43 - 2014-10-30 23:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-27 12:43 - 2014-10-30 23:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-27 12:43 - 2014-10-29 04:05 - 00551232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-05-27 12:43 - 2014-10-29 02:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-27 12:43 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-05-27 12:43 - 2014-10-29 02:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-27 12:43 - 2014-10-29 02:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-27 12:43 - 2014-10-29 02:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-27 12:43 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-05-27 12:43 - 2014-10-29 02:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-27 12:43 - 2014-10-29 02:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-27 12:43 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-05-27 12:43 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-05-27 12:43 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-05-27 12:43 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-05-27 12:43 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-05-27 12:43 - 2014-10-21 01:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-05-27 12:43 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-05-27 12:43 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-05-27 12:43 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-05-27 12:42 - 2015-04-16 07:17 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-27 12:42 - 2015-04-13 23:37 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-27 12:42 - 2015-04-13 23:34 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-27 12:42 - 2015-04-10 01:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-05-27 12:42 - 2015-04-10 01:17 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-05-27 12:42 - 2015-04-08 23:41 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-05-27 12:42 - 2015-04-08 23:07 - 00410336 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-27 12:42 - 2015-04-01 23:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-27 12:42 - 2015-04-01 23:30 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-27 12:42 - 2015-04-01 05:21 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-27 12:42 - 2015-04-01 05:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-27 12:42 - 2015-04-01 05:17 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-05-27 12:42 - 2015-04-01 05:08 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-27 12:42 - 2015-04-01 04:46 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-27 12:42 - 2015-04-01 04:17 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-27 12:42 - 2015-04-01 04:17 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-27 12:42 - 2015-04-01 03:53 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-27 12:42 - 2015-04-01 03:53 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-27 12:42 - 2015-04-01 03:45 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-27 12:42 - 2015-04-01 03:45 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-27 12:42 - 2015-04-01 03:14 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-27 12:42 - 2015-04-01 03:12 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-27 12:42 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-05-27 12:42 - 2015-03-20 04:08 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-05-27 12:42 - 2015-03-20 03:37 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-05-27 12:42 - 2015-03-20 03:07 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-27 12:42 - 2015-03-17 18:26 - 00467776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-27 12:42 - 2015-03-14 09:20 - 01385256 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-27 12:42 - 2015-03-14 09:13 - 01124352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-27 12:42 - 2015-03-09 03:02 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthhfenum.sys
2015-05-27 12:42 - 2015-03-02 02:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-05-27 12:42 - 2015-03-02 02:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-05-27 12:42 - 2015-01-30 01:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-27 12:42 - 2015-01-27 04:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-05-27 12:42 - 2015-01-24 02:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-05-27 12:42 - 2015-01-23 08:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-05-27 12:42 - 2015-01-23 06:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-05-27 12:42 - 2014-12-19 09:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-27 12:42 - 2014-12-19 09:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-27 12:42 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-05-27 12:42 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-05-27 12:41 - 2015-04-10 01:34 - 02256896 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-27 12:41 - 2015-04-10 01:11 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-27 12:40 - 2015-05-01 00:05 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-27 12:40 - 2015-04-30 23:48 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-27 12:40 - 2015-04-13 23:48 - 04180480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-27 12:40 - 2015-04-10 02:00 - 01996800 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-27 12:40 - 2015-04-10 01:50 - 01387008 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-27 12:40 - 2015-04-10 01:26 - 01560576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-27 12:40 - 2015-03-23 22:59 - 07476032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-27 12:40 - 2015-03-23 22:59 - 01733952 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-27 12:40 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-27 12:40 - 2015-03-23 22:58 - 01498872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-27 12:40 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-27 12:40 - 2015-03-20 05:12 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-05-27 12:40 - 2015-03-20 05:10 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-27 12:40 - 2015-03-20 05:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-27 12:40 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-27 12:40 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-27 12:40 - 2015-03-20 03:40 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-27 12:40 - 2015-03-20 03:16 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-27 12:40 - 2015-03-20 02:56 - 00080384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-05-27 12:40 - 2015-03-11 02:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-27 12:40 - 2015-03-11 02:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-27 12:40 - 2015-03-04 02:32 - 00172544 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Input.Inking.dll
2015-05-27 12:40 - 2015-03-04 02:12 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Input.Inking.dll
2015-05-27 12:40 - 2015-02-20 04:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-27 12:40 - 2015-02-20 03:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-27 12:40 - 2015-02-20 03:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-27 12:40 - 2015-02-20 03:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-27 12:40 - 2015-01-29 02:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-05-27 12:40 - 2015-01-29 02:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-05-27 12:40 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-05-27 12:40 - 2014-12-13 22:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-05-27 12:40 - 2014-12-09 04:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-27 12:40 - 2014-12-09 02:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-27 12:39 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-27 12:39 - 2015-04-03 01:35 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\PhotoMetadataHandler.dll
2015-05-27 12:39 - 2015-04-03 01:14 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2015-05-27 12:39 - 2015-04-01 23:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2015-05-27 12:39 - 2015-04-01 23:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2015-05-27 12:39 - 2015-04-01 04:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2015-05-27 12:39 - 2015-04-01 03:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2015-05-27 12:39 - 2015-03-30 06:47 - 00561928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-27 12:39 - 2015-03-27 04:27 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-27 12:39 - 2015-03-27 03:50 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-27 12:39 - 2015-03-27 03:48 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-27 12:39 - 2015-03-22 23:45 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 00957440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 00419328 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-27 12:39 - 2015-03-22 23:09 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-27 12:39 - 2015-03-13 05:03 - 00239424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-27 12:39 - 2015-03-13 05:03 - 00154432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-27 12:39 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-27 12:39 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-27 12:39 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2015-05-27 12:39 - 2015-03-13 02:11 - 02162176 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-05-27 12:39 - 2015-03-13 01:39 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-05-27 12:39 - 2015-03-06 04:08 - 02067968 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-27 12:39 - 2015-03-06 03:47 - 01696256 _____ (Microsoft Corporation) C:\Windows\system32\wevtsvc.dll
2015-05-27 12:39 - 2015-03-06 03:43 - 01969664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-27 12:39 - 2015-03-04 11:25 - 00377152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-05-27 12:39 - 2015-03-04 04:04 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-27 12:39 - 2015-03-04 03:19 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-27 12:39 - 2015-02-24 09:32 - 00991552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-27 12:39 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-05-27 12:39 - 2015-02-18 00:19 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2015-05-27 12:39 - 2015-02-12 18:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-27 12:39 - 2015-02-12 18:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-27 12:39 - 2015-02-08 00:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-05-27 12:39 - 2015-02-08 00:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-05-27 12:39 - 2015-02-05 21:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-05-27 12:39 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-05-27 12:39 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-05-27 12:39 - 2015-01-31 00:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-27 12:39 - 2015-01-30 04:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-05-27 12:39 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-05-27 12:39 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-05-27 12:39 - 2015-01-30 03:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-05-27 12:39 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-05-27 12:39 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-05-27 12:39 - 2015-01-30 02:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-05-27 12:39 - 2015-01-30 02:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-05-27 12:39 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-05-27 12:39 - 2015-01-30 02:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-05-27 12:39 - 2015-01-30 02:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-05-27 12:39 - 2015-01-30 02:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-05-27 12:39 - 2015-01-30 02:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-05-27 12:39 - 2015-01-30 02:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-05-27 12:39 - 2015-01-29 19:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-27 12:39 - 2015-01-29 19:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-27 12:39 - 2015-01-29 02:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-27 12:39 - 2015-01-29 02:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-05-27 12:39 - 2015-01-29 02:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-27 12:39 - 2015-01-29 01:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-27 12:39 - 2015-01-29 01:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-05-27 12:39 - 2015-01-29 01:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-05-27 12:39 - 2015-01-29 01:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-05-27 12:39 - 2015-01-28 03:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-05-27 12:39 - 2015-01-28 02:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-05-27 12:39 - 2015-01-28 02:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-27 12:39 - 2015-01-28 02:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-27 12:39 - 2015-01-28 00:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-05-27 12:39 - 2015-01-28 00:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-05-27 12:39 - 2015-01-27 05:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-27 12:39 - 2015-01-27 03:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-27 12:39 - 2015-01-19 19:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-05-27 12:39 - 2015-01-15 23:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-27 12:39 - 2014-12-19 07:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-27 12:39 - 2014-12-12 03:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-27 12:39 - 2014-12-11 06:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-05-27 12:39 - 2014-12-08 20:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-27 12:39 - 2014-12-08 20:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-05-27 12:39 - 2014-12-08 20:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-05-27 12:39 - 2014-12-06 04:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-27 12:39 - 2014-12-06 02:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-27 12:39 - 2014-12-06 02:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-05-27 12:39 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-27 12:39 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-27 12:39 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-27 12:39 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-05-27 12:39 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-05-27 12:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-27 12:39 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-27 12:21 - 2015-05-27 12:21 - 00000000 ____D () C:\Users\Kamal\Desktop\Etudes S2
2015-05-27 12:21 - 2015-05-27 12:21 - 00000000 ____D () C:\Users\Kamal\Desktop\biochimie mesfioui
2015-05-27 11:20 - 2015-05-27 11:20 - 00000942 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlawlessWidescreen.lnk
2015-05-27 11:19 - 2015-05-27 11:19 - 00001940 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC.lnk
2015-05-27 11:18 - 2015-05-27 11:18 - 00002850 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\µTorrent.lnk
2015-05-27 11:18 - 2015-05-27 11:18 - 00001702 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HWMonitor.lnk
2015-05-27 11:05 - 2015-05-27 09:22 - 00001411 _____ () C:\Users\Kamal\Desktop\GeForce Experience.lnk
2015-05-27 10:54 - 2015-05-27 10:54 - 00000000 ____D () C:\Users\Kamal\AppData\Local\ESN
