Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Self creating SVCHost.exe & lsass.exe in Windows\Temp folder, CPU Miner


  • This topic is locked This topic is locked
15 replies to this topic

#1 Ace_Evilsin

Ace_Evilsin

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 08 June 2015 - 04:54 AM

Hey,
 
First of all, I'd like to mention that my problem is almost the same as this thread:
 
There's an addition to this though, that another unknown process named lsass.exe is also created along with it, in the Windows/Temp folder.
 
Whenever I start the windows (Windows 7 64-bit), I see two extra processes named svchost.exe (not the usual system ones) (eating 75% of my CPU usage) & an lsass.exe (also different from the system one), & they're not associated with any services. However, on being clicked "Open File Location", I found out that these two processes are in C:\Windows\Temp alongside 3-4 log files which mention a name "Claymore Cryptonote CPU MIner v3.3 Beta". No matter how many times I delete those files, everytime I reboot, they just keep popping up again & again. Then, I decided to download a software named "Spybot - Search & Destroy" after reading at one of other forums about this problem & it's solution, but even that could not solve this issue, & still those files auto-create on reboot & start running, with svchost.exe taking 75% or above of my CPU usage.
 
I hope this issue gets solved, although after seeing two other cases same as mine that were satisfied with your answers, I am pretty confident it'll be solved. Another thing is that, I am a bit slow on the programming side & all, so I'd appreciate it, if you'd assist me in the easiest way possible. 
 
Thanks a lot in advance. :)
 
I am adding the DDS log first, & then the FRST log in the post, & will provide the addition.txt as an attachment. Let me know if I missed something.
 
Oh, & yes, I closed that process named svchost.exe before running those DDS & FRST scans, since I wasn't able to open anything with that running in the background & taking 100% of CPU usage. I hope that wouldn't affect the solution though.
 
 
---------------------------------------------------------
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17801
Run by Evilsin at 15:15:47 on 2015-06-08
#Option Extended Search is enabled.
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3959.2117 [GMT 5.5:30]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\alg.exe
C:\Windows\System32\schtasks.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\TiltWheelMouse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\GWX\GWX.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Temp\lsass.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
uSearch Page = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
uDefault_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1383275836&from=vtt&uid=TOSHIBAXMK5076GSX_829LCEFQTXX829LCEFQT
uDefault_Search_URL = hxxp://www.google.com/ie
uProxyServer = localhost:8080
uProxyOverride = <local>
uSearchAssistant = hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit = userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Google Update] "C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [DellSystemDetect] C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Akamai NetSession Interface] "C:\Users\Evilsin\AppData\Local\Akamai\netsession_win.exe"
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Evilsin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
uRun: [Desura] D:\Desura\desura.exe -autostart
uRun: [Vemeo] "C:\Users\Evilsin\AppData\Local\Vemeo\Vemeo\Vemeo.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [dellsupportcenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe] C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe
mRun: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
StartupFolder: C:\Users\Evilsin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - D:\GameStop App\GameStop App\Now\GameStopNow.exe
StartupFolder: C:\Users\Evilsin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: HideSCAHealth = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: dell.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
TCP: NameServer = 202.88.149.25 202.88.149.6
TCP: Interfaces\{2A9ECDFC-81A5-419B-ABA0-3AA72C300BDF}\0716070757 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{2A9ECDFC-81A5-419B-ABA0-3AA72C300BDF}\14D6964702D4F62696C656 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{37E35DCF-E81F-4BA9-A701-F7BC14F39289} : DHCPNameServer = 202.88.149.25 202.88.149.6
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
AppInit_DLLs=  
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [MouseDriver] TiltWheelMouse.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Mysearchdial
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - 
FF - prefs.js: network.proxy.gopher - 
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Users\Evilsin\AppData\Local\Hola\firefox\app\vlc\npvlc.dll
FF - plugin: C:\Users\Evilsin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
.
.
.
.
FF - user.js: extensions.mysearchdial.hmpg - true
FF - user.js: extensions.mysearchdial.hmpgUrl - hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=
FF - user.js: extensions.mysearchdial.dfltSrch - true
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=&q=
FF - user.js: extensions.mysearchdial.id - F04DA2B7B1F63477
FF - user.js: extensions.mysearchdial.instlDay - 16076
FF - user.js: extensions.mysearchdial.vrsn - 1.8.21.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.21.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.21.013:59:41
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - irmsd0101
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 
FF - user.js: extensions.mysearchdial.dfltLng - 
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial_i.hmpg - true
FF - user.js: extensions.mysearchdial.cr - 2104322891
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
FF - user.js: extensions.irmysearch.aflt - irmsd0101
FF - user.js: extensions.irmysearch.instlRef - 
FF - user.js: extensions.irmysearch.cr - 2104322891
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R
.
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2015-1-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-30 238080]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-14 27136]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-13 13336]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 124568]
R2 TeamViewer;TeamViewer 10;C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [2015-1-18 5426448]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2009-11-2 13784]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-13 2320920]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-7-5 96256]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-9-13 56344]
R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2013-4-5 158976]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 t_mouse.sys;HID-compliand device;C:\Windows\System32\drivers\t_mouse.sys [2012-12-19 6144]
S2 AIPS;Arp Intelligent Protection Service;C:\Program Files (x86)\netcut\services\AIPS.exe --> C:\Program Files (x86)\netcut\services\AIPS.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 Update Jump Flip;Update Jump Flip;"C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" --> C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe [?]
S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-9-13 20984]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2012-12-2 53800]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2012-12-2 35104]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe [2013-12-12 25832]
S3 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-6-9 180136]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-6-5 114688]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\System32\drivers\ivusb.sys [2010-7-29 29720]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\System32\drivers\LGBusEnum.sys [2009-11-24 22408]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\System32\drivers\LGSHidFilt.Sys [2013-1-18 66800]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\System32\drivers\LGVirHid.sys [2009-11-24 16008]
S3 Origin Client Service;Origin Client Service;C:\Program Files (x86)\Origin\OriginClientService.exe [2013-8-26 1903472]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2015-6-3 19456]
S3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2012-11-30 35112]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-6-3 56832]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-14 1255736]
.
=============== File Associations ===============
.
FileExt: .vbs: VBSFile="C:\Windows\System32\WScript.exe" "%1" %* [UserChoice]
.
=============== Created Last 60 ================
.
2015-06-08 08:28:32 -------- d-----w- C:\FRST
2015-06-08 05:13:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-06-08 04:48:16 1187344 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADDE8F31-120F-429E-92D7-77DD881FD186}\gapaengine.dll
2015-06-08 04:47:22 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4E60F730-FB82-4E28-A90F-58D7752A088B}\mpengine.dll
2015-06-06 06:52:16 -------- d-----w- C:\Users\Evilsin\AppData\Local\GWX
2015-06-06 06:47:51 12214312 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-06-06 06:47:34 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-06-06 06:47:34 -------- d-s---w- C:\Windows\System32\GWX
2015-06-06 06:22:57 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-06-05 09:43:36 -------- d-sh--w- C:\Users\Evilsin\AppData\Local\EmieUserList
2015-06-05 09:43:36 -------- d-sh--w- C:\Users\Evilsin\AppData\Local\EmieSiteList
2015-06-05 09:43:36 -------- d-sh--w- C:\Users\Evilsin\AppData\Local\EmieBrowserModeList
2015-06-05 09:35:42 -------- d-----w- C:\Windows\Offline Web Pages
2015-06-05 09:35:41 -------- d-----w- C:\Windows\Downloaded Program Files
2015-06-05 08:28:29 -------- d-----w- C:\Windows\System32\MRT
2015-06-05 08:23:07 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2015-06-05 08:23:07 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2015-06-05 08:23:07 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2015-06-05 08:23:07 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2015-06-05 08:23:00 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-06-05 08:23:00 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-06-05 06:50:43 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-06-05 06:50:43 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-06-05 06:50:43 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-06-05 06:45:41 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2015-06-05 06:45:40 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2015-06-05 06:44:51 87040 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2015-06-03 08:32:48 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-06-03 08:32:48 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-06-03 08:29:35 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-06-03 08:29:35 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2015-06-03 07:12:39 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-06-03 07:12:39 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-06-03 07:12:38 3204608 ----a-w- C:\Windows\System32\win32k.sys
2015-06-03 07:12:38 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-06-03 07:12:37 1424896 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-06-03 07:12:37 1230848 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-06-03 07:12:05 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-06-03 07:12:05 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-06-03 06:43:40 -------- d-s---w- C:\Windows\System32\CompatTel
2015-06-03 06:43:40 -------- d-----w- C:\Windows\System32\appraiser
2015-06-03 04:38:05 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-06-03 04:38:03 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll
2015-06-03 04:38:02 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll
2015-06-03 03:58:00 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 03:58:00 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 03:42:55 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-06-03 03:42:55 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-06-03 03:42:54 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-06-03 03:42:54 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-06-03 03:42:52 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-06-03 03:42:52 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-06-03 03:42:13 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-06-03 03:42:13 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-06-03 03:11:07 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-06-03 03:09:31 700416 ----a-w- C:\Windows\System32\generaltel.dll
2015-06-03 03:09:31 45568 ----a-w- C:\Windows\System32\acmigration.dll
2015-06-03 03:09:30 757248 ----a-w- C:\Windows\System32\invagent.dll
2015-06-03 03:09:30 423424 ----a-w- C:\Windows\System32\devinv.dll
2015-06-03 03:09:30 193536 ----a-w- C:\Windows\System32\aepic.dll
2015-06-03 03:09:30 1119232 ----a-w- C:\Windows\System32\aeinv.dll
2015-06-03 03:09:30 1021440 ----a-w- C:\Windows\System32\appraiser.dll
2015-06-03 03:09:29 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-06-03 03:04:59 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-06-03 03:00:05 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-06-03 02:55:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2015-06-03 02:55:49 235520 ----a-w- C:\Windows\System32\winsta.dll
2015-06-03 02:55:48 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys
2015-06-03 02:55:48 212480 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2015-06-03 02:55:48 157696 ----a-w- C:\Windows\SysWow64\winsta.dll
2015-06-03 02:55:48 150528 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2015-06-03 02:48:06 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2015-06-03 02:47:59 55296 ----a-w- C:\Windows\SysWow64\cero.rs
2015-06-03 02:47:59 55296 ----a-w- C:\Windows\System32\cero.rs
2015-06-03 02:47:59 23552 ----a-w- C:\Windows\SysWow64\oflc.rs
2015-06-03 02:47:59 23552 ----a-w- C:\Windows\System32\oflc.rs
2015-06-03 02:47:59 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs
2015-06-03 02:47:59 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2015-06-03 02:43:38 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-06-03 02:43:38 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-06-03 02:42:36 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-06-03 02:42:36 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-06-03 02:42:35 692736 ----a-w- C:\Windows\System32\osk.exe
2015-06-03 02:42:35 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2015-06-03 02:42:35 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-06-03 02:42:35 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2015-06-03 02:42:35 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-06-03 02:42:35 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-06-03 02:42:35 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-06-03 02:42:35 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2015-06-03 02:37:51 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-06-03 02:36:25 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2015-06-03 02:36:25 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2015-06-03 02:35:30 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2015-06-03 02:34:26 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-06-03 02:34:26 2048 ----a-w- C:\Windows\System32\tzres.dll
2015-06-03 02:33:27 903168 ----a-w- C:\Windows\SysWow64\certutil.exe
2015-06-03 02:33:27 1192448 ----a-w- C:\Windows\System32\certutil.exe
2015-06-03 02:33:26 52224 ----a-w- C:\Windows\System32\certenc.dll
2015-06-03 02:33:26 43008 ----a-w- C:\Windows\SysWow64\certenc.dll
2015-06-03 02:30:39 197120 ----a-w- C:\Windows\System32\credui.dll
2015-06-03 02:30:39 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2015-06-03 02:30:39 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2015-06-03 02:30:39 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2015-06-03 02:30:16 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-06-03 02:30:16 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-06-03 02:30:16 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-06-03 02:30:15 70144 ----a-w- C:\Windows\System32\appinfo.dll
2015-06-03 02:30:15 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-06-03 02:30:15 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-06-03 02:30:15 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-06-03 02:30:15 112064 ----a-w- C:\Windows\System32\consent.exe
2015-06-03 02:29:41 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-06-03 02:29:41 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2015-06-03 02:29:39 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-06-03 02:29:39 6656 ----a-w- C:\Windows\System32\shimeng.dll
2015-06-03 02:29:39 5120 ----a-w- C:\Windows\SysWow64\shimeng.dll
2015-06-03 02:29:39 342016 ----a-w- C:\Windows\System32\apphelp.dll
2015-06-03 02:29:39 295936 ----a-w- C:\Windows\SysWow64\apphelp.dll
2015-06-03 02:29:39 23552 ----a-w- C:\Windows\System32\sdbinst.exe
2015-06-03 02:29:39 20992 ----a-w- C:\Windows\SysWow64\sdbinst.exe
2015-06-03 02:29:20 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-06-03 02:28:59 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2015-06-03 02:28:59 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2015-06-03 02:28:59 156312 ----a-w- C:\Windows\System32\mscorier.dll
2015-06-03 02:28:59 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2015-06-03 02:28:58 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2015-06-03 02:28:58 73880 ----a-w- C:\Windows\System32\mscories.dll
2015-06-03 02:28:17 327168 ----a-w- C:\Windows\System32\mswsock.dll
2015-06-03 02:28:17 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2015-06-03 02:26:55 785624 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2015-06-03 02:26:13 259584 ----a-w- C:\Windows\System32\WebClnt.dll
2015-06-03 02:26:13 205824 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2015-06-03 02:26:12 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2015-06-03 02:26:12 102400 ----a-w- C:\Windows\System32\davclnt.dll
2015-06-03 02:25:16 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-06-03 02:25:16 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-06-03 02:23:45 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2015-06-03 02:23:44 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2015-06-03 02:23:44 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2015-06-03 02:23:44 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2015-06-03 02:23:44 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2015-06-03 02:23:44 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2015-06-03 02:23:44 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2015-06-03 02:23:43 328704 ----a-w- C:\Windows\System32\services.exe
2015-06-03 02:23:21 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-06-03 02:23:20 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-06-03 02:23:05 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2015-06-03 02:23:05 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2015-06-03 02:19:59 165888 ----a-w- C:\Windows\System32\charmap.exe
2015-06-03 02:18:35 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2015-06-03 02:18:22 633856 ----a-w- C:\Windows\System32\comctl32.dll
2015-06-03 02:18:22 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
2015-06-03 02:18:18 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-06-03 02:18:18 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-06-03 02:18:17 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-06-03 02:18:17 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-06-03 02:18:17 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-06-03 02:18:17 1067520 ----a-w- C:\Windows\System32\msctf.dll
2015-06-03 02:16:57 2002432 ----a-w- C:\Windows\System32\msxml6.dll
2015-06-03 02:15:55 79360 ----a-w- C:\Windows\System32\clfsw32.dll
2015-06-03 02:13:53 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-06-03 02:13:52 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-06-03 02:12:51 68608 ----a-w- C:\Windows\System32\taskhost.exe
2015-05-23 18:50:40 -------- d-----w- C:\ProgramData\sunsoft
2015-05-23 17:55:51 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2015-05-23 17:55:50 -------- d-----w- C:\Program Files (x86)\MagicDisc
2015-05-23 17:53:43 -------- d-----w- C:\Program Files (x86)\MagicISO
2015-05-06 14:57:18 -------- d-----w- C:\Users\Evilsin\AppData\Roaming\Steam
.
==================== Find6M  ====================
.
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-04-16 18:16:23 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-04-16 18:16:23 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-11 03:19:59 69888 ----a-w- C:\Windows\System32\drivers\stream.sys
2015-04-08 03:29:07 275456 ----a-w- C:\Windows\System32\InkEd.dll
2015-04-08 03:29:07 24576 ----a-w- C:\Windows\System32\jnwmon.dll
2015-04-08 03:14:07 216064 ----a-w- C:\Windows\SysWow64\InkEd.dll
2015-03-14 03:21:28 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-03-14 03:21:28 1632768 ----a-w- C:\Windows\System32\dwmcore.dll
2015-03-14 03:04:46 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-03-14 03:04:46 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-03-10 03:25:10 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-03-10 03:21:42 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-03-10 03:08:26 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-03-10 03:05:39 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-03-04 14:04:52 280376 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2015-03-04 14:04:52 124568 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2015-03-04 04:55:13 367552 ----a-w- C:\Windows\System32\clfs.sys
2015-03-04 04:41:26 309248 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2015-03-04 04:41:26 103424 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2015-03-04 04:10:54 58880 ----a-w- C:\Windows\SysWow64\clfsw32.dll
2015-03-04 04:10:52 470528 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2015-03-04 04:10:52 2178560 ----a-w- C:\Windows\apppatch\AcGenral.dll
2015-03-04 04:06:41 2560 ----a-w- C:\Windows\apppatch\AcRes.dll
2015-03-03 13:17:35 295552 ------w- C:\Windows\System32\MpSigStub.exe
2015-02-25 03:18:01 754688 ----a-w- C:\Windows\System32\drivers\http.sys
2015-02-20 04:41:01 41984 ----a-w- C:\Windows\System32\lpk.dll
2015-02-20 04:40:59 100864 ----a-w- C:\Windows\System32\fontsub.dll
2015-02-20 04:40:56 14336 ----a-w- C:\Windows\System32\dciman32.dll
2015-02-20 04:40:55 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-20 04:13:49 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2015-02-20 04:13:46 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2015-02-20 04:13:43 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2015-02-20 04:12:51 25600 ----a-w- C:\Windows\SysWow64\lpk.dll
2015-02-20 03:29:16 372224 ----a-w- C:\Windows\System32\atmfd.dll
2015-02-20 03:09:16 299008 ----a-w- C:\Windows\SysWow64\atmfd.dll
2015-02-18 07:06:21 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-02-18 07:04:44 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-02-04 06:53:14 875688 ----a-w- C:\Windows\SysWow64\msvcr120_clr0400.dll
2015-02-04 06:43:22 869536 ----a-w- C:\Windows\System32\msvcr120_clr0400.dll
2015-02-03 03:34:39 693176 ----a-w- C:\Windows\System32\winload.efi
2015-02-03 03:34:36 94656 ----a-w- C:\Windows\System32\drivers\mountmgr.sys
2015-02-03 03:33:29 616360 ----a-w- C:\Windows\System32\winresume.efi
2015-02-03 03:30:58 631808 ----a-w- C:\Windows\System32\evr.dll
2015-02-03 03:29:19 8704 ----a-w- C:\Windows\System32\pcaevts.dll
2015-02-03 03:28:49 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-03 03:19:12 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2015-02-03 03:11:55 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-03 03:11:48 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-03 03:11:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-03 03:09:03 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
.
============= FINISH: 15:17:26.37 ===============
 