2015-05-27 10:50 - 2015-05-27 11:25 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2015-05-27 10:28 - 2015-06-01 19:27 - 00348672 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2015-05-27 10:28 - 2015-06-01 19:27 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2015-05-27 10:28 - 2015-05-27 20:45 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-05-27 10:28 - 2015-05-27 10:57 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-27 10:27 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-05-27 10:27 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-05-27 10:27 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-05-27 10:27 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-05-27 10:27 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-05-27 10:27 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-05-27 10:26 - 2015-05-27 10:26 - 00000000 ____D () C:\Users\Kamal\Tracing
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\TeamViewer
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\HD Tune Pro
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\HandBrake
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\DarkSoulsII
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Bioshock2Steam
2015-05-27 10:02 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Bioshock
2015-05-27 10:02 - 2015-05-25 13:39 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Wolfenstein - The Old Blood
2015-05-27 10:02 - 2015-05-02 20:36 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\LolClient
2015-05-27 10:02 - 2015-03-18 17:34 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Banamalon
2015-05-27 10:02 - 2015-01-18 11:28 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\The Evil Within
2015-05-27 10:02 - 2014-12-16 15:00 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Steam
2015-05-27 10:02 - 2014-12-10 13:42 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\The Vanishing of Ethan Carter
2015-05-27 10:02 - 2014-12-10 13:42 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Middle Earth - Shadow of Mordor
2015-05-27 10:02 - 2014-12-10 13:42 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Assassin's Creed Unity
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Ubisoft
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\The Witcher 2
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\TeknoGods
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Skyrim
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\SKIDROW
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Rockstar Games
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\PAYDAY 2
2015-05-27 09:59 - 2015-05-27 16:48 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Adobe
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Macromedia
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Electronic Arts
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\EA Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\dxhr
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Darksiders2
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Criterion Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Arma 3
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Apps\2.0
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\ali213GameLauncher
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\4A Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\238010
2015-05-27 09:57 - 2015-05-26 17:43 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-05-27 09:57 - 2015-05-25 13:37 - 00000000 ____D () C:\ProgramData\Socialclub
2015-05-27 09:57 - 2015-05-02 20:36 - 00000000 ____D () C:\ProgramData\Riot Games
2015-05-27 09:57 - 2015-03-18 17:33 - 00000000 ____D () C:\ProgramData\Banamalon
2015-05-27 09:57 - 2015-01-31 11:43 - 00000000 ____D () C:\ProgramData\Steam
2015-05-27 09:57 - 2014-12-13 14:35 - 00000000 ____D () C:\ProgramData\EA Core
2015-05-27 09:57 - 2014-12-10 18:08 - 00000000 ____D () C:\ProgramData\Orbit
2015-05-27 09:57 - 2014-12-10 17:46 - 00000000 ____D () C:\ProgramData\RELOADED
2015-05-27 09:57 - 2014-12-10 13:30 - 00000000 ____D () C:\ProgramData\Sun
2015-05-27 09:34 - 2015-06-01 21:36 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\DMCache
2015-05-27 09:34 - 2015-05-29 18:14 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\IDM
2015-05-27 09:34 - 2015-05-27 11:25 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager
2015-05-27 09:34 - 2015-05-27 10:00 - 00001021 _____ () C:\Users\Kamal\Desktop\Internet Download Manager.lnk
2015-05-27 09:34 - 2015-05-27 09:34 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-05-27 09:34 - 2015-05-27 09:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager
2015-05-27 09:33 - 2015-05-27 09:33 - 00000000 ____D () C:\Program Files\Rockstar Games
2015-05-27 09:33 - 2015-05-27 09:33 - 00000000 ____D () C:\Program Files (x86)\Rockstar Games
2015-05-27 09:21 - 2015-04-03 14:21 - 00048784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-05-27 09:21 - 2015-04-03 14:21 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-05-27 09:15 - 2015-05-27 09:15 - 00002685 _____ () C:\Users\Kamal\Desktop\µTorrent.lnk
2015-05-27 09:14 - 2015-05-29 18:10 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\uTorrent
2015-05-27 09:14 - 2015-05-27 11:23 - 00003004 _____ () C:\Windows\System32\Tasks\Flawless WideScreen
2015-05-27 09:12 - 2015-06-02 00:05 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Skype
2015-05-27 09:12 - 2015-05-27 09:12 - 00002713 _____ () C:\Users\Public\Desktop\Skype.lnk
2015-05-27 09:12 - 2015-05-27 09:12 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-27 09:12 - 2015-05-27 09:12 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Skype
2015-05-27 09:12 - 2015-05-27 09:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-27 09:12 - 2013-08-08 19:04 - 00553784 ____R (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2015-05-27 09:12 - 2006-01-12 08:52 - 00001904 ____N () C:\Windows\system32\SetupBD.din
2015-05-27 09:11 - 2015-05-27 09:12 - 00000000 ____D () C:\ProgramData\Skype
2015-05-27 09:11 - 2013-08-29 09:55 - 00468240 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1d64x64.sys
2015-05-27 09:11 - 2013-07-24 20:36 - 00073480 _____ (Intel Corporation) C:\Windows\system32\e1dmsg.dll
2015-05-27 09:11 - 2013-07-11 00:36 - 00089888 _____ (Intel Corporation) C:\Windows\system32\NicInstD.dll
2015-05-27 09:11 - 2013-03-25 05:07 - 00003114 _____ () C:\Windows\system32\e1d64x64.din
2015-05-27 09:11 - 2009-05-26 03:05 - 00036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2015-05-27 09:10 - 2015-05-27 09:12 - 00000000 ____D () C:\Program Files\Intel
2015-05-27 09:10 - 2015-05-27 09:10 - 00000000 ____D () C:\ProgramData\Intel
2015-05-27 09:10 - 2013-09-16 12:17 - 00016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2015-05-27 09:09 - 2015-05-27 09:09 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-05-27 09:09 - 2015-05-27 09:09 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\InstallShield
2015-05-27 09:09 - 2013-09-16 12:17 - 01795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2015-05-27 09:09 - 2013-09-16 12:17 - 00099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2015-05-27 09:08 - 2015-05-27 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-05-27 09:08 - 2015-05-27 09:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-27 09:08 - 2015-05-27 09:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Synchronization Services
2015-05-27 09:08 - 2013-08-05 04:50 - 00053248 ____R (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-05-27 09:07 - 2015-05-27 09:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Windows\PCHEALTH
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Microsoft Help
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio 8
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Sync Framework
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-05-27 09:07 - 2015-05-27 09:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-05-27 09:04 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Tunngle
2015-05-27 09:04 - 2015-05-27 09:57 - 00000000 ____D () C:\ProgramData\Tunngle
2015-05-27 09:04 - 2015-05-27 09:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
2015-05-27 09:04 - 2015-05-27 09:04 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Ubisoft Game Launcher
2015-05-27 09:04 - 2015-05-27 09:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
2015-05-27 09:04 - 2015-05-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2015-05-27 09:04 - 2015-05-27 09:04 - 00000000 ____D () C:\Program Files (x86)\Tunngle
2015-05-27 09:04 - 2009-09-16 07:02 - 00031232 _____ (Tunngle.net) C:\Windows\system32\Drivers\tap0901t.sys
2015-05-27 09:03 - 2015-05-27 13:37 - 00000000 ____D () C:\SSD GAMES
2015-05-27 09:03 - 2015-05-27 09:03 - 00000000 ___DL () C:\Program Files (x86)\Origin Games
2015-05-27 08:50 - 2015-05-27 09:06 - 00003276 _____ () C:\Windows\System32\Tasks\SamsungMagician
2015-05-27 08:50 - 2015-05-27 08:50 - 00001548 _____ () C:\Users\Public\Desktop\GIGABYTE FORCE.lnk
2015-05-27 08:50 - 2015-05-27 08:50 - 00000000 ____D () C:\ProgramData\Samsung
2015-05-27 08:50 - 2015-05-27 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2015-05-27 08:50 - 2015-05-27 08:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE FORCE
2015-05-27 08:50 - 2015-05-27 08:50 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-05-27 02:03 - 2015-05-27 02:03 - 00000000 ____D () C:\Users\Kamal\AppData\Local\NAHIMICAPO1.0.0
2015-05-27 01:59 - 2015-06-01 21:36 - 00003022 _____ () C:\Windows\System32\Tasks\MSIAfterburner
2015-05-27 01:56 - 2015-06-01 10:25 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\vlc
2015-05-27 01:56 - 2015-05-27 01:57 - 00000000 ____D () C:\Users\Kamal\Heaven
2015-05-27 01:56 - 2015-05-27 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-27 01:56 - 2015-05-27 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Xbox 360 Accessories
2015-05-27 01:56 - 2015-05-27 01:56 - 00000000 ____D () C:\Program Files\Microsoft Xbox 360 Accessories
2015-05-27 01:56 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-05-27 01:56 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-05-27 01:56 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-05-27 01:56 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-05-27 01:56 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-05-27 01:56 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-05-27 01:56 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-05-27 01:56 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-05-27 01:56 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-05-27 01:56 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-05-27 01:56 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-05-27 01:56 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-05-27 01:56 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-05-27 01:56 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-05-27 01:56 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-05-27 01:56 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-05-27 01:56 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-05-27 01:56 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-05-27 01:55 - 2015-05-28 09:40 - 00163543 _____ () C:\Windows\DirectX.log
2015-05-27 01:55 - 2015-05-27 01:55 - 00002133 _____ () C:\Users\Public\Desktop\Heaven Benchmark 4.0.lnk
2015-05-27 01:55 - 2015-05-27 01:55 - 00001019 _____ () C:\Users\Public\Desktop\UltraISO.lnk
2015-05-27 01:55 - 2015-05-27 01:55 - 00000710 _____ () C:\Windows\DXError.log
2015-05-27 01:55 - 2015-05-27 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unigine
2015-05-27 01:55 - 2015-05-27 01:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
2015-05-27 01:55 - 2015-05-27 01:55 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-05-27 01:55 - 2015-05-27 01:55 - 00000000 ____D () C:\Program Files (x86)\Unigine
2015-05-27 01:55 - 2015-05-27 01:55 - 00000000 ____D () C:\Program Files (x86)\UltraISO
2015-05-27 01:55 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-05-27 01:55 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-05-27 01:55 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-05-27 01:55 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-05-27 01:55 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-05-27 01:55 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-05-27 01:55 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-05-27 01:55 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-05-27 01:55 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-05-27 01:55 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-05-27 01:55 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-05-27 01:55 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-05-27 01:55 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-05-27 01:55 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-05-27 01:55 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-05-27 01:55 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-05-27 01:55 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-05-27 01:55 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-05-27 01:55 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-05-27 01:55 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-05-27 01:55 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-05-27 01:55 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-05-27 01:55 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-05-27 01:55 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-05-27 01:55 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-05-27 01:55 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-05-27 01:55 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-05-27 01:55 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-05-27 01:55 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-05-27 01:55 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-05-27 01:55 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-05-27 01:55 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-05-27 01:55 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-05-27 01:55 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-05-27 01:55 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-05-27 01:55 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-05-27 01:55 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-05-27 01:55 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-05-27 01:55 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-05-27 01:55 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-05-27 01:55 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-05-27 01:55 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-05-27 01:55 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-05-27 01:55 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-05-27 01:55 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-05-27 01:55 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-05-27 01:55 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-05-27 01:55 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-05-27 01:55 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-05-27 01:55 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-05-27 01:55 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-05-27 01:55 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-05-27 01:55 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-05-27 01:55 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-05-27 01:55 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-05-27 01:55 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-05-27 