 

 

 

------------------------------------------------------------------------------------

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Evilsin (administrator) on EVILSIN on 08-06-2015 15:19:00
Running from C:\Users\Evilsin\Desktop
Loaded Profiles: Evilsin (Available Profiles: Evilsin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Windows\Temp\lsass.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [dellsupportcenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe] => C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe [15361 2013-01-20] ()
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Google Update] => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-13] (Google Inc.)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3841616 2014-06-14] (Tonec Inc.)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [DellSystemDetect] => C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2015-01-06] (Electronic Arts)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Evilsin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Evilsin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Desura] => D:\Desura\desura.exe -autostart
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Vemeo] => "C:\Users\Evilsin\AppData\Local\Vemeo\Vemeo\Vemeo.exe"
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bda6-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdb1-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdbb-2a34-11e2-b1c4-9510c4efc6a4} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {48966064-12b4-11e2-8653-fdceaf76e38d} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {4a8ebb7f-abe6-11e2-9f66-8fff4772fbee} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {87f2ab20-00e3-11e2-b8b1-c0cb384b7920} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf00974-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf0098e-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {ce33edd5-fe1a-11e1-bdf5-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c34-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c38-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c47-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2c14440-12b7-11e2-972e-e8358dca088a} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ee7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef5-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5efb-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2013-11-29]
ShortcutTarget: GameStop Now.lnk -> D:\GameStop App\GameStop App\Now\GameStopNow.exe (No File)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-05-23]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3448805320-2649480344-1412443562-1000] => localhost:8080
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383275836&from=vtt&uid=TOSHIBAXMK5076GSX_829LCEFQTXX829LCEFQT
SearchScopes: HKU\.DEFAULT -> DefaultScope {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = 
SearchScopes: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000 -> DefaultScope {4463DAF8-F958-48F1-97B2-A419242941C5} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000 -> {4463DAF8-F958-48F1-97B2-A419242941C5} URL = https://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-06-05] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-06-05] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-28] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 202.88.149.25 202.88.149.6
 
FireFox:
========
FF ProfilePath: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Mysearchdial
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com
FF Keyword.URL: 
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @hola.org/vlc,version=1.6.390 -> C:\Users\Evilsin\AppData\Local\Hola\firefox\app\vlc [2015-01-25] ()
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evilsin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\user.js [2014-01-06]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Mysearchdial.xml [2014-02-10]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\safeguard-secure-search.xml [2013-11-06]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Web Search.xml [2013-11-01]
FF Extension: FoxyProxy Standard - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Hola Better Internet - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-28]
FF HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5 [2014-06-14]
FF HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FoxyProxy Standard) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-06-09]
CHR Extension: (Hola Better Internet) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (IDM Integration Module) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (UltraSurf: Privacy & Security VPN & Unblock) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Enhanced Steam) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-03-15]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
CHR HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
StartMenuInternet: Google Chrome.24TWYNNOOXSDZMBDRMBUXDHRHA - C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-12] (BioWare)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-06] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 golhzcib; \??\C:\Windows\system32\drivers\golhzcib.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S1 muwziygj; \??\C:\Windows\system32\drivers\muwziygj.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 15:19 - 2015-06-08 15:19 - 00025097 _____ C:\Users\Evilsin\Desktop\FRST.txt
2015-06-08 15:17 - 2015-06-08 15:17 - 00039731 _____ C:\Users\Evilsin\Desktop\dds.txt
2015-06-08 15:17 - 2015-06-08 15:17 - 00015609 _____ C:\Users\Evilsin\Desktop\attach.txt
2015-06-08 14:30 - 2015-06-08 14:30 - 00688992 ____R (Swearware) C:\Users\Evilsin\Downloads\dds.com
2015-06-08 14:19 - 2015-06-08 15:13 - 00002014 _____ C:\Users\Evilsin\Desktop\New Text Document.txt
2015-06-08 13:58 - 2015-06-08 15:19 - 00000000 ____D C:\FRST
2015-06-08 13:57 - 2015-06-08 13:57 - 02108928 _____ (Farbar) C:\Users\Evilsin\Desktop\FRST64.exe
2015-06-08 12:38 - 2015-06-08 14:55 - 00000418 _____ C:\Windows\wininit.ini
2015-06-08 12:13 - 2015-06-08 11:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150608-121307.backup
2015-06-08 11:51 - 2009-06-11 02:30 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150608-115141.backup
2015-06-08 10:44 - 2015-06-08 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-08 10:43 - 2015-06-08 14:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 12:22 - 2015-06-06 12:22 - 00000000 ____D C:\Users\Evilsin\AppData\Local\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-06 11:52 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-05 15:13 - 2015-06-07 09:35 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68A1E410-1F93-40DF-B169-96D7A80B5DFB}
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieUserList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieSiteList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieBrowserModeList
2015-06-05 15:05 - 2015-06-05 15:05 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-05 14:58 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-06-05 14:54 - 2015-06-05 14:54 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-05 14:38 - 2015-06-05 14:58 - 00007222 _____ C:\Windows\IE11_main.log
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\Windows\system32\MRT
2015-06-05 13:56 - 2015-06-05 13:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-06-05 13:53 - 2014-06-24 08:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-05 13:53 - 2014-06-24 08:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-05 12:20 - 2015-01-31 05:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-05 12:15 - 2013-11-26 13:46 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-05 12:15 - 2013-11-23 04:18 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-05 12:14 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-05 10:43 - 2015-06-08 14:55 - 00000952 _____ C:\Windows\setupact.log
2015-06-05 10:43 - 2015-06-05 10:43 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 14:02 - 2014-06-27 07:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-03 14:02 - 2014-06-27 07:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-06-03 13:59 - 2014-09-05 07:41 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-03 13:59 - 2014-09-05 07:22 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-03 12:42 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-03 12:42 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-03 12:42 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-03 12:42 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-03 12:42 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-03 12:42 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 11:44 - 2015-01-09 05:14 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-06-03 11:44 - 2015-01-09 05:13 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-03 11:12 - 2013-10-02 07:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-03 11:12 - 2013-10-02 07:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-03 11:12 - 2013-10-02 07:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 06:59 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 06:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-03 11:12 - 2013-10-02 05:45 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 05:31 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-03 11:12 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 05:01 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-03 11:12 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-03 10:08 - 2012-08-23 19:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-03 10:08 - 2012-08-23 16:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-03 10:08 - 2012-08-23 16:21 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-03 09:28 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:28 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 01:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 01:24 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 01:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 01:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 00:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 00:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 23:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 22:56 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-06-03 09:22 - 2013-01-13 22:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-06-03 09:12 - 2014-07-01 03:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-03 09:12 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-03 09:12 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-03 09:12 - 2014-06-06 11:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-03 09:12 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-03 08:42 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-06-03 08:42 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-03 08:42 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-06-03 08:42 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-03 08:42 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-03 08:42 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-03 08:42 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-03 08:42 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-03 08:41 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-03 08:39 - 2015-05-22 23:48 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 08:39 - 2015-05-22 23:43 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 08:39 - 2015-05-21 18:49 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 08:35 - 2015-05-25 23:54 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:53 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 08:35 - 2015-05-25 23:53 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 08:35 - 2015-05-25 23:51 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 08:35 - 2015-05-25 23:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 08:35 - 2015-05-25 23:37 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 08:35 - 2015-05-25 23:37 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:34 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 08:35 - 2015-05-25 23:29 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:29 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 08:35 - 2015-05-25 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 08:34 - 2015-05-25 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 08:34 - 2015-05-25 23:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 08:34 - 2015-05-25 22:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 08:34 - 2015-05-25 22:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:30 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-03 08:25 - 2014-07-17 07:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-03 08:25 - 2014-07-17 07:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-03 08:25 - 2014-07-17 07:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-03 08:25 - 2014-07-17 07:10 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-06-03 08:25 - 2014-07-17 06:51 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-03 08:25 - 2014-07-17 06:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-03 08:24 - 2014-03-04 15:14 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-03 08:24 - 2014-03-04 15:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-06-03 08:18 - 2012-12-07 18:50 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-06-03 08:18 - 2012-12-07 18:45 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-06-03 08:18 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-06-03 08:18 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-06-03 08:18 - 2012-12-07 16:50 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-06-03 08:17 - 2012-12-07 16:49 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-06-03 08:16 - 2015-05-09 08:57 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 08:16 - 2015-05-09 08:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 08:16 - 2014-11-11 08:38 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-03 08:16 - 2014-11-11 08:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-06-03 08:13 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-03 08:13 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-03 08:12 - 2014-06-18 07:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-03 08:12 - 2014-06-18 07:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-06-03 08:09 - 2013-12-04 07:57 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:56 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:46 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-05-10 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-03 08:09 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-06-03 08:07 - 2014-10-14 07:43 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-03 08:06 - 2013-04-26 05:00 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-06-03 08:06 - 2013-04-01 04:22 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-06-03 08:05 - 2014-01-24 08:07 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-06-03 08:04 - 2014-11-08 08:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-03 08:04 - 2014-11-08 08:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-03 08:03 - 2013-05-13 11:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-03 08:03 - 2013-05-13 09:13 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-06-03 08:00 - 2014-10-14 07:43 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-03 08:00 - 2014-10-14 07:20 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-03 08:00 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-03 08:00 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-03 08:00 - 2013-10-04 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-06-03 08:00 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-06-03 08:00 - 2013-02-27 11:17 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-03 07:59 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-03 07:59 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-03 07:59 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-03 07:59 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-03 07:58 - 2014-06-19 03:53 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-03 07:58 - 2013-09-08 07:57 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-06-03 07:58 - 2013-09-08 07:33 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-03 07:57 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-03 07:57 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-03 07:57 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-03 07:57 - 2014-08-01 17:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-03 07:57 - 2014-08-01 17:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-06-03 07:57 - 2013-07-26 07:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-06-03 07:57 - 2013-07-26 07:25 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-06-03 07:56 - 2013-07-04 18:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 18:20 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-03 07:56 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-06-03 07:56 - 2013-06-26 04:25 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-03 07:55 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-03 07:55 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-03 07:55 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-03 07:55 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-03 07:54 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-03 07:54 - 2014-06-16 07:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-03 07:54 - 2014-01-29 08:02 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-06-03 07:54 - 2014-01-29 07:36 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-06-03 07:54 - 2013-10-04 07:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-03 07:54 - 2013-10-04 07:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-03 07:54 - 2013-04-10 11:31 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-03 07:54 - 2011-02-03 16:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-03 07:53 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-03 07:53 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-03 07:53 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-03 07:53 - 2013-11-27 07:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-06-03 07:53 - 2013-10-19 07:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-03 07:53 - 2013-10-19 07:06 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:41 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-10-03 07:15 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:14 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-02-04 08:05 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-06-03 07:52 - 2014-02-04 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-06-03 07:52 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-06-03 07:52 - 2013-10-30 08:02 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-06-03 07:52 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-03 07:49 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-06-03 07:49 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-03 07:49 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-03 07:49 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-03 07:49 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-06-03 07:49 - 2014-10-30 07:33 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-03 07:49 - 2014-10-30 07:15 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-06-03 07:49 - 2014-04-25 08:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-03 07:49 - 2014-04-25 07:36 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-03 07:48 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-03 07:48 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-03 07:48 - 2015-01-09 08:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-03 07:48 - 2013-08-28 06:42 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-03 07:48 - 2013-07-04 18:20 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-03 07:48 - 2013-07-04 17:20 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-03 07:47 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-03 07:47 - 2014-08-12 07:32 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-03 07:47 - 2014-08-12 07:06 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-03 07:47 - 2014-05-30 12:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-03 07:47 - 2013-11-26 17:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-03 07:47 - 2013-10-12 08:02 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-03 07:47 - 2013-10-12 08:01 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-06-03 07:47 - 2013-10-12 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:03 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-03 07:47 - 2013-10-12 07:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-06-03 07:47 - 2013-07-25 14:55 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-03 07:47 - 2013-07-25 14:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-06-03 07:47 - 2013-04-26 11:21 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-03 07:47 - 2013-04-26 10:25 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-06-03 07:46 - 2015-04-11 08:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-03 07:46 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-03 07:46 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-03 07:46 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-03 07:46 - 2014-11-11 07:16 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-03 07:46 - 2014-09-04 10:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-03 07:46 - 2014-09-04 10:34 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-06-03 07:46 - 2014-03-26 20:14 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-03 07:46 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-03 07:46 - 2014-03-26 19:57 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-03 07:46 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-06-03 07:46 - 2013-07-03 09:35 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-06-03 07:46 - 2013-07-03 09:35 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-06-03 07:45 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-03 07:45 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-03 07:45 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-03 07:45 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-03 07:45 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-03 07:45 - 2014-10-25 07:27 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-03 07:45 - 2014-10-25 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-03 07:45 - 2014-06-06 15:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-03 07:45 - 2014-06-06 15:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-03 07:45 - 2014-01-28 08:02 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-06-03 07:45 - 2013-10-12 08:00 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-03 07:45 - 2013-10-12 07:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-10-12 07:33 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:31 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-08-05 07:55 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-06-03 07:45 - 2013-03-19 11:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-06-03 07:45 - 2013-01-24 11:31 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-06-03 07:43 - 2014-07-14 07:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-03 07:43 - 2014-07-14 07:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-06-03 07:42 - 2012-11-23 08:43 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-05-24 00:20 - 2015-05-24 00:20 - 00003088 _____ C:\Windows\System32\Tasks\sunsoft
2015-05-24 00:20 - 2015-05-24 00:20 - 00003080 _____ C:\Windows\System32\Tasks\catalyst
2015-05-24 00:20 - 2015-05-24 00:20 - 00000000 ____D C:\ProgramData\sunsoft
2015-05-23 23:25 - 2015-05-23 23:25 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-23 23:25 - 2015-05-23 23:25 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2015-05-23 23:25 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2015-05-23 23:23 - 2015-05-23 23:23 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-05-23 23:23 - 2015-05-23 23:23 - 00000000 ____D C:\Program Files (x86)\MagicISO
2015-05-17 15:35 - 2015-05-17 15:35 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d09089c61b5c9.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 15:19 - 2012-09-14 08:51 - 01256935 _____ C:\Windows\WindowsUpdate.log
2015-06-08 15:12 - 2012-09-13 21:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA.job
2015-06-08 15:04 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 15:04 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 14:57 - 2014-01-02 02:50 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\newnext.me
2015-06-08 14:57 - 2012-11-11 06:35 - 00000000 ____D C:\ProgramData\Origin
2015-06-08 14:56 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 14:55 - 2012-09-13 20:36 - 00194722 _____ C:\Windows\PFRO.log
2015-06-08 14:44 - 2013-08-26 05:48 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-08 14:44 - 2013-04-09 22:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-08 14:41 - 2013-01-07 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 10:34 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\Downloads\Compressed
2015-06-08 10:34 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\DMCache
2015-06-08 03:13 - 2012-09-13 21:45 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\uTorrent
2015-06-06 16:33 - 2014-12-21 03:29 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\vlc
2015-06-06 15:58 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:08 - 2009-07-14 10:15 - 00414544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 __RSD C:\Windows\Media
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-05 14:36 - 2014-12-18 19:54 - 00000000 ____D C:\Users\Evilsin\Desktop\New folder (2)
2015-06-05 13:58 - 2013-03-14 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-05 13:56 - 2013-03-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 12:27 - 2012-09-13 20:27 - 00000000 ____D C:\Users\Evilsin
2015-06-05 04:00 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2015-06-03 12:37 - 2009-07-14 10:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-03 12:23 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 12:19 - 2009-07-14 08:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-03 12:14 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-03 12:13 - 2009-07-14 13:15 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-03 11:25 - 2012-09-21 00:50 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-03 11:24 - 2012-09-21 00:50 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 10:44 - 2012-09-21 00:50 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-03 10:27 - 2012-09-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-02 05:09 - 2013-02-22 03:54 - 00000000 ____D C:\Windows\Minidump
2015-05-29 18:00 - 2013-08-25 03:21 - 00008763 _____ C:\Users\Evilsin\Desktop\Trade_Keys.txt
2015-05-25 15:50 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\IDM
2015-05-25 00:16 - 2013-03-28 01:21 - 00000000 ____D C:\Users\Evilsin\Downloads\Video
2015-05-24 10:24 - 2014-01-12 19:36 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-05-23 23:25 - 2012-09-15 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-23 23:23 - 2012-09-15 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-05-17 15:35 - 2015-02-05 04:12 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d040cbdb7819e0.job
2015-05-14 23:31 - 2013-04-11 10:05 - 00000000 ___RD C:\Users\Evilsin\Desktop\ 
 