01:55 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-05-27 01:55 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-05-27 01:55 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-05-27 01:55 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-05-27 01:55 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-05-27 01:55 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-05-27 01:55 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-05-27 01:55 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-05-27 01:55 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-05-27 01:55 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-05-27 01:55 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-05-27 01:55 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-05-27 01:55 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-05-27 01:55 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-05-27 01:55 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-05-27 01:55 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-05-27 01:55 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-05-27 01:55 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-05-27 01:55 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-05-27 01:55 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-05-27 01:55 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-05-27 01:55 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-05-27 01:55 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-05-27 01:55 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-05-27 01:55 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-05-27 01:55 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-05-27 01:55 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-05-27 01:55 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-05-27 01:55 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-05-27 01:55 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-05-27 01:55 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-05-27 01:55 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-05-27 01:55 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-05-27 01:55 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-05-27 01:55 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-05-27 01:55 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-05-27 01:55 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-05-27 01:55 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-05-27 01:55 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-05-27 01:55 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-05-27 01:55 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-05-27 01:55 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-05-27 01:55 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-05-27 01:55 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-05-27 01:55 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-05-27 01:55 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-05-27 01:55 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-05-27 01:55 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-05-27 01:54 - 2015-06-01 11:28 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\TS3Client
2015-05-27 01:54 - 2015-05-27 01:54 - 00000979 _____ () C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
2015-05-27 01:54 - 2015-05-27 01:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
2015-05-27 01:54 - 2015-05-27 01:54 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client
2015-05-27 01:52 - 2015-05-27 10:02 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\www.shadowexplorer.com
2015-05-27 01:52 - 2015-05-27 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShadowExplorer
2015-05-27 01:52 - 2015-05-27 01:52 - 00000000 ____D () C:\Program Files (x86)\ShadowExplorer
2015-05-27 01:51 - 2015-05-27 14:31 - 00000000 ____D () C:\Program Files (x86)\RivaTuner Statistics Server
2015-05-27 01:51 - 2015-05-27 01:56 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-05-27 01:51 - 2015-05-27 01:51 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2015-05-27 01:50 - 2015-05-27 09:08 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-05-27 01:50 - 2015-05-27 01:50 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2015-05-27 01:50 - 2015-05-27 01:50 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-05-27 01:50 - 2015-05-27 01:50 - 00000000 ____D () C:\Program Files\MSBuild
2015-05-27 01:50 - 2015-05-27 01:50 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-05-27 01:48 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-05-27 01:48 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-05-27 01:47 - 2015-05-28 13:03 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Battle.net
2015-05-27 01:47 - 2015-05-27 09:28 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Battle.net
2015-05-27 01:47 - 2015-05-27 01:47 - 00001162 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2015-05-27 01:47 - 2015-05-27 01:47 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Blizzard Entertainment
2015-05-27 01:47 - 2015-05-27 01:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battle.net
2015-05-27 01:47 - 2015-05-27 01:47 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2015-05-27 01:47 - 2015-05-27 01:47 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-05-27 01:46 - 2015-05-27 14:30 - 00000000 ____D () C:\Program Files (x86)\MSI Afterburner
2015-05-27 01:46 - 2015-05-27 01:46 - 00001098 _____ () C:\Users\Kamal\Desktop\MSI Afterburner.lnk
2015-05-27 01:46 - 2015-05-27 01:46 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2015-05-27 01:45 - 2015-05-27 01:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MSI Kombustor 3
2015-05-27 01:45 - 2015-05-27 01:45 - 00000000 ____D () C:\Program Files\MSI Kombustor 3
2015-05-27 01:44 - 2015-06-01 11:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-27 01:43 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Origin
2015-05-27 01:43 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Origin
2015-05-27 01:43 - 2015-05-27 01:43 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-27 01:43 - 2015-05-27 01:43 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-05-27 01:43 - 2015-05-27 01:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-27 01:43 - 2015-05-27 01:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-27 01:43 - 2015-05-27 01:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-27 01:43 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-27 01:43 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-27 01:43 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-27 01:42 - 2015-06-01 19:44 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-27 01:42 - 2015-05-27 10:02 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Foxit Software
2015-05-27 01:42 - 2015-05-27 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-05-27 01:42 - 2015-05-27 01:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-05-27 01:42 - 2015-05-27 01:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-05-27 01:42 - 2015-05-27 01:42 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-05-27 01:41 - 2015-05-27 01:41 - 00000885 _____ () C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2015-05-27 01:41 - 2015-05-27 01:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2015-05-27 01:41 - 2015-05-27 01:41 - 00000000 ____D () C:\Program Files\CPUID
2015-05-27 01:40 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\foobar2000
2015-05-27 01:40 - 2015-05-27 09:57 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-27 01:40 - 2015-05-27 01:40 - 00001125 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2015-05-27 01:40 - 2015-05-27 01:40 - 00001043 _____ () C:\Users\Public\Desktop\foobar2000.lnk
2015-05-27 01:40 - 2015-05-27 01:40 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2015-05-27 01:39 - 2015-05-27 01:40 - 00000000 ____D () C:\ProgramData\Battle.net
2015-05-27 01:39 - 2015-05-27 01:39 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-05-27 01:39 - 2015-05-27 01:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Handbrake
2015-05-27 01:39 - 2015-05-27 01:39 - 00000000 ____D () C:\Program Files\Handbrake
2015-05-27 01:38 - 2015-05-27 01:38 - 00016896 _____ (ASUS) C:\Windows\AsTaskSched.dll
2015-05-27 01:37 - 2015-05-27 01:37 - 00053248 _____ () C:\Windows\SysWOW64\zlib.dll
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonic Radar
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foolish IT
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.4
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\ProgramData\Foolish IT
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\Program Files\ASUSTeKcomputer.Inc
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\Program Files (x86)\Foolish IT
2015-05-27 01:37 - 2015-05-27 01:37 - 00000000 ____D () C:\Program Files (x86)\Cheat Engine 6.4
2015-05-27 01:36 - 2015-05-27 01:36 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2015-05-27 01:36 - 2015-05-27 01:36 - 00000000 ____D () C:\Program Files\Realtek
2015-05-27 01:36 - 2015-05-27 01:36 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-05-27 01:36 - 2014-02-18 19:42 - 03867992 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-05-27 01:36 - 2014-02-18 17:33 - 00624344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-05-27 01:36 - 2014-02-18 17:04 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-05-27 01:36 - 2014-02-18 16:56 - 00749977 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-05-27 01:36 - 2014-02-18 15:18 - 55506944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-05-27 01:36 - 2014-02-18 14:33 - 00946392 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-05-27 01:36 - 2014-02-18 10:35 - 01024216 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-05-27 01:36 - 2014-02-17 16:04 - 02788056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2015-05-27 01:36 - 2014-02-07 17:22 - 02157704 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2015-05-27 01:36 - 2014-02-06 11:28 - 05804772 _____ () C:\Windows\system32\Drivers\rtvienna.dat
2015-05-27 01:36 - 2014-02-05 09:23 - 02319960 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 28310104 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnA64.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 14737496 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 12793944 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 03923032 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioVnN64.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 02101848 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 02037336 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 01932888 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek264.dll
2015-05-27 01:36 - 2014-02-04 00:45 - 01033304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2015-05-27 01:36 - 2014-01-31 17:28 - 00938608 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2015-05-27 01:36 - 2014-01-31 17:27 - 01313904 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2015-05-27 01:36 - 2014-01-31 17:23 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2015-05-27 01:36 - 2014-01-31 17:22 - 01419376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2015-05-27 01:36 - 2014-01-28 11:48 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-05-27 01:36 - 2014-01-17 02:02 - 00942384 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOSettingsIPC.dll
2015-05-27 01:36 - 2014-01-17 01:59 - 05752072 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2015-05-27 01:36 - 2014-01-10 06:52 - 00899320 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2015-05-27 01:36 - 2014-01-10 06:52 - 00724728 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2015-05-27 01:36 - 2014-01-10 06:51 - 01045752 _____ (SRS Labs, Inc.) C:\Windows\system32\slcnt64.dll
2015-05-27 01:36 - 2014-01-10 06:51 - 00245496 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2015-05-27 01:36 - 2013-12-31 11:16 - 02825432 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-05-27 01:36 - 2013-12-04 16:27 - 01958616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-05-27 01:36 - 2013-10-16 03:43 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-05-27 01:36 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-05-27 01:36 - 2013-10-11 11:31 - 00947760 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-05-27 01:36 - 2013-10-07 00:26 - 00501184 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2015-05-27 01:36 - 2013-10-07 00:26 - 00487360 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2015-05-27 01:36 - 2013-10-07 00:26 - 00415680 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2015-05-27 01:36 - 2013-09-10 04:02 - 06217904 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-05-27 01:36 - 2013-09-10 04:02 - 00313520 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-05-27 01:36 - 2013-09-10 04:01 - 01938608 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-05-27 01:36 - 2013-09-10 04:01 - 00260272 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-05-27 01:36 - 2013-08-20 17:37 - 00605496 _____ () C:\Windows\system32\audioLibVc.dll
2015-05-27 01:36 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-05-27 01:36 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-05-27 01:36 - 2013-07-23 15:39 - 00790272 _____ (Waves Audio Ltd.) C:\Windows\SysWOW64\MaxxAudioAPOShell.dll
2015-05-27 01:36 - 2013-06-25 12:47 - 00871856 _____ (TOSHIBA Corporation) C:\Windows\system32\tossaeapo64.dll
2015-05-27 01:36 - 2013-06-25 12:47 - 00162224 _____ (TOSHIBA Corporation) C:\Windows\system32\toseaeapo64.dll
2015-05-27 01:36 - 2013-06-25 12:46 - 00582056 _____ (TOSHIBA Corporation) C:\Windows\system32\tosasfapo64.dll
2015-05-27 01:36 - 2013-06-21 11:01 - 00109848 _____ () C:\Windows\system32\AcpiServiceVnA64.dll
2015-05-27 01:36 - 2013-04-03 14:13 - 00906800 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2015-05-27 01:36 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-05-27 01:36 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-05-27 01:36 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-05-27 01:36 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-05-27 01:36 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-05-27 01:36 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-05-27 01:36 - 2012-01-30 11:43 - 00836544 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2015-05-27 01:36 - 2012-01-10 10:20 - 00065944 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2015-05-27 01:36 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-05-27 01:36 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-05-27 01:36 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-05-27 01:36 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-05-27 01:36 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-05-27 01:36 - 2011-08-23 17:00 - 00603984 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-05-27 01:36 - 2011-08-11 16:55 - 00001332 _____ () C:\Windows\system32\Drivers\DTSU2P.DAT
2015-05-27 01:36 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-05-27 01:36 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-05-27 01:36 - 2011-03-17 12:17 - 01361336 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2015-05-27 01:36 - 2011-03-07 17:11 - 00148416 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-05-27 01:36 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-05-27 01:36 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-05-27 01:36 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-05-27 01:36 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-05-27 01:36 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-05-27 01:36 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-05-27 01:36 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-05-27 01:36 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-05-27 01:35 - 2015-05-27 01:38 - 00000000 ___HD () C:\Program Files (x86)\Temp