==================== Files in the root of some directories =======
 
2013-01-05 03:11 - 2013-01-05 03:20 - 0000807 _____ () C:\Users\Evilsin\AppData\Roaming\explorer
2013-01-05 03:11 - 2010-11-05 07:28 - 1169224 _____ (Microsoft Corporation) C:\Users\Evilsin\AppData\Roaming\SYTUncrypted.exe
2014-01-02 03:45 - 2014-01-02 03:45 - 0000027 _____ () C:\Users\Evilsin\AppData\Roaming\WB.CFG
2013-07-05 11:21 - 2013-07-05 11:22 - 0007984 _____ () C:\Users\Evilsin\AppData\Local\CleanupUninstall.txt
2014-01-02 02:45 - 2014-01-06 13:59 - 0351124 _____ () C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx
2012-10-19 00:02 - 2012-11-07 03:14 - 0007607 _____ () C:\Users\Evilsin\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 03:35
 
==================== End of log ============================
[attachment=165806:Addition.txt]


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:38 PM

Posted 08 June 2015 - 06:00 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Let's get going now :thumbup2:

==========================
 
Hi Ace_Evilsin,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Windows\Temp\lsass.exe
HKLM-x32\...\Run: [Adobe] => C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe [15361 2013-01-20] ()
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Vemeo] => "C:\Users\Evilsin\AppData\Local\Vemeo\Vemeo\Vemeo.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Temp\lsass.exe
C:\Windows\Temp\svchost.exe
C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe
C:\Users\Evilsin\AppData\Local\Vemeo
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 08 June 2015 - 08:18 AM

Oh hey Toffee  :lol:

 

I literally loved the way your nick sounds....haha

 

Anyway, coming back to the topic, I ran the fix after copying that content as you asked, & now I see that those files svchost.exe & lsass.exe are gone from the temp folder. I'll keep a close watch on this for the next couple of restarts as well though, just to be sure.

 

Here's the Fixlog.txt you asked me to paste here :

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Evilsin at 2015-06-08 18:40:54 Run:1
Running from C:\Users\Evilsin\Desktop
Loaded Profiles: Evilsin (Available Profiles: Evilsin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
() C:\Windows\Temp\lsass.exe
HKLM-x32\...\Run: [Adobe] => C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe [15361 2013-01-20] ()
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Vemeo] => "C:\Users\Evilsin\AppData\Local\Vemeo\Vemeo\Vemeo.exe"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Windows\Temp\lsass.exe
C:\Windows\Temp\svchost.exe
C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe
C:\Users\Evilsin\AppData\Local\Vemeo
*****************
 
C:\Windows\Temp\lsass.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe => value removed successfully
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Vemeo => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
C:\Windows\Temp\lsass.exe => moved successfully.
C:\Windows\Temp\svchost.exe => moved successfully.
C:\Users\Evilsin\AppData\Roaming\Adobe\color.vbe => moved successfully.
C:\Users\Evilsin\AppData\Local\Vemeo => moved successfully.
 
==== End of Fixlog 18:40:55 ====


#4 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 08 June 2015 - 09:06 AM

Oh wait, it's still there. I just restarted my laptop, & those two processes named "svchost.exe" & "lsass.exe" came back in temp folder, with svchost taking 100% of CPU usage.

 

But, after another reboot, without making any changes, it didn't start though. And now I am confused, as it's totally random if it'll show up or not.  :mellow:

 

Adding both FRST.txt as well as addition.txt in respective order below:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2015
Ran by Evilsin (administrator) on EVILSIN on 08-06-2015 21:37:32
Running from C:\Users\Evilsin\Desktop
Loaded Profiles: Evilsin (Available Profiles: Evilsin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\wscript.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pixart Imaging Inc) C:\Windows\System32\TiltWheelMouse.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Windows\Temp\svchost.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWXConfigManager.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM-x32\...\Run: [dellsupportcenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Google Update] => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-13] (Google Inc.)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [IDMan] => C:\Program Files (x86)\Internet Download Manager\IDMan.exe [3841616 2014-06-14] (Tonec Inc.)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [DellSystemDetect] => C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2015-01-06] (Electronic Arts)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Evilsin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [NextLive] => C:\Windows\SysWOW64\rundll32.exe "C:\Users\Evilsin\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Desura] => D:\Desura\desura.exe -autostart
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bda6-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdb1-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdbb-2a34-11e2-b1c4-9510c4efc6a4} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {48966064-12b4-11e2-8653-fdceaf76e38d} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {4a8ebb7f-abe6-11e2-9f66-8fff4772fbee} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {87f2ab20-00e3-11e2-b8b1-c0cb384b7920} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf00974-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf0098e-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {ce33edd5-fe1a-11e1-bdf5-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c34-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c38-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c47-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2c14440-12b7-11e2-972e-e8358dca088a} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ee7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef5-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5efb-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2012-12-02]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2013-11-29]
ShortcutTarget: GameStop Now.lnk -> D:\GameStop App\GameStop App\Now\GameStopNow.exe (No File)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-05-23]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll [2014-04-21] (Tonec Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: [S-1-5-21-3448805320-2649480344-1412443562-1000] => localhost:8080
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.qone8.com/?type=hp&ts=1383275836&from=vtt&uid=TOSHIBAXMK5076GSX_829LCEFQTXX829LCEFQT
SearchScopes: HKU\.DEFAULT -> DefaultScope {154d339e-ccaa-49a5-9b38-6878ad4220bc} URL = 
SearchScopes: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000 -> DefaultScope {4463DAF8-F958-48F1-97B2-A419242941C5} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000 -> {4463DAF8-F958-48F1-97B2-A419242941C5} URL = https://www.google.com/search?q={searchTerms}
BHO: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2014-06-05] (Internet Download Manager, Tonec Inc.)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: IDM integration (IDMIEHlprObj Class) -> {0055C089-8582-441B-A0BF-17B458C2A3A8} -> C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2014-06-05] (Internet Download Manager, Tonec Inc.)
BHO-x32: No Name -> {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} ->  No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-28] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 202.88.149.25 202.88.149.6
 
FireFox:
========
FF ProfilePath: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Mysearchdial
FF SelectedSearchEngine,S: WebSearch
FF Homepage: hxxp://www.google.com
FF Keyword.URL: 
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-16] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-16] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @hola.org/vlc,version=1.6.390 -> C:\Users\Evilsin\AppData\Local\Hola\firefox\app\vlc [2015-01-25] ()
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evilsin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\user.js [2014-01-06]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Mysearchdial.xml [2014-02-10]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\safeguard-secure-search.xml [2013-11-06]
FF SearchPlugin: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Web Search.xml [2013-11-01]
FF Extension: FoxyProxy Standard - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\Extensions\foxyproxy@eric.h.jung [2015-05-30]
FF Extension: Hola Better Internet - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-28]
FF HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Firefox\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5
FF Extension: IDM CC - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5 [2014-06-14]
FF HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\SeaMonkey\Extensions: [mozilla_cc@internetdownloadmanager.com] - C:\Users\Evilsin\AppData\Roaming\IDM\idmmzcc5
 
Chrome: 
=======
CHR Profile: C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (FoxyProxy Standard) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcknhkkoolaabfmlnjonogaaifnjlfnp [2014-06-09]
CHR Extension: (Hola Better Internet) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2014-05-23]
CHR Extension: (Bookmark Manager) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (IDM Integration Module) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn [2014-06-14]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (UltraSurf: Privacy & Security VPN & Unblock) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjnbclmflcpookeapghfhapeffmpodij [2015-01-09]
CHR Extension: (Google Wallet) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Enhanced Steam) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\okadibdjfemgnhjiembecghcbfknbfhg [2014-03-15]
CHR HKLM\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
CHR HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
CHR HKLM-x32\...\Chrome\Extension: [jeaohhlajejodfjadcponpnjgkiikocn] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [pflphaooapbgpeakohlggbpidpppgdff] - C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx [2014-01-02]
StartMenuInternet: Google Chrome.24TWYNNOOXSDZMBDRMBUXDHRHA - C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-12] (BioWare)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-06] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-05] ()
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 golhzcib; \??\C:\Windows\system32\drivers\golhzcib.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S1 muwziygj; \??\C:\Windows\system32\drivers\muwziygj.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 15:20 - 2015-06-08 19:26 - 00085118 _____ C:\Users\Evilsin\Desktop\Addition.txt
2015-06-08 15:19 - 2015-06-08 21:52 - 00024153 _____ C:\Users\Evilsin\Desktop\FRST.txt
2015-06-08 15:17 - 2015-06-08 15:17 - 00039731 _____ C:\Users\Evilsin\Desktop\dds.txt
2015-06-08 15:17 - 2015-06-08 15:17 - 00015609 _____ C:\Users\Evilsin\Desktop\attach.txt
2015-06-08 14:30 - 2015-06-08 14:30 - 00688992 ____R (Swearware) C:\Users\Evilsin\Downloads\dds.com
2015-06-08 14:19 - 2015-06-08 15:13 - 00002014 _____ C:\Users\Evilsin\Desktop\New Text Document.txt
2015-06-08 13:58 - 2015-06-08 21:37 - 00000000 ____D C:\FRST
2015-06-08 13:57 - 2015-06-08 13:57 - 02108928 _____ (Farbar) C:\Users\Evilsin\Desktop\FRST64.exe
2015-06-08 12:38 - 2015-06-08 14:55 - 00000418 _____ C:\Windows\wininit.ini
2015-06-08 12:13 - 2015-06-08 11:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150608-121307.backup
2015-06-08 11:51 - 2009-06-11 02:30 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150608-115141.backup
2015-06-08 10:44 - 2015-06-08 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-08 10:43 - 2015-06-08 14:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 12:22 - 2015-06-06 12:22 - 00000000 ____D C:\Users\Evilsin\AppData\Local\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-06 11:52 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-05 15:13 - 2015-06-08 15:40 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68A1E410-1F93-40DF-B169-96D7A80B5DFB}
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieUserList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieSiteList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieBrowserModeList
2015-06-05 15:05 - 2015-06-05 15:05 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-05 14:58 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-06-05 14:54 - 2015-06-05 14:54 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-05 14:38 - 2015-06-05 14:58 - 00007222 _____ C:\Windows\IE11_main.log
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\Windows\system32\MRT
2015-06-05 13:56 - 2015-06-05 13:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-06-05 13:53 - 2014-06-24 08:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-05 13:53 - 2014-06-24 08:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-05 12:20 - 2015-01-31 05:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-05 12:15 - 2013-11-26 13:46 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-05 12:15 - 2013-11-23 04:18 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-05 12:14 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-05 10:43 - 2015-06-08 21:26 - 00001344 _____ C:\Windows\setupact.log
2015-06-05 10:43 - 2015-06-05 10:43 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 14:02 - 2014-06-27 07:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-03 14:02 - 2014-06-27 07:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-06-03 13:59 - 2014-09-05 07:41 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-03 13:59 - 2014-09-05 07:22 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-03 12:42 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-03 12:42 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-03 12:42 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-03 12:42 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-03 12:42 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-03 12:42 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 11:44 - 2015-01-09 05:14 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-06-03 11:44 - 2015-01-09 05:13 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-03 11:12 - 2013-10-02 07:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-03 11:12 - 2013-10-02 07:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-03 11:12 - 2013-10-02 07:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 06:59 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 06:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-03 11:12 - 2013-10-02 05:45 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 05:31 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-03 11:12 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 05:01 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-03 11:12 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-03 10:08 - 2012-08-23 19:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-03 10:08 - 2012-08-23 16:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-03 10:08 - 2012-08-23 16:21 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-03 09:28 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:28 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 01:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 01:24 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 01:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 01:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 00:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 00:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 23:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 22:56 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-06-03 09:22 - 2013-01-13 22:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-06-03 09:12 - 2014-07-01 03:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-03 09:12 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-03 09:12 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-03 09:12 - 2014-06-06 11:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-03 09:12 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-03 08:42 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-06-03 08:42 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-03 08:42 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-06-03 08:42 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-03 08:42 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-03 08:42 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-03 08:42 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-03 08:42 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-03 08:41 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-03 08:39 - 2015-05-22 23:48 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 08:39 - 2015-05-22 23:43 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 08:39 - 2015-05-21 18:49 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 08:35 - 2015-05-25 23:54 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:53 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 08:35 - 2015-05-25 23:53 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 08:35 - 2015-05-25 23:51 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 08:35 - 2015-05-25 23:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 08:35 - 2015-05-25 23:37 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 08:35 - 2015-05-25 23:37 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:34 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 08:35 - 2015-05-25 23:29 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:29 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 08:35 - 2015-05-25 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 08:34 - 2015-05-25 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 08:34 - 2015-05-25 23:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 08:34 - 2015-05-25 22:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 08:34 - 2015-05-25 22:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:30 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-03 08:25 - 2014-07-17 07:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-03 08:25 - 2014-07-17 07:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-03 08:25 - 2014-07-17 07:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-03 08:25 - 2014-07-17 07:10 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-06-03 08:25 - 2014-07-17 06:51 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-03 08:25 - 2014-07-17 06:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-03 08:24 - 2014-03-04 15:14 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-03 08:24 - 2014-03-04 15:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-06-03 08:18 - 2012-12-07 18:50 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-06-03 08:18 - 2012-12-07 18:45 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-06-03 08:18 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-06-03 08:18 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-06-03 08:18 - 2012-12-07 16:50 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-06-03 08:17 - 2012-12-07 16:49 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-06-03 08:16 - 2015-05-09 08:57 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 08:16 - 2015-05-09 08:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 08:16 - 2014-11-11 08:38 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-03 08:16 - 2014-11-11 08:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-06-03 08:13 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-03 08:13 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-03 08:12 - 2014-06-18 07:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-03 08:12 - 2014-06-18 07:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-06-03 08:09 - 2013-12-04 07:57 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:56 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:46 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-05-10 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-03 08:09 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-06-03 08:07 - 2014-10-14 07:43 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-03 08:06 - 2013-04-26 05:00 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-06-03 08:06 - 2013-04-01 04:22 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-06-03 08:05 - 2014-01-24 08:07 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-06-03 08:04 - 2014-11-08 08:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-03 08:04 - 2014-11-08 08:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-03 08:03 - 2013-05-13 11:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-03 08:03 - 2013-05-13 09:13 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-06-03 08:00 - 2014-10-14 07:43 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-03 08:00 - 2014-10-14 07:20 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-03 08:00 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-03 08:00 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-03 08:00 - 2013-10-04 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-06-03 08:00 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-06-03 08:00 - 2013-02-27 11:17 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-03 07:59 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-03 07:59 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-03 07:59 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-03 07:59 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-03 07:58 - 2014-06-19 03:53 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-03 07:58 - 2013-09-08 07:57 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-06-03 07:58 - 2013-09-08 07:33 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-03 07:57 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-03 07:57 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-03 07:57 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-03 07:57 - 2014-08-01 17:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-03 07:57 - 2014-08-01 17:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-06-03 07:57 - 2013-07-26 07:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-06-03 07:57 - 2013-07-26 07:25 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-06-03 07:56 - 2013-07-04 18:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 18:20 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-03 07:56 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-06-03 07:56 - 2013-06-26 04:25 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-03 07:55 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-03 07:55 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-03 07:55 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-03 07:55 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-03 07:54 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-03 07:54 - 2014-06-16 07:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-03 07:54 - 2014-01-29 08:02 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-06-03 07:54 - 2014-01-29 07:36 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-06-03 07:54 - 2013-10-04 07:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-03 07:54 - 2013-10-04 07:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-03 07:54 - 2013-04-10 11:31 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-03 07:54 - 2011-02-03 16:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-03 07:53 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-03 07:53 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-03 07:53 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-03 07:53 - 2013-11-27 07:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-06-03 07:53 - 2013-10-19 07:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-03 07:53 - 2013-10-19 07:06 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:41 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-10-03 07:15 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:14 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-02-04 08:05 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-06-03 07:52 - 2014-02-04 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-06-03 07:52 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-06-03 07:52 - 2013-10-30 08:02 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-06-03 07:52 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-03 07:49 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-06-03 07:49 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-03 07:49 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-03 07:49 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-03 07:49 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-06-03 07:49 - 2014-10-30 07:33 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-03 07:49 - 2014-10-30 07:15 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-06-03 07:49 - 2014-04-25 08:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-03 07:49 - 2014-04-25 07:36 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-03 07:48 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-03 07:48 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-03 07:48 - 2015-01-09 08:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-03 07:48 - 2013-08-28 06:42 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-03 07:48 - 2013-07-04 18:20 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-03 07:48 - 2013-07-04 17:20 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-03 07:47 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-03 07:47 - 2014-08-12 07:32 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-03 07:47 - 2014-08-12 07:06 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-03 07:47 - 2014-05-30 12:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-03 07:47 - 2013-11-26 17:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-03 07:47 - 2013-10-12 08:02 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-03 07:47 - 2013-10-12 08:01 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-06-03 07:47 - 2013-10-12 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:03 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-03 07:47 - 2013-10-12 07:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-06-03 07:47 - 2013-07-25 14:55 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-03 07:47 - 2013-07-25 14:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-06-03 07:47 - 2013-04-26 11:21 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-03 07:47 - 2013-04-26 10:25 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-06-03 07:46 - 2015-04-11 08:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-03 07:46 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-03 07:46 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-03 07:46 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-03 07:46 - 2014-11-11 07:16 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-03 07:46 - 2014-09-04 10:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-03 07:46 - 2014-09-04 10:34 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-06-03 07:46 - 2014-03-26 20:14 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-03 07:46 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-03 07:46 - 2014-03-26 19:57 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-03 07:46 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-06-03 07:46 - 2013-07-03 09:35 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-06-03 07:46 - 2013-07-03 09:35 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-06-03 07:45 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-03 07:45 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-03 07:45 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-03 07:45 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-03 07:45 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-03 07:45 - 2014-10-25 07:27 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-03 07:45 - 2014-10-25 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-03 07:45 - 2014-06-06 15:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-03 07:45 - 2014-06-06 15:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-03 07:45 - 2014-01-28 08:02 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-06-03 07:45 - 2013-10-12 08:00 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-03 07:45 - 2013-10-12 07:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-10-12 07:33 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:31 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-08-05 07:55 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-06-03 07:45 - 2013-03-19 11:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-06-03 07:45 - 2013-01-24 11:31 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-06-03 07:43 - 2014-07-14 07:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-03 07:43 - 2014-07-14 07:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-06-03 07:42 - 2012-11-23 08:43 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-05-24 00:20 - 2015-05-24 00:20 - 00003088 _____ C:\Windows\System32\Tasks\sunsoft
2015-05-24 00:20 - 2015-05-24 00:20 - 00003080 _____ C:\Windows\System32\Tasks\catalyst
2015-05-24 00:20 - 2015-05-24 00:20 - 00000000 ____D C:\ProgramData\sunsoft
2015-05-23 23:25 - 2015-05-23 23:25 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-23 23:25 - 2015-05-23 23:25 - 00000000 ____D C:\Program Files (x86)\MagicDisc
2015-05-23 23:25 - 2009-02-24 18:35 - 00255552 _____ (MagicISO, Inc.) C:\Windows\SysWOW64\Drivers\mcdbus.sys
2015-05-23 23:23 - 2015-05-23 23:23 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-05-23 23:23 - 2015-05-23 23:23 - 00000000 ____D C:\Program Files (x86)\MagicISO
2015-05-17 15:35 - 2015-05-17 15:35 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d09089c61b5c9.job
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-08 21:52 - 2013-01-07 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-08 21:32 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:32 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-08 21:27 - 2014-01-02 02:50 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\newnext.me
2015-06-08 21:27 - 2013-08-26 05:48 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-08 21:26 - 2013-04-09 22:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-08 21:26 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-08 21:11 - 2012-09-13 21:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA.job
2015-06-08 19:33 - 2012-09-14 08:51 - 01304508 _____ C:\Windows\WindowsUpdate.log
2015-06-08 19:11 - 2012-11-11 06:35 - 00000000 ____D C:\ProgramData\Origin
2015-06-08 18:40 - 2012-09-14 18:11 - 00000000 ___HD C:\Users\Evilsin\AppData\Roaming\Adobe
2015-06-08 14:55 - 2012-09-13 20:36 - 00194722 _____ C:\Windows\PFRO.log
2015-06-08 10:34 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\Downloads\Compressed
2015-06-08 10:34 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\DMCache
2015-06-08 03:13 - 2012-09-13 21:45 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\uTorrent
2015-06-06 16:33 - 2014-12-21 03:29 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\vlc
2015-06-06 15:58 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:08 - 2009-07-14 10:15 - 00414544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 __RSD C:\Windows\Media
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-05 14:36 - 2014-12-18 19:54 - 00000000 ____D C:\Users\Evilsin\Desktop\New folder (2)
2015-06-05 13:58 - 2013-03-14 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-05 13:56 - 2013-03-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 12:27 - 2012-09-13 20:27 - 00000000 ____D C:\Users\Evilsin
2015-06-05 04:00 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2015-06-03 12:37 - 2009-07-14 10:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-03 12:23 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 12:19 - 2009-07-14 08:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-03 12:14 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-03 12:13 - 2009-07-14 13:15 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-03 11:25 - 2012-09-21 00:50 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-03 11:24 - 2012-09-21 00:50 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 10:44 - 2012-09-21 00:50 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-03 10:27 - 2012-09-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-02 05:09 - 2013-02-22 03:54 - 00000000 ____D C:\Windows\Minidump
2015-05-29 18:00 - 2013-08-25 03:21 - 00008763 _____ C:\Users\Evilsin\Desktop\Trade_Keys.txt
2015-05-25 15:50 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\IDM
2015-05-25 00:16 - 2013-03-28 01:21 - 00000000 ____D C:\Users\Evilsin\Downloads\Video
2015-05-24 10:24 - 2014-01-12 19:36 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2015-05-23 23:25 - 2012-09-15 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2015-05-23 23:23 - 2012-09-15 13:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-05-17 15:35 - 2015-02-05 04:12 - 00000864 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d040cbdb7819e0.job
2015-05-14 23:31 - 2013-04-11 10:05 - 00000000 ___RD C:\Users\Evilsin\Desktop\ 
 
==================== Files in the root of some directories =======
 
2013-01-05 03:11 - 2013-01-05 03:20 - 0000807 _____ () C:\Users\Evilsin\AppData\Roaming\explorer
2013-01-05 03:11 - 2010-11-05 07:28 - 1169224 _____ (Microsoft Corporation) C:\Users\Evilsin\AppData\Roaming\SYTUncrypted.exe
2014-01-02 03:45 - 2014-01-02 03:45 - 0000027 _____ () C:\Users\Evilsin\AppData\Roaming\WB.CFG
2013-07-05 11:21 - 2013-07-05 11:22 - 0007984 _____ () C:\Users\Evilsin\AppData\Local\CleanupUninstall.txt
2014-01-02 02:45 - 2014-01-06 13:59 - 0351124 _____ () C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx
2012-10-19 00:02 - 2012-11-07 03:14 - 0007607 _____ () C:\Users\Evilsin\AppData\Local\Resmon.ResmonCfg
 
Files to move or delete:
====================
C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-03 03:35
 
==================== End of log ============================

Edited by Ace_Evilsin, 08 June 2015 - 11:38 AM.