2015-05-27 01:35 - 2014-01-20 19:11 - 02080472 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2015-05-27 01:33 - 2015-05-27 13:56 - 00031744 ___SH () C:\Users\Kamal\Desktop\Thumbs.db
2015-05-27 01:33 - 2015-05-27 12:37 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Steam
2015-05-27 01:33 - 2015-05-27 01:33 - 00001502 _____ () C:\Users\Kamal\Desktop\HWMonitor.lnk
2015-05-27 01:27 - 2015-05-27 01:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
2015-05-27 01:27 - 2015-05-27 01:27 - 00000000 ____D () C:\Fraps
2015-05-27 01:25 - 2015-06-01 19:44 - 00000000 ____D () C:\ProgramData\Origin
2015-05-27 01:25 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Audacity
2015-05-27 01:25 - 2015-05-27 09:57 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-05-27 01:25 - 2015-05-27 01:43 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-05-27 01:25 - 2015-05-27 01:25 - 00001031 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2015-05-27 01:25 - 2015-05-27 01:25 - 00001019 _____ () C:\Users\Public\Desktop\Audacity.lnk
2015-05-27 01:25 - 2015-05-27 01:25 - 00000991 _____ () C:\Users\Public\Desktop\Origin.lnk
2015-05-27 01:25 - 2015-05-27 01:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2015-05-27 01:25 - 2015-05-27 01:25 - 00000000 ____D () C:\Program Files (x86)\Audacity
2015-05-27 01:24 - 2015-05-27 10:04 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\WinRAR
2015-05-27 01:24 - 2015-05-27 01:24 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-27 01:24 - 2015-05-27 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-05-27 01:24 - 2015-05-27 01:24 - 00000000 ____D () C:\Program Files\WinRAR
2015-05-27 01:23 - 2015-06-01 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-05-27 01:23 - 2015-05-27 13:29 - 00000000 ____D () C:\Users\Kamal\AppData\Local\NVIDIA Corporation
2015-05-27 01:23 - 2015-05-27 01:37 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\NVIDIA
2015-05-27 01:23 - 2015-05-23 02:47 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-05-27 01:23 - 2015-05-23 02:47 - 01571696 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-05-27 01:23 - 2015-05-23 02:47 - 01320304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-05-27 01:23 - 2015-05-23 02:47 - 01316000 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-05-27 01:23 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-05-27 01:22 - 2015-05-28 08:04 - 15864064 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-05-27 01:22 - 2015-05-28 08:04 - 12852152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-05-27 01:22 - 2015-05-28 08:04 - 03379680 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-05-27 01:22 - 2015-05-28 08:04 - 02986392 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-05-27 01:22 - 2015-05-27 12:50 - 00000975 _____ () C:\Users\Public\Desktop\Steam.lnk
2015-05-27 01:22 - 2015-05-27 01:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-05-27 01:22 - 2015-05-13 07:52 - 00195912 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-05-27 01:22 - 2015-05-13 07:52 - 00031552 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-05-27 01:22 - 2015-05-12 07:27 - 01898312 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435286.dll
2015-05-27 01:22 - 2015-05-12 07:27 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435286.dll
2015-05-27 01:22 - 2015-04-03 14:21 - 00052880 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-05-27 01:20 - 2015-05-27 01:25 - 00000000 ____D () C:\Users\Kamal\AppData\Local\NVIDIA
2015-05-27 01:15 - 2015-05-27 01:15 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_ASMBSW_01_11_00.Wdf
2015-05-27 01:14 - 2015-06-02 00:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-05-27 01:14 - 2015-06-01 10:39 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-05-27 01:14 - 2015-05-28 08:04 - 00112968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-05-27 01:14 - 2015-05-28 08:04 - 00105288 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-05-27 01:14 - 2015-05-28 05:15 - 06872904 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-05-27 01:14 - 2015-05-28 05:15 - 03491984 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-05-27 01:14 - 2015-05-28 05:15 - 02558608 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-05-27 01:14 - 2015-05-28 05:15 - 00937288 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-05-27 01:14 - 2015-05-28 05:15 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-05-27 01:14 - 2015-05-28 05:15 - 00062608 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-05-27 01:14 - 2015-05-27 11:48 - 04408727 _____ () C:\Windows\system32\nvcoproc.bin
2015-05-27 01:14 - 2015-05-27 01:23 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-05-27 01:14 - 2015-05-27 01:23 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-05-27 01:14 - 2015-05-27 01:14 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1043_ASUSTeK_B85-PRO GAMER.alu
2015-05-27 01:10 - 2015-05-27 09:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-27 01:10 - 2015-05-27 01:15 - 00000000 ____D () C:\Program Files\ASUS
2015-05-27 01:09 - 2015-05-27 09:10 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-05-27 01:09 - 2012-09-14 03:06 - 00014464 ____R () C:\Windows\SysWOW64\Drivers\AsUpIO.sys
2015-05-27 01:09 - 2011-09-20 05:25 - 00046152 ____R (MCCI Corporation) C:\Windows\SysWOW64\Drivers\ASUSFILTER.sys
2015-05-27 01:08 - 2015-05-27 09:09 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-27 01:08 - 2015-05-27 09:09 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-27 01:08 - 2015-05-27 01:20 - 00000000 ____D () C:\ProgramData\ASUS
2015-05-27 01:08 - 2015-05-27 01:10 - 00000000 ____D () C:\Windows\System32\Tasks\ASUS
2015-05-27 01:08 - 2015-05-27 01:08 - 00001769 _____ () C:\Windows\Language_trs.ini
2015-05-27 01:08 - 2014-01-28 04:16 - 00028672 ____R (ASUSTek Computer Inc.) C:\Windows\SysWOW64\AsIO.dll
2015-05-27 01:08 - 2014-01-28 04:16 - 00015232 ____R () C:\Windows\SysWOW64\Drivers\AsIO.sys
2015-05-27 01:06 - 2015-05-27 09:05 - 00041166 _____ () C:\Windows\Ascd_tmp.ini
2015-05-27 01:06 - 2015-05-27 09:05 - 00000192 _____ () C:\Windows\As_Utilities.log
2015-05-27 01:06 - 2009-04-02 13:30 - 00010296 _____ () C:\Windows\SysWOW64\Drivers\ASUSHWIO.SYS
2015-05-27 01:03 - 2015-05-27 01:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-27 01:03 - 2015-05-27 01:16 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-27 01:03 - 2015-05-27 01:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-27 01:03 - 2015-05-27 01:03 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Mozilla
2015-05-27 01:03 - 2015-05-27 01:03 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Mozilla
2015-05-27 01:03 - 2015-05-27 01:03 - 00000000 ____D () C:\ProgramData\Mozilla
2015-05-27 01:00 - 2015-05-27 01:00 - 00000000 __SHD () C:\Users\Kamal\AppData\Local\EmieUserList
2015-05-27 01:00 - 2015-05-27 01:00 - 00000000 __SHD () C:\Users\Kamal\AppData\Local\EmieSiteList
2015-05-27 01:00 - 2015-05-27 01:00 - 00000000 __SHD () C:\Users\Kamal\AppData\Local\EmieBrowserModeList
2015-05-27 01:00 - 2015-05-27 01:00 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Macromedia
2015-05-27 00:57 - 2015-06-02 00:09 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2248693553-3069304461-830210338-1001
2015-05-27 00:57 - 2015-06-01 21:14 - 00003936 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{D4E35859-F3BC-4C30-B9B2-04C87634D3E0}
2015-05-27 00:55 - 2015-06-02 00:04 - 00000000 ____D () C:\Users\Kamal\OneDrive
2015-05-27 00:55 - 2015-05-27 00:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-05-27 00:50 - 2015-05-27 00:51 - 00000000 ____D () C:\Users\Kamal\AppData\Local\PackageStaging
2015-05-27 00:49 - 2015-05-27 10:54 - 00000000 ____D () C:\Users\Kamal\AppData\Local\VirtualStore
2015-05-27 00:49 - 2015-05-27 10:02 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Adobe
2015-05-27 00:49 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Packages
2015-05-27 00:49 - 2015-05-27 00:49 - 00001458 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-27 00:48 - 2015-05-27 10:26 - 00000000 ____D () C:\Users\Kamal
2015-05-27 00:48 - 2015-05-27 00:48 - 00000020 ___SH () C:\Users\Kamal\ntuser.ini
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\Voisinage réseau
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\Voisinage d'impression
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\Modèles
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\Menu Démarrer
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-05-27 00:48 - 2015-05-27 00:48 - 00000000 _SHDL () C:\Users\Kamal\AppData\Local\Historique
2015-05-27 00:48 - 2014-11-21 07:20 - 00000000 ___RD () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-27 00:48 - 2014-11-21 07:20 - 00000000 ___RD () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-27 00:48 - 2014-11-21 07:20 - 00000000 ___RD () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-27 00:48 - 2014-11-20 23:55 - 00000369 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-27 00:48 - 2014-11-20 23:55 - 00000369 _____ () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-27 00:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Users\Kamal\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-27 00:47 - 2015-05-27 00:47 - 00000000 ____D () C:\Windows\CSC
2015-05-27 00:47 - 2015-03-14 09:54 - 00133256 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-27 00:47 - 2015-03-14 02:56 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-27 00:47 - 2015-03-14 02:56 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-27 00:47 - 2015-03-14 02:51 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-27 00:47 - 2015-03-14 02:37 - 00267264 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-27 00:47 - 2015-03-14 02:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-27 00:47 - 2015-03-14 01:22 - 03678720 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-27 00:47 - 2015-03-14 01:12 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-27 00:47 - 2015-03-14 01:12 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-27 00:47 - 2015-03-14 01:09 - 00200192 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-05-27 00:47 - 2015-03-14 01:08 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-05-27 00:47 - 2015-03-14 01:08 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-27 00:47 - 2015-03-14 01:06 - 02373632 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-27 00:47 - 2015-03-14 01:06 - 00891392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-27 00:47 - 2015-03-14 01:02 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-27 00:47 - 2015-03-14 01:02 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-27 00:47 - 2015-03-14 00:59 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-27 00:47 - 2015-03-14 00:59 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-27 00:47 - 2014-10-18 07:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-05-27 00:46 - 2015-06-01 21:31 - 01873424 _____ () C:\Windows\WindowsUpdate.log
2015-05-27 00:41 - 2015-05-27 00:50 - 00000000 ____D () C:\Windows\Panther
2015-05-27 00:21 - 2015-06-01 21:26 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\Voisinage réseau
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\Voisinage d'impression
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\Modèles
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\Menu Démarrer
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default\AppData\Local\Historique
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programmes
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Users\Default User\AppData\Local\Historique
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\ProgramData\Modèles
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\ProgramData\Microsoft\Windows\Start Menu\Programmes
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\ProgramData\Menu Démarrer
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\ProgramData\Bureau
2015-05-26 23:45 - 2015-05-26 23:45 - 00000000 _SHDL () C:\Program Files\Fichiers communs
2015-05-26 23:44 - 2015-05-27 01:33 - 00000000 ____D () C:\Program Files (x86)\HWMonitor
2015-05-26 23:43 - 2015-05-27 01:36 - 00000000 ____D () C:\Program Files\Adobe
2015-05-26 23:42 - 2015-05-26 23:42 - 00000000 __SHD () C:\Recovery
2015-05-20 14:57 - 2015-05-20 13:55 - 00197616 _____ (Tonec Inc.) C:\Windows\system32\Drivers\idmwfp.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-02 00:04 - 2013-08-22 15:46 - 00029277 _____ () C:\Windows\setupact.log
2015-06-02 00:04 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-06-02 00:04 - 2013-08-22 14:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2015-06-02 00:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2015-06-01 11:08 - 2014-11-20 23:46 - 01824010 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-06-01 11:08 - 2014-11-20 23:03 - 00811108 _____ () C:\Windows\system32\perfh00C.dat
2015-06-01 11:08 - 2014-11-20 23:03 - 00159206 _____ () C:\Windows\system32\perfc00C.dat
2015-06-01 11:08 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-30 13:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2015-05-28 15:21 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-28 12:16 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-05-28 09:31 - 2014-11-20 14:36 - 00011654 _____ () C:\Windows\PFRO.log
2015-05-28 08:04 - 2015-02-20 01:18 - 17486856 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-05-28 08:04 - 2015-02-20 01:18 - 14987528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-05-28 08:04 - 2015-02-20 01:18 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvmcvadgenco64.dll
2015-05-28 08:04 - 2015-02-20 01:18 - 00030966 _____ () C:\Windows\system32\nvinfo.pb
2015-05-28 01:23 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppCompat
2015-05-27 13:57 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-27 13:18 - 2013-08-22 15:44 - 00482128 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-27 13:17 - 2014-11-21 07:20 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-05-27 13:17 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-27 13:11 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-27 12:49 - 2014-11-20 23:27 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-27 09:08 - 2014-11-20 23:27 - 00000000 ____D () C:\Windows\ShellNew
2015-05-27 09:07 - 2013-08-22 14:25 - 00000167 _____ () C:\Windows\win.ini
2015-05-27 01:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2015-05-27 01:50 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\MUI
2015-05-27 01:14 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Help
2015-05-27 00:47 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-27 00:41 - 2013-08-22 16:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-05-26 23:45 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows NT
2015-05-26 23:45 - 2013-08-22 14:36 - 00000000 __RHD () C:\Users\Default
2015-05-26 23:42 - 2013-08-22 16:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-05-26 23:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-05-13 07:52 - 2015-02-20 01:18 - 01558848 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll

==================== Files in the root of some directories =======

2015-06-01 10:47 - 2015-06-01 10:47 - 0000261 _____ () C:\Users\Kamal\AppData\Local\GWX.rar
2015-05-29 17:50 - 2015-06-01 11:22 - 0000236 _____ () C:\ProgramData\boost_interprocess.rar

Some files in TEMP:
====================
C:\Users\Kamal\AppData\Local\Temp\Quarantine.exe
C:\Users\Kamal\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-26 23:42

==================== End of log ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Kamal at 2015-06-02 00:10:49
Running from C:\Users\Kamal\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrateur (S-1-5-21-2248693553-3069304461-830210338-500 - Administrator - Disabled)
Invité (S-1-5-21-2248693553-3069304461-830210338-501 - Limited - Disabled)
Kamal (S-1-5-21-2248693553-3069304461-830210338-1001 - Administrator - Enabled) => C:\Users\Kamal

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\uTorrent) (Version: 3.4.3.40298 - BitTorrent Inc.)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.69 - ASUSTeK Computer Inc.)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.18 - ASUSTeK Computer Inc.)
Audacity 2.0.6 (HKLM-x32\...\Audacity_is1) (Version: 2.0.6 - Audacity Team)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.6.2 - EA Digital Illusions CE AB)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
CPUID CPU-Z 1.72 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
CryptoPrevent (HKLM-x32\...\{5C5B24E7-4694-4049-A222-CCE7D3FAC63F}_is1) (Version:  - Foolish IT LLC)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Dead Space™ 3 (HKLM-x32\...\{D4329609-4102-4F8C-B83F-7FE024EEA314}) (Version: 1.0.0.0 - Electronic Arts, Inc.)
EA SPORTS™ FIFA 15 (HKLM-x32\...\{3D4ADA2B-F028-4307-ADF4-6F9AA44725DA}) (Version: 1.7.0.0 - Electronic Arts)
foobar2000 v1.2.3 (HKLM-x32\...\foobar2000) (Version: 1.2.3 - Peter Pawlowski)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 3.4.96.511 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.5.624 - Foxit Corporation)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
GIGABYTE FORCE Driver (HKLM-x32\...\GMouse) (Version:  - )
HandBrake 0.10.0 (HKLM-x32\...\HandBrake) (Version: 0.10.0 - )
Heaven Benchmark version 4.0 (HKLM-x32\...\Unigine Heaven Benchmark (Basic Edition)_is1) (Version: 4.0 - Unigine Corp.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel® Network Connections 18.7.28.0 (HKLM\...\PROSetDX) (Version: 18.7.28.0 - Intel)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Malwarebytes Anti-Exploit version 1.06.1.1019 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.06.1.1019 - Malwarebytes)
Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{45CD67FD-3218-4207-A0A2-BC41245189E3}) (Version: 1.20.146.0 - Microsoft)
Mises à jour NVIDIA 2.4.5.28 (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Mozilla Firefox 38.0.1 (x86 fr) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 fr)) (Version: 38.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.0.1 - Mozilla)
MSI Afterburner 4.1.0 (HKLM-x32\...\Afterburner) (Version: 4.1.0 - MSI Co., LTD)
MSI Kombustor 3.5.1 (HKLM\...\{9598DA62-2AE8-426D-9C86-BEA96AC6721E}_is1) (Version:  - MSI Co., LTD)
NVIDIA GeForce Experience 2.4.5.28 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.4.5.28 - NVIDIA Corporation)
NVIDIA Logiciel système PhysX 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA Pilote 3D Vision 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.06 - NVIDIA Corporation)
NVIDIA Pilote audio HD : 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Pilote du contrôleur 3D Vision 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA Pilote graphique 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.06 - NVIDIA Corporation)
NVIDIA Son virtuel Miracast 353.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Miracast.VirtualAudio) (Version: 353.06 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
Panneau de configuration NVIDIA 353.06 (Version: 353.06 - NVIDIA Corporation) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7179 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.3.0 (HKLM-x32\...\RTSS) (Version: 6.3.0 - Unwinder)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.5.8 - Rockstar Games)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.6 - Samsung Electronics)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
SHIELD Streaming (Version: 4.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.4.5.28 - NVIDIA Corporation) Hidden
Skype™ 7.5 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.5.101 - Skype Technologies S.A.)
Sonic Radar (HKLM\...\{0E2BE1E8-F087-45D6-8D29-5CB305643B78}) (Version: 1.0.001 - ASUSTeKcomputer.Inc)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
Tunngle (HKLM-x32\...\Tunngle_is1) (Version: 5.2 - Tunngle.net GmbH)
UltraISO Premium V9.61 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Uplay (HKLM-x32\...\Uplay) (Version: 6.1 - Ubisoft)
VC_CRT_x64 (Version: 1.02.0000 - Intel Corporation) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

27-05-2015 12:06:59 New Install
27-05-2015 12:10:01 Sauvegarde Windows
01-06-2015 11:53:10 save juin