#5 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 08 June 2015 - 09:08 AM

And here's "Addition.txt" :

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Evilsin at 2015-06-08 21:56:01
Running from C:\Users\Evilsin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3448805320-2649480344-1412443562-500 - Administrator - Disabled)
Evilsin (S-1-5-21-3448805320-2649480344-1412443562-1000 - Administrator - Enabled) => C:\Users\Evilsin
Guest (S-1-5-21-3448805320-2649480344-1412443562-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3448805320-2649480344-1412443562-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.169 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Idea Factory)
Age of Empires 2 Gold by KZ (HKLM-x32\...\Age of Empires 2 Gold by KZ_is1) (Version:  - )
Age of Empires II - the Conquerors WideScreen Patcher (HKLM-x32\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Arma 2: Free (HKLM-x32\...\Steam App 107400) (Version:  - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands Granting Tool (HKLM-x32\...\Steam App 301070) (Version:  - )
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Codename Gordon (HKLM-x32\...\Steam App 92) (Version:  - Nuclear Vision)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cthulhu Saves the World  (HKLM-x32\...\Steam App 107310) (Version:  - Zeboyd Games)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Darksiders II - Death Lives (HKLM-x32\...\Darksiders II - Death Lives_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters)
Don Bradman Cricket 14 (HKLM-x32\...\Don Bradman Cricket 14_is1) (Version:  - Big Ant Studios)
Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.14 - Electronic Arts)
Dragon Age Legends (x32 Version: 1.0.14 - Electronic Arts) Hidden
Dragon Age: Origins (HKLM-x32\...\Steam App 17450) (Version:  - BioWare)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
DYNASTY WARRIORS 6 (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}) (Version: 1.00.0000 - Koei)
Dynasty Warriors 6 (x32 Version: 1.00.0000 - Koei) Hidden
Dynasty Warriors 8 Xtreme Legends (HKLM-x32\...\{DE04539D-C0B7-44FB-98E8-F9F181BEE3CE}) (Version: 6.0 - Black Box)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.16.2s - Релиз от R.G. Steamgames)
F.E.A.R. Plantinum (HKLM-x32\...\{0A7C4C5C-6DF9-48D5-BEF4-E5E6FB868EAF}_is1) (Version: 1.08 - Timegate Studio)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM-x32\...\Steam App 251870) (Version:  - OVERDRIVE)
Google Chrome (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Google Chrome) (Version: 43.0.2357.81 - Google Inc.)
Grand Theft Auto (HKLM-x32\...\Steam App 12170) (Version:  - Rockstar North)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version:  - Opus )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Internet Download Manager (HKLM-x32\...\Internet Download Manager) (Version:  - Tonec Inc.)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Legendary (HKLM-x32\...\Steam App 16730) (Version:  - Spark Unlimited)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.3.4000 - Maxthon International Limited)
MB Condition Zero 2.0 (HKLM-x32\...\MB Condition Zero 2.0) (Version:  - )
MB Counter Strike 1.6 1.0 (HKLM-x32\...\MB Counter Strike 1.6 1.0) (Version:  - )
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 en-US)) (Version: 35.0.1 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version:  - Psyonix)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake III Arena (HKLM-x32\...\Steam App 2200) (Version:  - id Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Setup - Dynasty Warriors 8 Empires ... (HKLM-x32\...\Setup - Dynasty Warriors 8 Empires ...) (Version: ... - Omega Force)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SMPlayer 14.9.0 (x64) (HKLM\...\SMPlayer) (Version: 14.9.0 - Ricardo Villalba)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Split/Second (HKLM-x32\...\Steam App 297860) (Version:  - Black Rock Studio)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Walking Dead (HKLM-x32\...\The Walking Dead_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight (HKLM-x32\...\Torchlight_is1) (Version:  - GOG.com)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Truck Racer (HKLM-x32\...\Steam App 256070) (Version:  - Kylotonn Entertainment)
Unity Web Player (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version:  - Ubisoft Montpellier)
Verdun (HKLM-x32\...\Steam App 242860) (Version:  - M2H)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WiFi HotSpot Creator (HKLM-x32\...\WiFi HotSpot Creator) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points =========================
 
05-06-2015 14:26:54 Windows Update
05-06-2015 14:52:04 Windows Modules Installer
06-06-2015 12:17:12 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2015-06-08 12:13 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DE7048-A87D-46C4-A729-A14DB4037770} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {20C0EB02-8B09-43CA-AB12-B8A268D9194B} - System32\Tasks\{177EC37E-FB18-4C67-81CB-4BB0FFE3C1C3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.169.404&amp;LastError=404
Task: {211B6572-9FAC-4384-891C-97A44D5908AC} - System32\Tasks\{24E02306-CA83-4B93-B270-712C8216BA24} => pcalua.exe -a D:\Steam\steam.exe -c steam://uninstall/231060
Task: {25BCAE0B-2B6D-4092-AC28-03D11AC933A8} - System32\Tasks\{5D26FAE2-A2E1-4933-9DFC-DE8BF4A25492} => pcalua.exe -a "C:\Program Files\sges-v3\uninstall.exe"
Task: {35874DFA-5C6E-48D0-B920-95295E1AFDE9} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {3A9AC1C9-3B6A-4668-BD5D-2B6CA16909A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-16] (Adobe Systems Incorporated)
Task: {48EFA838-E88A-4AF2-8D4C-E1BEADF1441C} - System32\Tasks\{D9819C55-381D-48A9-98F2-484FCDB07CE1} => F:\Call.of.Duty.Black.Ops.II.Update.3.exe
Task: {4EF60CB2-02B7-459F-B9C6-6053EE6B2253} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {54556F8D-479E-4380-BD70-BD632F86ABE3} - System32\Tasks\{A2D0627B-89F4-44A4-92AD-8AE1CA688F20} => pcalua.exe -a "D:\Unreal Tournament 3 Black Edition\OpenAL\oalinst.exe" -d "D:\Unreal Tournament 3 Black Edition\OpenAL"
Task: {5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92} - System32\Tasks\sunsoft => c:\programdata\sunsoft\sunsoft.exe
Task: {661D1B7E-06E9-4FCA-86B1-5B36466F0D34} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {7042E41C-9F06-456F-B7D2-94BB11036B6E} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
Task: {755FEDDE-782C-4E7B-89E6-90B61D919B89} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {84144F8F-FBF6-4B13-9B5E-1264833740A9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {9DEC89C1-FC5E-4C21-AEA3-2D94421B37D5} - System32\Tasks\{F37F6C46-D011-40C0-A15B-D5ECBCF379C0} => C:\Program Files (x86)\Condition Zero\hl.exe
Task: {9E2D89D8-EEE3-46AD-9275-BD1433131282} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13] (Google Inc.)
Task: {A2B738D6-559A-4F97-847D-9728E962651C} - System32\Tasks\{12CCF9DA-488E-4E32-9E5C-2402BBEFB4DC} => pcalua.exe -a C:\Users\Evilsin\Downloads\Compressed\CSIW_Setup_26_Dec_2012\CSIW_Setup_26_Dec_2012.exe -d C:\Users\Evilsin\Downloads\Compressed\CSIW_Setup_26_Dec_2012
Task: {A514098C-CF17-417F-AC69-D159B88B4DF7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {A8759C09-DDE6-494B-B741-B43E0105961A} - System32\Tasks\{DD6EEA7C-418D-494E-A8BC-3513AAB9E9DA} => pcalua.exe -a C:\Windows\System32\msiexec.exe -d "D:\Steam\steamapps\common\Truck Racer" -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS3F5C371F8EA24F259D3DD0B4526E3AEA_9_10_0513.MSI" WISE_SETUP_EXE_PATH="D:\Steam\steamapps\common\Truck Racer\Redist\PhysX_9.10.0513_SystemSoftware.exe"
Task: {B3F74957-5C17-4DF5-B489-E55BF4B01671} - System32\Tasks\{5F6E9957-ACDD-4E70-A645-F54DE5937254} => pcalua.exe -a "C:\Users\Evilsin\Downloads\Compressed\Instalation Guild Wars 2 Key Generator\Instalation Guild Wars 2 Key Generator\Application Files\Installation_1_0_0_8\Installation.exe" -d "C:\Users\Evilsin\Downloads\Compressed\Instalation Guild Wars 2 Key Generator\Instalation Guild Wars 2 Key Generator\Application Files\Installation_1_0_0_8"
Task: {BAFB18B2-F3D8-45C4-A3B6-F4D2C1F425B7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-14] (Microsoft Corporation)
Task: {C1EF0E3C-CE83-4E2B-8BA8-1EF8E098E0A9} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-06-02] (Maxthon International ltd.)
Task: {C9948B94-4773-459B-9C5A-4D60DBF009C4} - System32\Tasks\Origin => C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe [2015-05-24] () <==== ATTENTION
Task: {D16C4DA4-405C-463B-98FA-CEB806B84DD3} - System32\Tasks\{2C384E0F-9ED4-49F5-A650-B7E2FFF8BF35} => pcalua.exe -a C:\Windows\System32\msiexec.exe -d D:\Steam\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="D:\Steam\steamapps\common\Antichamber\Binaries\Redist\physx\PhysX_9.10.0224_SystemSoftware.exe"
Task: {DBE253E2-9A23-422F-A67E-76472DEF25DE} - System32\Tasks\{E08968D4-5CC3-4237-ABC9-1219CCC0C217} => pcalua.exe -a C:\Users\Evilsin\Downloads\Programs\cain20.exe -d C:\Users\Evilsin\AppData\Roaming\IDM
Task: {DC47F4DB-2C93-495F-9181-87E9DE07371F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1cf8d161ad047f7.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1cfeac8a36689ae.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d001208f67edf3.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d040cbdb7819e0.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d09089c61b5c9.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-23 11:44 - 2014-02-05 00:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-06-08 21:27 - 2015-06-08 21:27 - 01563136 _____ () C:\Windows\Temp\svchost.exe
2015-06-03 12:34 - 2015-06-03 12:34 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2012-09-13 20:49 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.88.149.25 - 202.88.149.6
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{0642D852-FD18-4422-9DC9-176DC68BB0BB}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{149BBF58-F105-4062-8125-2D573D0EC224}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{D92FC20D-E426-446E-86FF-50B16C86C691}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [UDP Query User{5FAA7894-FA9B-4908-82B1-E31077AB26ED}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [TCP Query User{FC193D0F-211C-45AE-96C2-5D4F5A2EC953}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [UDP Query User{ADB652CD-5100-4F64-B255-4E323710F62A}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [TCP Query User{534C342E-E0C6-4EA9-BBA4-102C5744DE69}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{C1DD4703-648F-423F-AC3C-0285768DE991}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{C6B7ED91-2D25-4F6D-A114-354386FAC990}D:\bzzzt\valve\condition zero\hl.exe] => (Allow) D:\bzzzt\valve\condition zero\hl.exe
FirewallRules: [UDP Query User{DB3BBB20-8881-4B04-AB59-43F35719848E}D:\bzzzt\valve\condition zero\hl.exe] => (Allow) D:\bzzzt\valve\condition zero\hl.exe
FirewallRules: [TCP Query User{CFAA90A7-978F-44A4-8401-AD63F2C79785}C:\program files (x86)\activision\blur™\blur.exe] => (Allow) C:\program files (x86)\activision\blur™\blur.exe
FirewallRules: [UDP Query User{755594BB-F386-4F58-88E3-D4819ADF5BFD}C:\program files (x86)\activision\blur™\blur.exe] => (Allow) C:\program files (x86)\activision\blur™\blur.exe
FirewallRules: [{E331DE8A-D17C-42DA-8E2E-47EFBE719CA7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires Online\Spartan.exe
FirewallRules: [{B9BA3F48-2C9B-459F-BC7E-2C6BEB1EFE9D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires Online\Spartan.exe
FirewallRules: [TCP Query User{94D57E46-0D5D-4C66-80D7-2CD690B7CE44}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{163D86A2-5E20-4B3E-AA5D-EC5582655F0D}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{B97AE4DE-FB1A-4A01-8427-6553721E9B45}D:\bzzzt\need for speed most wanted\speed.exe] => (Allow) D:\bzzzt\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{B2B2056C-6A2F-406B-AAD3-F56F517DAF43}D:\bzzzt\need for speed most wanted\speed.exe] => (Allow) D:\bzzzt\need for speed most wanted\speed.exe
FirewallRules: [TCP Query User{F795D62E-7752-4F8A-B146-0A37B65C5614}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{379F5730-CC5C-4FD3-BD91-6C95B4CB1113}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{ACD3D674-CC5F-4C3C-A92C-D87D98BF45DB}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [UDP Query User{AB5A36C8-D934-425B-A3D5-E5E97C3C8DCA}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [TCP Query User{3D10530A-537F-4075-9D7F-7ED9088EC433}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{64D59434-114F-4300-B2FC-EB7B7C97D8B1}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe
FirewallRules: [TCP Query User{7C292975-6C3E-461A-8924-ACFF85D96AE8}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [UDP Query User{F8A2FFCC-C0B5-46AE-B083-850441FAC171}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [TCP Query User{1E8BFA79-1B13-4070-99F5-DC73B38DCA81}C:\program files (x86)\mb condition zero\hlds.exe] => (Allow) C:\program files (x86)\mb condition zero\hlds.exe
FirewallRules: [UDP Query User{AFDA793A-9267-4EDA-A95F-36AA45F86F28}C:\program files (x86)\mb condition zero\hlds.exe] => (Allow) C:\program files (x86)\mb condition zero\hlds.exe
FirewallRules: [{4D20AD9D-7026-4E17-A3F4-05D9EFF402E3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{BC66AD3C-4C1A-4C38-9DD9-2E3C0E8544A9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14FE247A-5A2C-4202-97AF-2D97ABC03433}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{8BB6F500-4CA9-4C38-BAC0-3AA4C2CAC732}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7004E2FE-936A-4703-8001-8094A192D21C}C:\program files (x86)\mb counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\mb counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{0C37D36E-8B51-4957-A0F9-16677E331A29}C:\program files (x86)\mb counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\mb counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{A652426C-DE4B-4B5E-A51A-8BF3C5A50A47}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [UDP Query User{20E70F76-4B68-4F6D-BFE6-EB59FCA94172}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [{95336B00-56DE-41A1-B136-35BF6B58E838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{B56C2628-E6CC-460B-A87C-D0696F2324AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{BA100FB4-E997-42AD-8361-E289B505CD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{8D9FFFD4-9C2F-4152-85E6-C4D6BD1096A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{FD168F22-E001-4A75-9289-CFEDAF32B254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{00107891-CA2A-4587-ABE5-488069F4AD3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{33648313-197C-46FB-A650-071FBBCB25F0}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{1993567E-E931-496D-9ED4-318817297EC1}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{0B6B6444-5205-4AF3-8756-01B50BC9B716}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{2A7713BF-F9D7-442B-A12A-4FF9848F5CF9}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{6E61854D-E93A-4793-A08C-735706213655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6768CC39-426B-4499-93AB-4800345A71E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DC7D8BCA-6BA3-4297-A84F-1FF446DC2525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{14849EC6-DF93-490C-BB91-B62F8446EE2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7CB95DA9-7253-41FE-8B65-73595E0FA5FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{5AC76F86-E519-41CC-BF07-F5FA8B972114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{40D3412D-DAC2-4A6B-B89C-19969BB1D5C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{E549B6A2-DB89-4792-9128-DE78F55D17F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{6D0F1CB7-9FF1-44F0-B7B2-914C09CA6E60}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{E02D3466-0BCB-4B5C-A5E9-40F18D8BD550}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{987D6778-7C75-4D35-B378-EEE4C1E2124B}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{7CC3CED9-9572-4537-A4A2-69B78847D4C0}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{EFA6D350-A889-427A-8928-C59A888BCC44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{36397D21-2FFF-4A58-AB87-515A5EB7FAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1D9C11F4-C438-4A81-8651-C2D45FE010C3}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D36A6478-F699-4911-AD8C-DB58BB807A60}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D66E3786-C8D4-439F-A65B-6B602F7B0A0C}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{554CE5A6-A75A-4E9C-87AA-B00B9BECE104}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{2A8848B1-E259-49E9-9D23-4CF3E686C622}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{F58CC93F-F5B7-42CC-8406-9AAAF2E0E27F}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [TCP Query User{668D924B-4AEA-466E-AF56-FF010B8D7E31}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{845910EB-EE89-4EB5-8A19-7D25F8B47FA6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{3FDB49AD-F426-406B-B37B-3C1D8A0F00C9}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9B753886-A99A-406E-8799-90EE7480CF1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{CCB3AF9F-3397-40EF-BC0A-7C9E00D7DD4C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{D1266558-40AA-4F09-BD59-7D45A7F8A006}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{4576FE43-CC0D-41C6-B369-B4D37F0C0BEE}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{6E3E1F2B-9E1D-400A-9815-D349B4FEAE50}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{CA8CE1F7-F3EC-48F1-A503-46C5BC27F7CC}] => (Allow) LPort=7000
FirewallRules: [{E58DEDA4-B937-42EF-B841-D2EB8EC1D19B}] => (Allow) LPort=7000
FirewallRules: [{CD6CE66B-7115-433C-A3A8-9CD3BA6879B7}] => (Allow) D:\bzzzt\Crysis 3\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{2B3F5D08-4676-41C6-BC2D-DFD8A95D4E52}] => (Allow) D:\bzzzt\Crysis 3\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{000586EF-F051-400C-9543-A0E7E5E43472}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{AD375DBB-405B-4FE2-9972-E8F5C6239DE7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{45C30E35-896C-4AC6-BE61-BCD744B0E5BD}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{95CBA3E6-1793-4C49-A6D5-DE3F39C8471B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{B2D7F061-5F0E-40FF-8BE9-2E011D468E89}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4AF88417-F691-4CF2-A2E0-94E75BA20A0D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{415C2A2F-575E-429E-AF84-3BD28D8836D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F925E9C3-3D41-48C3-B7FA-156DA28C07C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58B8B59D-ACA1-4278-B1E2-E5D47A511234}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5A317F8B-68E0-475B-BD18-6DF3026B478F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{5EF5887D-CD4A-4D95-9672-2E8EA68FD470}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe] => (Allow) C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe
FirewallRules: [UDP Query User{D93B13C7-797B-44A8-84AE-3105BBF7A0BA}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe] => (Allow) C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe
FirewallRules: [TCP Query User{1E6D549D-A52A-4D2D-B031-27D6428997A0}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe] => (Allow) C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe
FirewallRules: [UDP Query User{DA49368D-BB09-4288-B5AE-11FF8BB7C8EA}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe] => (Allow) C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe
FirewallRules: [TCP Query User{72483714-CA33-42D2-8451-4DC8A06BDC6E}C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [UDP Query User{BA5CF626-33DE-4302-8D65-CE42673B9C9E}C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [TCP Query User{1FF6CFC2-64F1-4046-BA0F-5E124B47B5DC}C:\program files\netbeans 6.8\bin\netbeans.exe] => (Allow) C:\program files\netbeans 6.8\bin\netbeans.exe
FirewallRules: [UDP Query User{224D495E-1534-4F0B-884F-91590D2A1800}C:\program files\netbeans 6.8\bin\netbeans.exe] => (Allow) C:\program files\netbeans 6.8\bin\netbeans.exe
FirewallRules: [TCP Query User{96154207-4FB2-4A2F-A12B-D614F55D4CBD}C:\program files (x86)\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\bin\java.exe
FirewallRules: [UDP Query User{1BBD3EF9-0BA1-4B9A-8AFB-03DE69B19F8F}C:\program files (x86)\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\bin\java.exe
FirewallRules: [{285EC5B8-D499-44D8-859F-09F6FEFE036F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{6F944341-D501-4788-8587-CE670CB265C5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{E08D2B45-8822-4515-B176-2D40EBDA8D31}] => (Allow) D:\Steam\SteamApps\common\Chess the Gathering\CTG.exe
FirewallRules: [{405057AC-A26B-4145-A300-1D63489A224F}] => (Allow) D:\Steam\SteamApps\common\Chess the Gathering\CTG.exe
FirewallRules: [{45002D5A-90EA-4851-B5D9-BD3AF0DE30A5}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A8C22DC2-E069-42A3-8520-7B35812BA787}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F1E0B70D-0D86-48A9-8572-7BD50E3CCE67}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8FF44AE6-45FD-4FCB-8EE4-B5B6E938673C}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A5F9A100-9960-4DB1-8FCF-652F7022247A}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{30C33E4B-CEFB-408E-AB47-DACEC00BB4AA}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1457DA87-90CA-41A2-85D2-78A3DBB72EAC}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B4930DFB-4F5B-4640-9843-A52C998B5351}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3D0B762-8880-4F76-9474-2389AC26ABDB}] => (Allow) D:\Steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{ABA03C4C-9BC9-4DBA-9866-9D7CEE39F422}] => (Allow) D:\Steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{2470924E-9E67-4244-B042-78FAB6C2AEFA}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{53D554AA-C02E-44E4-9DD6-F8844FEAF6C8}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0B2F6B5F-96C3-4229-88F7-0F49B4F0D208}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{99C3800E-0315-4326-9917-204979DDE2B6}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{81DADB17-8F69-4E1F-A22A-4CEECE018366}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{5EDFC50E-483A-4B6D-984B-C37BFFEDF9E1}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{7391B9B6-C5E1-41C0-8752-EB7BD99A32C9}] => (Allow) LPort=80
FirewallRules: [{D0D18DF0-9A24-4623-BAD7-CCB0E068E795}] => (Allow) LPort=53
FirewallRules: [{2F18CE06-A3DB-4C44-B37F-299D4425E016}] => (Allow) LPort=80
FirewallRules: [{4D1F921F-B8F2-4A4C-9B56-97B894FBF6D6}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{7EE0404E-5540-4701-9176-BCC7CFF299ED}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{C6BA68EC-83EA-409B-AA6B-E042264DB80E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8CC574AB-9BE4-4817-915C-11640E929660}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{143DC4F1-B24C-4FB5-A937-30E3C07A3C2A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{447E550E-D184-40D0-BF0A-E95E0A3AD38E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E8340455-E95E-4F8C-9CD3-2A4ED28AEE86}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{564FF3BA-F1B5-47BE-8032-C05BA40696F4}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{998629BE-B464-49C7-B341-21B78E4A4517}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3FEBFE09-A2D6-4973-92E9-DA6DB3843841}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7734A3C8-FEBE-4239-83EC-2F994F82F5A1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{081E7089-E175-462F-AD81-A382A926A458}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{15F02FFF-D1B5-4CBE-B652-073F24134D74}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{E0C5C928-8846-42E9-B130-B10D8B838214}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{05E98E6E-C881-44B1-9D70-2B3C9FF7839E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{99FB14B0-C527-436E-A62F-B1FFB6D7FE48}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6F638AFC-DFF3-4288-B435-B9B81E600973}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{58738155-7FCE-4015-8750-53E2550BEE75}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{365A6D3A-80F0-478B-B959-F5872A02AF5B}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{D431D414-F473-42CD-A9F1-F56C8B3DB8AC}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{8EC2A864-2B8A-4955-95D6-E94103ABCE16}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{2BDBC0ED-E03A-41E4-8C5E-4E76B4351F3F}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{9AB52921-2490-415D-BDEC-E6412E6BC6BE}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{ABC13754-8892-43A7-BD39-E4B9A19E4116}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B7576DFC-BA4A-40F5-99D2-350724F9506C}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{EE73CAC4-17DE-4CEB-A6DF-7FFA89D37E0F}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{5389B134-A811-4284-B50D-887611ACAFEC}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{CB543882-0D3A-43CA-9066-B5F47597AF81}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{03FB869A-5437-4458-BCDD-02A4EB68A149}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{A95DD0C4-D505-4170-8B5C-3F5AC1830E66}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{0269F55C-154A-43BD-8D48-0B90D71B8523}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{8D09DFA3-374C-4189-8704-6138909351EE}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{9290D00C-63D1-4560-B76C-AF81AE0D853F}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{83D8E05A-4CD5-4CA0-997D-ACCB46AEC283}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{95D53667-E811-4DC7-B48A-D714E70CB6EE}] => (Allow) D:\Steam\SteamApps\common\Legendary\Binaries\Legendary.exe