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09A46985-180A-45F1-ADC7-B9EA4B444972} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-01-28] ()
Task: {1E0900C8-BFC9-4287-A8A9-7F49DAA434F9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-06] (Microsoft Corporation)
Task: {38098C25-D252-4D78-87FB-C544F019DEB8} - System32\Tasks\Flawless WideScreen => D:\Data\flawlesswidescreen_x64\FlawlessWidescreen.exe [2014-05-29] (Flawless Widescreen)
Task: {42265186-726E-4C7E-A949-7993710D539C} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {5A4FCC9B-280F-49DE-82CE-CF783329001D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)
Task: {6B107BC5-08A6-4A01-A2B5-5B59433E5507} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe [2015-04-10] (Samsung Electronics.)
Task: {6F95B29E-76FA-4616-87F4-1E3E2B32163E} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-02-17] (ASUSTeK Computer Inc.)
Task: {70EFB57C-EA62-4778-A0AC-30ECA293B7F3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-04-30] (Microsoft Corporation)
Task: {7641D9E6-8A7E-4DE5-9647-637F248A2EC5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {B3F4A574-0C47-4B74-B583-7E41C52EF512} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-07-24] ()
Task: {EA94632F-7A0D-40DB-889E-F59BC64A5324} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {ED4837B0-482C-48A5-9DAE-D98048B61EEE} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe [2014-12-06] ()
Task: {F0738F6F-142D-43F6-A420-31D71EE2F9A5} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-06] (Microsoft Corporation)

==================== Loaded Modules (Whitelisted) ==============

2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-27 01:08 - 2014-01-28 11:16 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2015-05-27 01:08 - 2014-01-28 11:16 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2015-05-27 01:09 - 2014-02-21 14:04 - 03296256 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2015-05-27 01:08 - 2013-08-29 15:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2015-05-27 01:08 - 2014-02-14 18:54 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2015-05-27 01:08 - 2014-01-28 04:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2015-05-27 09:09 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Kamal\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2248693553-3069304461-830210338-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Kamal\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows_os_blue_white_green_26515_2560x1080 - copie.png
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "XboxStat"
HKLM\...\StartupApproved\Run32: => "GMouse"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\StartupApproved\Run: => "Steam"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{4392FC09-D1D3-4C6B-BF58-9802F6D68B45}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{79125F18-B933-4708-961A-B06517F0587B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{35280B2C-0FE0-4DAC-A816-5E6FDF27DB4F}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8A065CF5-8B00-476A-9D0A-2C2BFCB1C14E}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{58004B29-8960-4ACF-87ED-D52C749171FB}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{41F6C4FD-647E-46D6-9F76-68598A9FAA49}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{625C791C-1F9F-4AB8-94BC-763B35D58C9A}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{758A9325-3681-4028-B872-FAF72AFBBB47}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{E06340F1-0E3E-499D-ACB7-3E651264B0CA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{7279F8E9-01F8-4D98-A68E-1D96AC437CF7}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{B91623CE-0A4D-4A7D-9C7F-59DE441B9626}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{9DB09FEC-5C84-40D7-9A0D-329FC26C20D7}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{7F924D4F-C634-426D-9092-AEFA23EFEDAE}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{B12EA0FF-C9BC-43CE-BF04-7B1366095347}] => (Allow) C:\Program Files (x86)\Tunngle\TnglCtrl.exe
FirewallRules: [{C9BBD920-F44E-40A2-AB87-F6670BED7802}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{51CE7266-5938-4A8D-AB5A-0D58A188D619}] => (Allow) C:\Program Files (x86)\Tunngle\Tunngle.exe
FirewallRules: [{BF3879B1-0A9D-4401-B373-02E54C5858CB}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{A5A39FF3-5D43-410C-825F-D937C014FD3C}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{39F326F7-2240-4362-9435-8917ED2B8468}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{17351F2D-08DF-4165-9DF6-88C5E59951D0}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{403FFEC1-0802-442E-B1AC-B305F7E89883}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{F5D2494A-A637-4399-B804-615FA69FD1C5}] => (Allow) C:\Users\Kamal\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{543D02D7-5672-4A78-B005-A5E58C48FBCA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{02D3AE90-4EE8-4588-9D17-2C7B14E814C6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [TCP Query User{1E9016AE-D7B5-49BF-AE5B-B6CBA15D611B}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{33A9C0B5-1186-49A7-80A9-FCDE520525C5}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{8E45ABB8-BD57-4B2C-9CA9-E08CAFF985C8}] => (Allow) D:\Games\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{6F9B0969-8F1C-4898-9F56-78010111161E}] => (Allow) D:\Games\Origin Games\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{21E8622A-EEB6-426F-8081-40DFD175EA32}] => (Allow) D:\Games\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{1D3DA333-4CFB-41FD-9F00-5CD8A2BF6CEA}] => (Allow) D:\Games\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{0AAA0483-C0E7-4455-9F88-DFC55ECA5551}] => (Allow) D:\Games\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{36DBB731-F25D-464D-8000-59FFD3F35E97}] => (Allow) D:\Games\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{931AC138-62FA-4A0C-B0A8-E4AD1E2A41BB}] => (Allow) D:\Games\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{7EE3E55D-2732-4E45-BD72-51CF3CC63909}] => (Allow) D:\Games\Origin Games\Dead Space 3\deadspace3.exe
FirewallRules: [{66127703-F583-4AB6-8F98-B84D46F55817}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{92A97B64-1BDC-4750-B614-497A1F01BA78}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{EF9D32BD-8D9F-4412-BBB4-AE02D366E4CC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{C24E1E2E-5099-4C1E-82CC-21D99E37B1C4}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{A5B98A1F-50F4-44E7-B3AD-70A47B8AA077}] => (Allow) D:\Games\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{5396E152-F4BD-4A6F-A380-CF84B08981C5}] => (Allow) D:\Games\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [TCP Query User{7E910DA7-94FE-423B-8934-273037672C83}D:\games\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamapps\common\assettocorsa\acs.exe
FirewallRules: [UDP Query User{76C735B8-4756-41D8-9987-F2E4E1EF538E}D:\games\steamapps\common\assettocorsa\acs.exe] => (Allow) D:\games\steamapps\common\assettocorsa\acs.exe
FirewallRules: [TCP Query User{1D22386B-DAFF-4646-A3AE-9F8C25B9D116}D:\games\others\dying light\dyinglightgame.exe] => (Allow) D:\games\others\dying light\dyinglightgame.exe
FirewallRules: [UDP Query User{6AA47627-6BEE-4A5E-9A55-9535A9AEF5A6}D:\games\others\dying light\dyinglightgame.exe] => (Allow) D:\games\others\dying light\dyinglightgame.exe
FirewallRules: [TCP Query User{0C118C3B-B745-4E8F-8D84-1776372C81D9}D:\games\others\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\games\others\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{216E0E2F-3CC4-469F-B9CA-511BC7B0AA25}D:\games\others\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\games\others\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{78A011B8-23CE-46E0-8361-49C4DD9756BB}C:\ssd games\battlefield 4\bf4.exe] => (Allow) C:\ssd games\battlefield 4\bf4.exe
FirewallRules: [UDP Query User{C3FC6824-BCF2-469D-9350-CB04468D41F8}C:\ssd games\battlefield 4\bf4.exe] => (Allow) C:\ssd games\battlefield 4\bf4.exe
FirewallRules: [TCP Query User{70881B77-33B6-4338-BD15-0326F5B9D125}C:\ssd games\battlefield 3\bf3.exe] => (Allow) C:\ssd games\battlefield 3\bf3.exe
FirewallRules: [UDP Query User{56D54F90-A3AF-476D-A395-7B6B226D7692}C:\ssd games\battlefield 3\bf3.exe] => (Allow) C:\ssd games\battlefield 3\bf3.exe
FirewallRules: [{25B5C844-B3AB-488E-890D-E8A2C559D250}] => (Allow) D:\Games\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{AAB4093C-B0EB-4FCE-A433-212A6CFD13AD}] => (Allow) D:\Games\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{18E58035-9790-4CB2-9E11-839EE3577CA3}] => (Allow) D:\Games\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [{B6AA4D17-586B-46F8-8B7A-32608E833679}] => (Allow) D:\Games\SteamApps\common\Mafia II\pc\mafia2.exe
FirewallRules: [TCP Query User{09D5E8D6-BA17-4B6C-9E2D-7DA6F4243182}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [UDP Query User{41016894-E82F-4014-A30E-8C4852F3CCD6}D:\games\diablo iii\diablo iii.exe] => (Allow) D:\games\diablo iii\diablo iii.exe
FirewallRules: [{D915FE9B-C094-4120-8BB3-A77010978670}] => (Allow) D:\Games\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{CE2B8E8A-43A8-4A22-8C41-38CACA286F23}] => (Allow) D:\Games\SteamApps\common\dota 2 beta\dota.exe
FirewallRules: [{395BE38A-604D-4DA7-9CEB-2EFCC6EF9A4E}] => (Allow) D:\Games\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{283C59C8-1613-47C1-93BB-4F71F765EC5F}] => (Allow) D:\Games\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C99B853B-CA3A-4FD4-8711-3A1BC884E9E2}] => (Allow) D:\Games\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [{B455B52A-3413-4D93-BE21-F60850541C07}] => (Allow) D:\Games\Origin Games\FIFA 15\fifasetup\fifaconfig.exe
FirewallRules: [TCP Query User{35467276-7A06-4691-B276-6BB05F0C037F}D:\games\origin games\fifa 15\fifa15.exe] => (Allow) D:\games\origin games\fifa 15\fifa15.exe
FirewallRules: [UDP Query User{D26ED18A-6374-4568-B83F-3ECB0453C408}D:\games\origin games\fifa 15\fifa15.exe] => (Allow) D:\games\origin games\fifa 15\fifa15.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (06/02/2015 00:04:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0xcb0
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/02/2015 00:00:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2 » à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (06/01/2015 11:59:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: La création du contexte d’activation a échoué pour « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest1 ». Erreur dans le fichier de manifeste ou de stratégie « C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest2 » à la ligne C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest3.
Une version de composant nécessaire à l’application est en conflit avec une autre version de composant déjà active.
Les composants en conflit sont :
Composant 1 : C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifest.
Composant 2 : C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifest.

Error: (06/01/2015 11:59:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0xf6c
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/01/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0x14cc
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/01/2015 07:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0x2ac
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/01/2015 02:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0xc80
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/01/2015 11:53:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Les services de chiffrement ont échoué lors du traitement de l’appel OnIdentity() dans l’objet System Writer.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.
.

Error: (06/01/2015 11:02:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0xcd8
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5

Error: (06/01/2015 10:44:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nom de l’application défaillante DipAwayMode.exe, version : 0.0.0.0, horodatage : 0x00000000
Nom du module défaillant : KERNELBASE.dll, version : 6.3.9600.17415, horodatage : 0x54504ade
Code d’exception : 0x40010006
Décalage d’erreur : 0x00014598
ID du processus défaillant : 0xc88
Heure de début de l’application défaillante : 0xDipAwayMode.exe0
Chemin d’accès de l’application défaillante : DipAwayMode.exe1
Chemin d’accès du module défaillant: DipAwayMode.exe2
ID de rapport : DipAwayMode.exe3
Nom complet du package défaillant : DipAwayMode.exe4
ID de l’application relative au package défaillant : DipAwayMode.exe5


System errors:
=============
Error: (06/02/2015 00:06:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® Dynamic Application Loader Host Interface Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service ShadowExplorer Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service PnkBstrA s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service NVIDIA Streamer Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service NVIDIA Network Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Malwarebytes Anti-Exploit Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:50 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Intel® PROSet Monitoring Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:49 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Le service Intel® Capability Licensing Service Interface s’est terminé de manière inattendue. Ceci s’est produit 1 fois. L’action corrective suivante va être effectuée dans 0 millisecondes : Redémarrer le service.

Error: (06/02/2015 00:06:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service NVIDIA GeForce Experience Service s’est terminé de façon inattendue pour la 1ème fois.

Error: (06/02/2015 00:06:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Le service Foxit Cloud Safe Update Service s’est terminé de façon inattendue pour la 1ème fois.


Microsoft Office:
=========================
Error: (06/02/2015 00:04:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade4001000600014598cb001d09cbf576b5b06C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dll9b01dc0f-08b2-11e5-8269-7824afbaf9ad

Error: (06/02/2015 00:00:25 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestD:\Downloads\Programs\esetsmartinstaller_enu.exe

Error: (06/01/2015 11:59:58 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_624760d1ecb7236e.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17784_none_a9f497a901334c74.manifestD:\Downloads\Programs\esetsmartinstaller_enu.exe

Error: (06/01/2015 11:59:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade4001000600014598f6c01d09cbe8e1f395fC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dlld18ca91f-08b1-11e5-8268-7824afbaf9ad

Error: (06/01/2015 09:11:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade400100060001459814cc01d09ca71bcbbfdbC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dll5f0865a0-089a-11e5-8268-7824afbaf9ad

Error: (06/01/2015 07:05:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade40010006000145982ac01d09c957b100680C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dllbf0c9356-0888-11e5-8268-7824afbaf9ad

Error: (06/01/2015 02:34:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade4001000600014598c8001d09c6fa3743eceC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dlle7e9e403-0862-11e5-8268-7824afbaf9ad

Error: (06/01/2015 11:53:11 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Protocole LLDP (Link Layer Discovery Protocol) Microsoft.

System Error:
Accès refusé.

Error: (06/01/2015 11:02:50 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade4001000600014598cd801d09c5214cfebbdC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dll5c3f789e-0845-11e5-8268-7824afbaf9ad

Error: (06/01/2015 10:44:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1741554504ade4001000600014598c8801d09c4f8406afe9C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dllc62bbca5-0842-11e5-8267-7824afbaf9ad


==================== Memory info ===========================

Processor: Intel® Core™ i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 16%
Total physical RAM: 8127.04 MB
Available physical RAM: 6788.69 MB
Total Pagefile: 9151.04 MB
Available Pagefile: 7751.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:232.37 GB) (Free:94.51 GB) NTFS
Drive d: (Disque Local II) (Fixed) (Total:2794.39 GB) (Free:1316.77 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 094CEF5A)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End of log ============================



#4 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 02 June 2015 - 03:17 PM

Is it alright ?



#5 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 03 June 2015 - 04:51 PM

Hi BlackWaves.

 

I'm sorry for the delay but I somehow didn't get notification of your reply and looked in at this by chance.

 

I have seen your logs but it is late here and I won't be able to check and send a reply until tomorrow.

 

My apologies again

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#6 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 03 June 2015 - 05:19 PM

Hi , no problem , it's still really nice what you're doing here in this forum helping people

Have a nice day !



#7 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 04 June 2015 - 05:33 AM

boost_interprocess is not malware but there are some interesting observations to be made from your logs.

P2P - I see you have P2P software, (uTorrent ), installed on your machine.

You also have CryptoPrevent installed: these are contradictions.

On the one hand you are trying to protect your PC from a “Crypto*” attack and on the other hand you are inviting these types of infections onto your machine.

We are not here to pass judgment on file-sharing as a concept but we will warn you that engaging in this activity will always make your computer very susceptible to infection and re-infection.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are more often than not, infected. Those who write malware use P2P file-sharing as a major vehicle to spread their wares.

Please see this topic for more information:

P2P File Sharing Risks.

I would strongly recommend that you uninstall it now.

Should you decide to keep it, please don’t use it until we have finished up here.


Internet Download Manager does not have a good reputation and I would advise you to uninstall that also.

===================================================

Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
FF HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5 [2015-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
S3 GPU-Z; \??\C:\Users\Kamal\AppData\Local\Temp\GPU-Z.sys [X]
2015-05-29 17:50 - 2015-06-01 11:22 - 00000236 _____ () C:\ProgramData\boost_interprocess.rar
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Ubisoft
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\The Witcher 2
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\TeknoGods
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Skyrim
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\SKIDROW
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Rockstar Games
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\PAYDAY 2
2015-05-27 09:59 - 2015-05-27 16:48 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Adobe
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Macromedia
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Electronic Arts
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\EA Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\dxhr
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Darksiders2
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Criterion Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Arma 3
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Apps\2.0
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\ali213GameLauncher
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\4A Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\238010
C:\Users\Kamal\AppData\Local\Ubisoft
C:\Users\Kamal\AppData\Local\The Witcher 2
C:\Users\Kamal\AppData\Local\TeknoGods
C:\Users\Kamal\AppData\Local\Skyrim
C:\Users\Kamal\AppData\Local\SKIDROW
C:\Users\Kamal\AppData\Local\Rockstar Games
C:\Users\Kamal\AppData\Local\PAYDAY 2
C:\Users\Kamal\AppData\Local\Adobe
C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
C:\Users\Kamal\AppData\Local\Macromedia
C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud
C:\Users\Kamal\AppData\Local\Electronic Arts
C:\Users\Kamal\AppData\Local\EA Games
C:\Users\Kamal\AppData\Local\dxhr
C:\Users\Kamal\AppData\Local\Darksiders2
C:\Users\Kamal\AppData\Local\Criterion Games
C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games
C:\Users\Kamal\AppData\Local\Arma 3
C:\Users\Kamal\AppData\Local\Apps\2.0
C:\Users\Kamal\AppData\Local\ali213GameLauncher
C:\Users\Kamal\AppData\Local\4A Games
C:\Users\Kamal\AppData\Local\238010
CMD: ipconfig /flushdns

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7, and 8, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    autoclean;
    emptyalltemp;
    emptyclsid;
    FFdefaults;
    iedefaults;
    chrdefaults;
    
  • close any open programs
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

Logs to include with next post:

Fixlog.txt
zoek-results.log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#8 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 June 2015 - 07:37 AM

Hi , thanks for helping me

 

I don't really use utorrent , i installed it " just in case " , but like you advised me , i uninstalled it , same thing for IDM , i'll stuck with firefox solution

 

You say that i should not worry about the boost_interprocess creating itself ?

 

I got the logs , here they are :