FirewallRules: [{3B51C0F5-AFCE-4565-81F1-747655395F33}] => (Allow) D:\Steam\SteamApps\common\Legendary\Binaries\Legendary.exe
FirewallRules: [{68920A3E-0B25-45D7-9C2F-A8E426398AA3}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9D8B6619-C6FF-4ACA-A6AD-237D6BDA7A90}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{FB3B9766-7836-4C24-883F-D17C7F06C2E1}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{C28B6BB8-D4F6-4630-A3A7-55B38AFFEC72}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{DB48FDF6-137B-478F-809D-B4E29ED98994}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{688E765F-3499-4350-8303-835BEBD3497A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE1AE15E-3E0D-4E3C-B49A-7DE1EDF5D0FA}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{C3C72ACA-1C26-4DB6-AB2C-96411CAB5398}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{857969B7-64FF-46B5-8826-C463F7519651}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{C10A46CE-79D9-4488-A10E-EBC7EBCB2117}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7AF7C40A-924E-461F-B894-39C480323584}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{66A6E23D-57F5-419F-AD1B-3878A78D3F57}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{8CA63E8B-ECF1-4596-AA1A-7580688DB43A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ADA16ECE-AFAD-46BC-B744-40551DF3F28E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4B074DE3-8E87-4312-854C-6A63D9471147}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{DEFF95C8-7140-4178-BE5A-159A3CD36241}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{3E4FFBFB-D642-41A9-A454-5D294C998E28}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{5A5F5F60-CC1C-45C2-946F-09C3B86DF103}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{2C6CD4A5-B0E0-404D-BCA9-8F464B69FFE7}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{7E395431-7906-4F6A-A882-C2A26B26AF67}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{AEA18506-4A78-4273-AE35-15785D33EF3A}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{66A6B495-7CB5-4C46-BCD6-DCDCA16F2293}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{B2D6CE48-5B16-437B-BEEF-AAF62DCE4F77}] => (Allow) D:\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{62F932B5-E75A-4E81-B0EC-E5B7ADB2CA29}] => (Allow) D:\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{00369489-6364-45AE-AF66-EF648A752783}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{513F8485-63F1-4AFB-B039-6CF207D4A335}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{F8193AAD-07CD-4EC8-8318-543DECA16C4E}] => (Allow) D:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{F5B7EB21-F9EE-4110-9239-A754D0B5A3D6}] => (Allow) D:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{B6AA828E-57C0-40A5-BFA8-E4ACB8631997}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05C57653-AC44-4074-B313-6DCA8076A346}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C77DA7A7-3051-43D2-85B7-A9C583F8D988}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{100E05F4-43C2-40CB-8564-1DE8B372144B}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{3222EFB2-759B-4119-8D09-84006BA5EF10}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EB731D9D-5FB8-4320-85FD-63936878343E}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BA06B19A-6BD7-4A69-9C4B-7448C2C64395}] => (Allow) D:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{02CC6ADD-35BC-457E-A733-24409B2C8463}] => (Allow) D:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{046D9637-7C27-4F3F-B60E-94AA16970BDC}] => (Allow) D:\Games\Battlefield 4\bf4.exe
FirewallRules: [{D0B46860-2ECB-4151-A836-673F83325E95}] => (Allow) D:\Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{72D63506-3D80-45CA-8EF3-227825B1B842}C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [UDP Query User{E292C7AA-CE88-44C1-93DE-E88D0E9BEE1D}C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [{9FE37AC8-8236-4167-9431-85B76970D25A}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [{BF258CB3-EB77-486C-9CFA-0E480774943C}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [{6BCF0782-9616-487B-9126-74B3FF561DBB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FCB22CFF-74EF-4831-8F50-B959A4C99327}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{74A33311-11EB-4244-BBBC-B9F0579131D9}] => (Allow) D:\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9F30F195-2487-4DBA-8D08-142D62D3CCD2}] => (Allow) D:\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{B1453B6F-F39A-460A-8F2A-F6C858E96CDC}] => (Allow) D:\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{C3BE4645-B13B-41E7-AA03-9469038AB6D9}] => (Allow) D:\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A795562E-D3C9-4D58-AF86-0B995048ADAC}] => (Allow) D:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{59D18818-388C-496F-B7EF-612A9086D997}] => (Allow) D:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{015F5934-89AC-41FE-A5F1-71B0249F72D6}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{85138A44-68E5-46C6-99CB-253EA3CF49B1}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{DF18D910-74F3-4863-99E1-EBCE80A59D12}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{CD00A9EE-20E9-47C9-8230-261240287ED6}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{24D51416-9934-4A18-8C13-3BA1197D4D0E}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{449485F4-500D-40E9-8E64-D0016310E522}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{0D52EFCD-7B02-47EF-B0E6-F8F4CFCD182C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6CEC478-2034-40E2-A3C7-4DD046D1CF19}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C54301F9-9CC2-4605-B992-90A78C49C4B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E5C5B0F8-3087-493F-AB07-1E6D7057F05E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{75AE943F-AC9E-49AE-9ABA-C53748D3B7DB}] => (Allow) D:\Origin Games\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{6A60E5BB-3F0E-4522-9154-523F088FD3E6}] => (Allow) D:\Origin Games\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{20B3908D-25B5-4744-B978-7D6D2908484D}] => (Allow) D:\Steam\SteamApps\common\Codename Gordon\cg.exe
FirewallRules: [{F789F6F3-054D-4195-BCDE-4C148D2D488E}] => (Allow) D:\Steam\SteamApps\common\Codename Gordon\cg.exe
FirewallRules: [{C22A0503-84A2-4858-9280-2358D472FBD2}] => (Allow) D:\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{76078769-A512-460E-BB9F-B3C894696968}] => (Allow) D:\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{00B4EFFA-DA18-4DBC-ADA8-870E4F121EDA}] => (Allow) D:\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{EB7917B9-10C4-4C9B-936F-B12A6281DA77}] => (Allow) D:\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{1414C94D-CA2E-4824-A612-C9F5C8C9E785}] => (Allow) D:\Steam\SteamApps\common\Castlevania Lords of Shadow 2 Demo\bin\CLOS2DEMO.exe
FirewallRules: [{E1BD192A-219A-4CFF-BB1B-5058BDDB514D}] => (Allow) D:\Steam\SteamApps\common\Castlevania Lords of Shadow 2 Demo\bin\CLOS2DEMO.exe
FirewallRules: [{A1A7317A-BBAA-47C7-ACF8-DED6E8E4608D}] => (Allow) D:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B68D8578-7BFA-4E4E-B18D-1CB092FC48D7}] => (Allow) D:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{8FA4AC3B-9719-4CF8-934E-D89499C2B3E7}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{CAEFAF55-605B-4DCD-BA1D-734918AFCEF1}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{83DA6373-DB52-4384-B58F-EFA7B69F826E}] => (Allow) D:\Steam\SteamApps\common\Showdown\binaries\showdown.exe
FirewallRules: [{8F775263-AE70-449F-9E11-D0B60C239A7C}] => (Allow) D:\Steam\SteamApps\common\Showdown\binaries\showdown.exe
FirewallRules: [TCP Query User{553C3237-C750-44A3-9897-07DD781821E3}D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{959D165D-A0CA-470B-AC00-E02924E7CEBD}D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{B0FB0F53-5575-4912-A8DF-34145F753609}D:\nether\nether\binaries\win64\nether.exe] => (Allow) D:\nether\nether\binaries\win64\nether.exe
FirewallRules: [UDP Query User{D279B3CE-DF9C-45AB-9928-7D2694EB8E82}D:\nether\nether\binaries\win64\nether.exe] => (Allow) D:\nether\nether\binaries\win64\nether.exe
FirewallRules: [{51CF56C6-54DC-48BC-BA93-22B97534023C}] => (Allow) D:\Steam\SteamApps\common\Cyber Disk\Binaries\Win64\TinyBrains.exe
FirewallRules: [{E13FC783-54EA-43D7-84B8-DD1232B72980}] => (Allow) D:\Steam\SteamApps\common\Cyber Disk\Binaries\Win64\TinyBrains.exe
FirewallRules: [{B2BC2BAA-006E-4A77-93CA-20FB0432B929}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E23AC2DA-E1A1-4525-A1A2-BB062D6BDA6A}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{2502384D-6841-4561-84CA-657637256FA9}] => (Allow) D:\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{0FBDB231-0F66-4F02-BE0E-714DEB14686D}] => (Allow) D:\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{E4194A30-D714-489A-8381-58CA5274B81B}] => (Allow) D:\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{5DFD4D1E-E62E-483D-9AED-933F7265A87A}] => (Allow) D:\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{77C5A47E-F3F8-4918-A3E1-7E6C0B711E0A}] => (Allow) D:\Steam\SteamApps\common\GoGoNippon\GoGoNippon\BGI.exe
FirewallRules: [{59D2BB6F-76EF-4853-8012-D18F47C5B542}] => (Allow) D:\Steam\SteamApps\common\GoGoNippon\GoGoNippon\BGI.exe
FirewallRules: [{E5821BB2-1911-4A74-A18F-CE3A4FF12055}] => (Allow) D:\Steam\SteamApps\common\ConquestOfChampions\ConquestGame.exe
FirewallRules: [{91A0C530-1173-413C-8D38-11F76A9DEE9E}] => (Allow) D:\Steam\SteamApps\common\ConquestOfChampions\ConquestGame.exe
FirewallRules: [{89CE7D59-4C84-43C3-9758-FA14C2029BA4}] => (Allow) D:\Steam\SteamApps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{23B9C30B-F4C6-42D9-946B-E502F4E968C9}] => (Allow) D:\Steam\SteamApps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{7DF6E59B-6739-4405-9917-61E56A001B0E}] => (Allow) D:\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{863368BA-FF5B-453C-8F54-5E4CF0E915B4}] => (Allow) D:\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{83922DAC-6F56-4F2D-9DA8-3B557B0485AB}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{FE18CD3C-C6D9-4E50-8073-61DBA138543F}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{92B53F19-67F8-4875-8E48-31A6CA7DE04C}] => (Allow) D:\Steam\SteamApps\common\Truck Racer\TruckRacer.exe
FirewallRules: [{17D3A247-480A-45B0-9F8D-2642C4B3F288}] => (Allow) D:\Steam\SteamApps\common\Truck Racer\TruckRacer.exe
FirewallRules: [{F605FD54-374C-49CF-92D6-269F6986C1ED}] => (Allow) D:\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{CE40418B-E8A9-450F-9AB4-B70928EFAC4B}] => (Allow) D:\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{16FBE543-BE33-4615-BBE0-529914E80C60}] => (Allow) D:\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{3ED7453D-CABD-4BA6-95EE-D74A2E442B74}] => (Allow) D:\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{9685CC6C-F7D8-4F92-9BAB-FAEE4E7C380C}] => (Allow) D:\Steam\SteamApps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{38A6598F-5C11-4B2D-A5D3-40E09C4C7691}] => (Allow) D:\Steam\SteamApps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{D8C71E3B-7DF9-4C78-9FDA-2904BB523774}] => (Allow) D:\Steam\SteamApps\common\Half Minute Hero\HMH.exe
FirewallRules: [{50FCED8C-A589-44B2-BE63-436EA45067A6}] => (Allow) D:\Steam\SteamApps\common\Half Minute Hero\HMH.exe
FirewallRules: [{B38062D1-DFC7-4F70-A399-3F82D9E6E261}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
FirewallRules: [{9625E253-2292-4664-AF08-78ECF81E08BD}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
FirewallRules: [{CE5A0F73-5F3C-452D-BCB8-BB3BD9218842}] => (Allow) D:\Steam\SteamApps\common\TheCatLady\The Cat Lady.exe
FirewallRules: [{B7D7E574-1CDB-4ED5-B1A6-921A9A96AB28}] => (Allow) D:\Steam\SteamApps\common\TheCatLady\The Cat Lady.exe
FirewallRules: [{CAC44CBC-EED3-4FA9-B682-CD8BB263B783}] => (Allow) D:\Steam\SteamApps\common\NZA\bin\NZA.exe
FirewallRules: [{52CF865F-969C-4F18-8371-27E096330606}] => (Allow) D:\Steam\SteamApps\common\NZA\bin\NZA.exe
FirewallRules: [{55122A57-9C9C-4621-8D3B-9A35F6D7B502}] => (Allow) D:\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{D2AE1D59-9075-4C83-8A7B-E74DE78A37BC}] => (Allow) D:\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{DC81CADB-6DAD-43EA-8A71-BA8407BEFD4D}] => (Allow) D:\Steam\SteamApps\common\BGT\DjinniSecure.exe
FirewallRules: [{66E63B1F-6F09-4914-AADA-7A072F3CFEDF}] => (Allow) D:\Steam\SteamApps\common\BGT\DjinniSecure.exe
FirewallRules: [{B62BCE3B-5AD9-48AA-958F-F89FC1B4030B}] => (Allow) D:\Steam\SteamApps\common\ARMA 2 Free\ArmA2Free.exe
FirewallRules: [{8E6CBE35-C39A-44CB-BB63-614ADE688BBE}] => (Allow) D:\Steam\SteamApps\common\ARMA 2 Free\ArmA2Free.exe
FirewallRules: [{6C9967EB-5FE5-480D-9C87-D1431F3442F0}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0FDAB42B-EDCE-40BB-9387-3C78245CA66A}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{01ADF390-EF82-4048-9DFD-61A1330D5511}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{6FAA8E66-6B1D-463F-B427-023F273FF899}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{268C3BD9-5EE6-4244-941C-B37E297A0DEA}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{4DBD873B-D8E2-44B1-8CD5-D71E550EA472}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{0DBED09A-B3AC-454B-9A28-62E7377DD7EF}] => (Allow) D:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{861F7601-6425-42B4-AB88-2C6EB27E61B8}] => (Allow) D:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{F219B15C-9663-47F5-801D-F312B828F5BB}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{9DADF001-8CE5-4755-B49F-D335EC511D3C}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{FB13A9E2-E8DB-4B1D-B8F4-901178388459}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{749D0004-DD04-429B-8334-5E19D5F720B3}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{0EECD6E6-F27D-4F9C-8BC4-8686B5A6D931}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{7E8394A5-B817-4EE0-8BA0-63170F4F4D34}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{199C78E6-FA73-4458-B579-AE51C1D0F137}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{7D8DA823-CB0F-4615-BFFE-37E2CACCF2DB}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{A738A2FD-BC66-4586-9768-56924D202A6E}] => (Allow) D:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{FACA51FC-4BC1-4504-A9D6-B8769CB3C9C1}] => (Allow) D:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{0C4AE6C0-E53A-4579-B6AA-F6DEF745B3A4}D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{902F9358-DDD0-49C5-96DC-B3B08FD104D2}D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{5B746054-CA94-4DC8-8CD0-C68C53449495}] => (Allow) D:\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{4C003BC8-DFF2-43FF-BF64-F4C1AA7229C4}] => (Allow) D:\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{BB414C0A-F25D-4628-BF30-5E2D95896C0D}] => (Allow) C:\Users\Evilsin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE578990-B6B3-4DD8-BECA-52A1ABFB5E36}] => (Allow) C:\Users\Evilsin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC17A39D-023D-4BE6-8FAE-CE148541BCBA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1A8D08C0-1133-4512-969A-2D8F6000BC40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C561B0D0-A9BB-4B18-8BB0-967F94AACD5A}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{EB5673E1-A8A2-44D1-9A03-70FA20543F61}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{816EC391-A89C-41EF-AF32-E52F984D2839}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{9DED9A5E-015F-4328-AE6F-E8D40DDDA547}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{7B5569B9-D74D-4902-B1FE-CD08F62063B6}D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{18C498FE-0B63-42E2-AD7C-A26E6D406BF6}D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{152518FA-8387-4CAE-A742-ED8726F4259F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{907D90C9-B6B6-44F7-8428-C0679C264FA9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9C23133B-17FF-44FC-B9A5-C388BBAB9520}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{63C237AE-AFEC-4C79-8198-031D3B17A6C8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9E41341D-DE6E-4F86-BF51-C1AB2D3FE2F4}] => (Allow) D:\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{86E1F757-9D7D-4F02-8BDE-A614EE00C801}] => (Allow) D:\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3F767A6E-50DA-4FAB-9EDE-4D486C738141}] => (Allow) D:\Steam\SteamApps\common\Recettear\recettear.exe
FirewallRules: [{044AC12A-AB58-460C-B33C-7E6BADB51CBC}] => (Allow) D:\Steam\SteamApps\common\Recettear\recettear.exe
FirewallRules: [{26C7252E-083F-402A-9A9B-1CE743060D38}] => (Allow) D:\Steam\SteamApps\common\Recettear\custom.exe
FirewallRules: [{BFA6466A-9A37-4AEA-906F-7EB820621907}] => (Allow) D:\Steam\SteamApps\common\Recettear\custom.exe
FirewallRules: [TCP Query User{9743C03D-98FC-4615-BE42-D5E858385519}D:\singularity\binaries\singularity.exe] => (Block) D:\singularity\binaries\singularity.exe
FirewallRules: [UDP Query User{BF9B28DB-240A-4D6F-9592-439D4C7F4CDE}D:\singularity\binaries\singularity.exe] => (Block) D:\singularity\binaries\singularity.exe
FirewallRules: [{3338F006-BF29-4099-BE0D-62FF14565024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F022AD7B-9E8A-4500-96D3-C716E4D0C162}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93811A85-51A4-4700-B29A-28B608BF1BAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{76D6CBAC-76C2-45F4-898F-C84ACC8DBBDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D1209F56-64A8-4CE2-91B4-C17DAB1AE88A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F3AE9A28-FC2A-4A11-89C0-9DBDA7246AA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B6117181-4817-4162-A693-A6D682FB4FA4}C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{5E893497-15D5-4EEE-BB46-F30FBBE2178E}C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{CF2EFE9A-B0B1-497D-8C2E-58373BB672FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{40835787-AC66-47C7-9C46-2D72FBC2CE95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{10CD588D-5777-4A47-90A3-638CF2607787}] => (Allow) C:\Program Files (x86)\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{50170AD7-3CAF-4220-8C56-924545AF0002}] => (Allow) C:\Program Files (x86)\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{8F0CF80C-08D5-4131-A0FD-7520C50D2D63}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{D45FF2A2-0D12-4450-9D29-CAD9706B1624}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{509220CC-4D02-4F1E-B4F6-1A290602F389}] => (Allow) C:\Program Files (x86)\Activision\Prototype\prototypef.exe
FirewallRules: [{78EC6B99-3531-46B0-AFBD-1F72176A4442}] => (Allow) C:\Program Files (x86)\Activision\Prototype\prototypef.exe
FirewallRules: [TCP Query User{C35582B3-0346-4A43-A900-E2293107F187}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [UDP Query User{62E71DFD-EBE4-4DF1-A773-514AC157AA31}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: DW1501 Wireless-N WLAN Half-Mini Card
Description: DW1501 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/08/2015 10:04:44 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (05/27/2015 11:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0055e221
Faulting process id: 0x2bc
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/27/2015 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0xa0c
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/23/2015 11:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MagicISO.exe version 5.5.0.281 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ebc
 