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Kamal at 2015-06-04 13:11:53 Run:1
Running from C:\Users\Kamal\Desktop
Loaded Profiles: Kamal (Available Profiles: Kamal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2015-05-20] (Internet Download Manager, Tonec Inc.)
FF HKU\S-1-5-21-2248693553-3069304461-830210338-1001\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5 [2015-06-02]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
CHR HKLM-x32\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2015-05-20]
S3 GPU-Z; \??\C:\Users\Kamal\AppData\Local\Temp\GPU-Z.sys [X]
2015-05-29 17:50 - 2015-06-01 11:22 - 00000236 _____ () C:\ProgramData\boost_interprocess.rar
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Ubisoft
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\The Witcher 2
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\TeknoGods
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Skyrim
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\SKIDROW
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Rockstar Games
2015-05-27 10:00 - 2015-05-27 10:00 - 00000000 ____D () C:\Users\Kamal\AppData\Local\PAYDAY 2
2015-05-27 09:59 - 2015-05-27 16:48 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Adobe
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Macromedia
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Electronic Arts
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\EA Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\dxhr
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Darksiders2
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Criterion Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Arma 3
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\Apps\2.0
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\ali213GameLauncher
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\4A Games
2015-05-27 09:59 - 2015-05-27 09:59 - 00000000 ____D () C:\Users\Kamal\AppData\Local\238010
C:\Users\Kamal\AppData\Local\Ubisoft
C:\Users\Kamal\AppData\Local\The Witcher 2
C:\Users\Kamal\AppData\Local\TeknoGods
C:\Users\Kamal\AppData\Local\Skyrim
C:\Users\Kamal\AppData\Local\SKIDROW
C:\Users\Kamal\AppData\Local\Rockstar Games
C:\Users\Kamal\AppData\Local\PAYDAY 2
C:\Users\Kamal\AppData\Local\Adobe
C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me
C:\Users\Kamal\AppData\Local\Macromedia
C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud
C:\Users\Kamal\AppData\Local\Electronic Arts
C:\Users\Kamal\AppData\Local\EA Games
C:\Users\Kamal\AppData\Local\dxhr
C:\Users\Kamal\AppData\Local\Darksiders2
C:\Users\Kamal\AppData\Local\Criterion Games
C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games
C:\Users\Kamal\AppData\Local\Arma 3
C:\Users\Kamal\AppData\Local\Apps\2.0
C:\Users\Kamal\AppData\Local\ali213GameLauncher
C:\Users\Kamal\AppData\Local\4A Games
C:\Users\Kamal\AppData\Local\238010
CMD: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key Removed successfully
"HKCR\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8}" => key Removed successfully
HKU\S-1-5-21-2248693553-3069304461-830210338-1001\Software\Mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com => value Removed successfully
C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5 => Moved successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key Removed successfully
C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx => Moved successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ngpampappnmepgilojfohadhhmbhlaek" => key Removed successfully
"C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx" => File/Folder not found.
GPU-Z => Service Removed successfully
C:\ProgramData\boost_interprocess.rar => Moved successfully.
C:\Users\Kamal\AppData\Local\Ubisoft => Moved successfully.
C:\Users\Kamal\AppData\Local\The Witcher 2 => Moved successfully.
C:\Users\Kamal\AppData\Local\TeknoGods => Moved successfully.
C:\Users\Kamal\AppData\Local\Skyrim => Moved successfully.
C:\Users\Kamal\AppData\Local\SKIDROW => Moved successfully.
C:\Users\Kamal\AppData\Local\Rockstar Games => Moved successfully.
C:\Users\Kamal\AppData\Local\PAYDAY 2 => Moved successfully.
C:\Users\Kamal\AppData\Local\Adobe => Moved successfully.
C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me => Moved successfully.
C:\Users\Kamal\AppData\Local\Macromedia => Moved successfully.
C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud => Moved successfully.
C:\Users\Kamal\AppData\Local\Electronic Arts => Moved successfully.
C:\Users\Kamal\AppData\Local\EA Games => Moved successfully.
C:\Users\Kamal\AppData\Local\dxhr => Moved successfully.
C:\Users\Kamal\AppData\Local\Darksiders2 => Moved successfully.
C:\Users\Kamal\AppData\Local\Criterion Games => Moved successfully.
C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games => Moved successfully.
C:\Users\Kamal\AppData\Local\Arma 3 => Moved successfully.
C:\Users\Kamal\AppData\Local\Apps\2.0 => Moved successfully.
C:\Users\Kamal\AppData\Local\ali213GameLauncher => Moved successfully.
C:\Users\Kamal\AppData\Local\4A Games => Moved successfully.
C:\Users\Kamal\AppData\Local\238010 => Moved successfully.
"C:\Users\Kamal\AppData\Local\Ubisoft" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\The Witcher 2" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\TeknoGods" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Skyrim" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\SKIDROW" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Rockstar Games" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\PAYDAY 2" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Adobe" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\OCCT_-_Ocbase_-_Adrien_Me" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Macromedia" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\LumaEmu_SteamCloud" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Electronic Arts" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\EA Games" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\dxhr" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Darksiders2" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Criterion Games" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\BANDAI NAMCO Games" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Arma 3" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\Apps\2.0" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\ali213GameLauncher" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\4A Games" => File/Folder not found.
"C:\Users\Kamal\AppData\Local\238010" => File/Folder not found.

=========  ipconfig /flushdns =========


Configuration IP de Windows

Cache de r�solution DNS vid�.

========= End of CMD: =========


==== End of Fixlog 13:11:53 ====

 

zoek-results.log

 

Zoek.exe v5.0.0.0 Updated 04-May-2015
Tool run by Kamal on 04/06/2015 at 13:14:19,54.
Microsoft Windows 8.1 Professionnel 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Kamal\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

04/06/2015 13:15:02 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~3\IDM deleted successfully
C:\PROGRA~3\regid.1986-12.com.adobe deleted successfully
C:\PROGRA~3\Riot Games deleted successfully
C:\Users\Kamal\AppData\Local\Apps deleted successfully
C:\Users\Kamal\AppData\Local\History deleted successfully
C:\Users\Kamal\AppData\Local\PackageStaging deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default\prefs.js:
user_pref("services.sync.prefs.sync.browser.search.selectedEngine", true);

Added to C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\gpt.ini deleted
C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default\extensions\firefox@mega.co.nz.xpi deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"mozilla_cc@internetdownloadmanager.com"="C:\Users\Kamal\AppData\Roaming\IDM\idmmzcc5" [04/06/2015 13:13]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Kamal\AppData\Roaming\Mozilla\Firefox\Profiles\yuzyl0k1.default
2E661988463BCFA1B95D4DAAB9B0B6FA    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll -    Shockwave Flash


==== Chromium Look ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
"Old Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kamal\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Kamal\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Kamal\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Kamal\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Kamal\AppData\Local\Mozilla\Firefox\Profiles\yuzyl0k1.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=27 folders=34 28164391 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Kamal\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Kamal\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 04/06/2015 at 13:25:29,47 ======================
 

 

thanks again a lot !!


Edited by BlackWaves, 04 June 2015 - 07:37 AM.


#9 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 04 June 2015 - 11:01 AM

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
 

 

Please post the Mbam.txt result.

Can you tell me if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 June 2015 - 11:51 AM

Hi Satchfan , yes i use it from time to time to check how my pc is going

 

Here is the log , nothing special

 

Mbam.txt

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Date de l'examen: 04/06/2015
Heure de l'examen: 17:43:02
Fichier journal: Mbam.txt
Administrateur: Oui

Version: 2.01.6.1022
Base de données Malveillants: v2015.06.03.02
Base de données Rootkits: v2015.06.02.01
Licence: Gratuit
Protection contre les malveillants: Désactivé(e)
Protection contre les sites Web malveillants: Désactivé(e)
Auto-protection: Désactivé(e)

Système d'exploitation: Windows 8.1
Processeur: x64
Système de fichiers: NTFS
Utilisateur: Kamal

Type d'examen: Examen "Menaces"
Résultat: Terminé
Objets analysés: 350071
Temps écoulé: 5 min, 38 sec

Mémoire: Activé(e)
Démarrage: Activé(e)
Système de fichiers: Activé(e)
Archives: Activé(e)
Rootkits: Désactivé(e)
Heuristique: Activé(e)
PUP: Activé(e)
PUM: Activé(e)

Processus: 0
(Aucun élément malicieux détecté)

Modules: 0
(Aucun élément malicieux détecté)

Clés du Registre: 0
(Aucun élément malicieux détecté)

Valeurs du Registre: 0
(Aucun élément malicieux détecté)

Données du Registre: 0
(Aucun élément malicieux détecté)

Dossiers: 0
(Aucun élément malicieux détecté)

Fichiers: 0
(Aucun élément malicieux détecté)

Secteurs physiques: 0
(Aucun élément malicieux détecté)


(end)



#11 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 04 June 2015 - 01:34 PM

Let’s run an online scan to be sure nothing is left and if that’s clear I’ll send instructions to tidy up.


Run ESET Online Scan

Note: This may take a long time so please be patient.

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology


    Note: Do not check Remove found threats
     

  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:
 


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found
 

If threats were found:

 


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.

 

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 June 2015 - 03:58 PM

Hi , here it is :

 

ESET Results :

 

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application
D:\Data\Backups\Save before format\AppData.rar    a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application
D:\Data\Backups\Save before format\logiciels\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application
D:\Data\Galaxy S4\clockworkmod\backup\1970-11-01.12.40.23_KOT49H.I9505XXUGNJ8\data.ext4.tar.a    a variant of Android/AdDisplay.Viser.A potentially unwanted application
D:\Downloads\Programs\ccsetup500.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
D:\Downloads\Programs\CheatEngine64.exe    a variant of Win32/OpenCandy.C potentially unsafe application
 

I think i should uninstall cheatengine , it helped me in some games tought XD



#13 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 04 June 2015 - 04:21 PM

I’m so sorry again for the late response but for some reason I’m still receiving no notification of replies.
 

I think i should uninstall cheatengine

I agree.


Let’s get rid of what was found – nothing too bad.


Run Farbar Recovery Scan Tool

Open notepad. Please copy the contents of the code box below.


C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat
D:\Data\Backups\Save before format\AppData.rar
D:\Data\Backups\Save before format\logiciels\CheatEngine64.exe
D:\Data\Galaxy S4\clockworkmod\backup\1970-11-01.12.40.23_KOT49H.I9505XXUGNJ8\data.ext4.tar.a D:\Downloads\Programs\ccsetup500.exe
D:\Downloads\Programs\CheatEngine64.exe

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

Can you tell me how things are now and if there are any outstanding problems.

Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#14 BlackWaves

BlackWaves
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:55 AM

Posted 04 June 2015 - 06:10 PM

I don't know why you don't get notifications :/

 

I did the fix , then uninstalled cheat engine ,  here is the log :

 

Fixlog.txt

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Kamal at 2015-06-05 00:07:36 Run:1
Running from C:\Users\Kamal\Desktop
Loaded Profiles: Kamal (Available Profiles: Kamal)
Boot Mode: Normal
==============================================

fixlist content:
*****************
C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat
D:\Data\Backups\Save before format\AppData.rar
D:\Data\Backups\Save before format\logiciels\CheatEngine64.exe
D:\Data\Galaxy S4\clockworkmod\backup\1970-11-01.12.40.23_KOT49H.I9505XXUGNJ8\data.ext4.tar.a D:\Downloads\Programs\ccsetup500.exe
D:\Downloads\Programs\CheatEngine64.exe
*****************

C:\Program Files (x86)\Cheat Engine 6.4\standalonephase1.dat => Moved successfully.
D:\Data\Backups\Save before format\AppData.rar => Moved successfully.
D:\Data\Backups\Save before format\logiciels\CheatEngine64.exe => Moved successfully.
"D:\Data\Galaxy S4\clockworkmod\backup\1970-11-01.12.40.23_KOT49H.I9505XXUGNJ8\data.ext4.tar.a D:\Downloads\Programs\ccsetup500.exe" => File/Folder not found.
D:\Downloads\Programs\CheatEngine64.exe => Moved successfully.

==== End of Fixlog 00:08:16 ====



#15 satchfan

satchfan

  • Malware Response Team
  • 2,641 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:08:55 AM

Posted 05 June 2015 - 01:13 AM

Can you tell me how things are now and if there are any outstanding problems.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users