Start Time: 01d09582ed3e1267
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\MagicISO\MagicISO.exe
 
Report Id: 5d27c831-0176-11e5-ae08-f04da2b7b1f6
 
Error: (05/23/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/22/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/21/2015 11:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x624
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/21/2015 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x162c
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/21/2015 11:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x84c
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/21/2015 11:54:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x13a4
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
 
System errors:
=============
Error: (06/08/2015 09:44:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
 
Error: (06/08/2015 09:43:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (06/08/2015 09:43:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
 
Error: (06/08/2015 09:42:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (06/08/2015 09:42:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
 
Error: (06/08/2015 09:41:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
 
Error: (06/08/2015 09:41:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
 
Error: (06/08/2015 09:40:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
 
Error: (06/08/2015 09:40:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
 
Error: (06/08/2015 09:39:56 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RasMan service.
 
 
Microsoft Office:
=========================
Error: (06/08/2015 10:04:44 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsass.exe1
 
Error: (05/27/2015 11:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c00000050055e2212bc01d0983643efe68cD:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exe96859e06-0439-11e5-bc22-f04da2b7b1f6
 
Error: (05/27/2015 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddecaa0c01d09831db2001deD:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exe6fb9bb80-0429-11e5-bc22-f04da2b7b1f6
 
Error: (05/23/2015 11:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MagicISO.exe5.5.0.281ebc01d09582ed3e12670C:\Program Files (x86)\MagicISO\MagicISO.exe5d27c831-0176-11e5-ae08-f04da2b7b1f6
 
Error: (05/23/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/22/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/21/2015 11:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca62401d093f3937c9563D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exeddd8ce6a-ffe6-11e4-8705-f04da2b7b1f6
 
Error: (05/21/2015 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca162c01d093f380c1e4d3D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.execc33ef13-ffe6-11e4-8705-f04da2b7b1f6
 
Error: (05/21/2015 11:55:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca84c01d093f37042ffb3D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exeba980caf-ffe6-11e4-8705-f04da2b7b1f6
 
Error: (05/21/2015 11:54:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca13a401d093f35fcb9495D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exeaa472d49-ffe6-11e4-8705-f04da2b7b1f6
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 34%
Total physical RAM: 3958.68 MB
Available physical RAM: 2582.86 MB
Total Pagefile: 7915.57 MB
Available Pagefile: 6316.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: (Ace) (Fixed) (Total:97.56 GB) (Free:16.94 GB) NTFS
Drive d: (Evilsin) (Fixed) (Total:368.1 GB) (Free:58.57 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BD01A45)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================

Edited by Ace_Evilsin, 08 June 2015 - 11:40 AM.


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:38 PM

Posted 09 June 2015 - 05:16 AM

Hi Ace_Evilsin,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Windows\Temp\svchost.exe
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92} - System32\Tasks\sunsoft => c:\programdata\sunsoft\sunsoft.exe
Task: {7042E41C-9F06-456F-B7D2-94BB11036B6E} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
c:\programdata\sunsoft
C:\Windows\Temp\svchost.exe
C:\Windows\Temp\lsass.exe
EmptyTemp:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • The tool will start to update the database, please wait a bit.
  • Click on I agree button.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 10 June 2015 - 04:42 AM

I was wondering, if I have to keep svchost.exe running, when applying the fix, or can I close the process while running the fix ? Actually, my laptop completely freezes while that svchost is still running, & I have to close it from task manager to run anything.

 

I hope it won't affect the fix, & that it'll still fix this problem.



#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:38 PM

Posted 10 June 2015 - 06:34 AM

Hi Ace_Evilsin,
 
Closing the malicious svchost.exe process is fine and we should still be able to fix the problem.
 
Just noticed I forgot to add two lines to the fix. Run the one below here instead:
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
() C:\Windows\Temp\svchost.exe
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92} - System32\Tasks\sunsoft => c:\programdata\sunsoft\sunsoft.exe
Task: {7042E41C-9F06-456F-B7D2-94BB11036B6E} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
c:\programdata\sunsoft
C:\Windows\Temp\svchost.exe
C:\Windows\Temp\lsass.exe
C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe
Task: {C9948B94-4773-459B-9C5A-4D60DBF009C4} - System32\Tasks\Origin => C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe [2015-05-24] () <==== ATTENTION
EmptyTemp:
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 10 June 2015 - 08:38 PM

Okay, I am adding the fixlog.txt below. Although I'd have liked it, if you had asked me beforehand, if I'd like to get my browser cookies removed. A few websites I login to, won't let me access their full features until 1 week from logging in from a new device (which in this case, my browsers just became).

 

 

Also, do I need to proceed to that next step now ? The one that says I need to download AdwCleaner & all ?

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:07-06-2015
Ran by Evilsin at 2015-06-10 19:34:33 Run:3
Running from C:\Users\Evilsin\Desktop
Loaded Profiles: Evilsin (Available Profiles: Evilsin)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
() C:\Windows\Temp\svchost.exe
S2 AIPS; C:\Program Files (x86)\netcut\services\AIPS.exe [X]
S2 Update Jump Flip; "C:\Program Files (x86)\Jump Flip\updateJumpFlip.exe" [X]
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92} - System32\Tasks\sunsoft => c:\programdata\sunsoft\sunsoft.exe
Task: {7042E41C-9F06-456F-B7D2-94BB11036B6E} - System32\Tasks\catalyst => c:\programdata\sunsoft\ccc.exe
AlternateDataStreams: C:\ProgramData\TEMP:41ADDB8A
AlternateDataStreams: C:\ProgramData\TEMP:A064CECC
c:\programdata\sunsoft
C:\Windows\Temp\svchost.exe
C:\Windows\Temp\lsass.exe
C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe
Task: {C9948B94-4773-459B-9C5A-4D60DBF009C4} - System32\Tasks\Origin => C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe [2015-05-24] () <==== ATTENTION
EmptyTemp:
*****************
 
C:\Windows\Temp\svchost.exe => No running process found
AIPS => Service removed successfully
Update Jump Flip => Service removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}" => key removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => key removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}" => key removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}" => key removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}" => key removed successfully
"HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C42FB5C-F412-4B83-9DE8-EFEB8F9EFD92}" => key removed successfully
C:\Windows\System32\Tasks\sunsoft => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\sunsoft" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{7042E41C-9F06-456F-B7D2-94BB11036B6E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7042E41C-9F06-456F-B7D2-94BB11036B6E}" => key removed successfully
C:\Windows\System32\Tasks\catalyst => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\catalyst" => key removed successfully
C:\ProgramData\TEMP => ":41ADDB8A" ADS removed successfully.
C:\ProgramData\TEMP => ":A064CECC" ADS removed successfully.
c:\programdata\sunsoft => moved successfully.
C:\Windows\Temp\svchost.exe => moved successfully.
C:\Windows\Temp\lsass.exe => moved successfully.
C:\Users\Evilsin\AppData\Roaming\Origin\update.vbe => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C9948B94-4773-459B-9C5A-4D60DBF009C4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C9948B94-4773-459B-9C5A-4D60DBF009C4}" => key removed successfully
C:\Windows\System32\Tasks\Origin => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Origin" => key removed successfully
EmptyTemp: => 1.9 GB temporary data Removed.
 
 
The system needed a reboot.. 
 
==== End of Fixlog 19:40:01 ====


#10 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 10 June 2015 - 09:12 PM

Regardless, here's the AdwCleaner Scan log file you asked for earlier(below). And I don't think I need anything from the files mentioned in it.

 

# AdwCleaner v4.206 - Logfile created 11/06/2015 at 07:12:20
# Updated 01/06/2015 by Xplode
# Database : 2015-06-09.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Evilsin - EVILSIN
# Running from : C:\Users\Evilsin\Desktop\AdwCleaner.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx
File Found : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Mysearchdial.xml
File Found : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Web Search.xml
File Found : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\user.js
File Found : C:\Users\Evilsin\AppData\Roaming\SYTUncrypted.exe
File Found : C:\Users\Evilsin\daemonprocess.txt
Folder Found : C:\Program Files (x86)\Cain
Folder Found : C:\ProgramData\5bf3107fa073862a
Folder Found : C:\ProgramData\apn
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\MagniPic
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\WinterSoft
Folder Found : C:\Users\Evilsin\AppData\Local\apn
Folder Found : C:\Users\Evilsin\AppData\Local\eSupport.com
Folder Found : C:\Users\Evilsin\AppData\Local\genienext
Folder Found : C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg
Folder Found : C:\Users\Evilsin\AppData\Local\Hola
Folder Found : C:\Users\Evilsin\AppData\Local\Mobogenie
Folder Found : C:\Users\Evilsin\AppData\LocalLow\Conduit
Folder Found : C:\Users\Evilsin\AppData\Roaming\newnext.me
Folder Found : C:\Users\Evilsin\Documents\Mobogenie
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Key Found : HKCU\Software\cain
Key Found : HKCU\Software\eSupport.com
Key Found : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\cain
Key Found : [x64] HKCU\Software\eSupport.com
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Found : HKLM\SOFTWARE\SP Global
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [DefaultConnectionSettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [SavedLegacySettings]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://start.qone8.com/?type=hp&ts=1383275836&from=vtt&uid=TOSHIBAXMK5076GSX_829LCEFQTXX829LCEFQT
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
Setting Found : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=
Setting Found : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
Setting Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=VertiTechnologyYB&dpid=VertiTechnologyYB&co=IN&userid=8530a6d8-920e-89f9-ce04-85d0e4ce35e1&searchtype=ds&q={searchTerms}&installDate=01/11/2013
 
-\\ Mozilla Firefox v35.0.1 (x86 en-US)
 
[pc2y2b1j.default] - Line Found : user_pref("aol_toolbar.default.homepage.check", false);
[pc2y2b1j.default] - Line Found : user_pref("aol_toolbar.default.search.check", false);
[pc2y2b1j.default] - Line Found : user_pref("browser.search.defaultengine", "Ask.com");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40&l=1&q=");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.selectedEngine", "Mysearchdial");
[pc2y2b1j.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[pc2y2b1j.default] - Line Found : user_pref("extensions.1gGt2cHbtb7h.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");s[...]
[pc2y2b1j.default] - Line Found : user_pref("extensions.4eFZtQl3EN.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i+[...]
[pc2y2b1j.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[pc2y2b1j.default] - Line Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.DockingPositionDown", false);
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.SmartbarDisabled", false);
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.Visibility", true);
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.countryiso", "in");
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.downloadprovider", "vertitechnologyyb");
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.installationid", "8530a6d8-920e-89f9-ce04-85d0e4ce35e1");
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.installdate", "01/11/2013");
[pc2y2b1j.default] - Line Found : user_pref("extensions.helperbar.publisher", "vertitechnologyyb");
[pc2y2b1j.default] - Line Found : user_pref("extensions.irmysearch.aflt", "irmsd0101");
[pc2y2b1j.default] - Line Found : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[pc2y2b1j.default] - Line Found : user_pref("extensions.irmysearch.cr", "2104322891");
[pc2y2b1j.default] - Line Found : user_pref("extensions.irmysearch.instlRef", "");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.cr", "2104322891");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.dfltLng", "");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.dfltSrch", true);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.dnsErr", true);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.excTlbr", false);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.hmpg", true);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.id", "F04DA2B7B1F63477");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.instlDay", "16076");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.instlRef", "");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.tlbrId", "base");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial_i.hmpg", true);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial_i.newTab", false);
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[pc2y2b1j.default] - Line Found : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.013:59:41");
[pc2y2b1j.default] - Line Found : user_pref("extensions.woKpa.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wi[...]
 
-\\ Google Chrome v
 
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=HIP&o=102876&locale=en_US&apn_uid=2eb61d43-2c7a-45a9-a498-909f372c3924&apn_ptnrs=%5E6G&apn_sauid=67959F4C-CD2E-4AE1-9D42-388E2000EADE&apn_dtid=%5EYYYYYY%5EYY%5EIN&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://searchab.com/?aff=7&uid=46877925-6e3a-11e2-9408-f04da2b7b1f6&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://searchab.com/?aff=7&uid=46877925-6e3a-11e2-9408-f04da2b7b1f6&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxp://store.steampowered.com/app/233450/","homepage_is_newtabpage":true,"pinned_tabs":[],"profile":{},"protection":{"macs":{"browser":{"show_home_button":"BD2BC24303C08C6F08D63B95BF6C8D54A35343E697FC858F63FD580A6C6723AF"},"default_search_provider":{"keyword":"B0F03E4BA8927167823133024308796FAA85CFAC49AE74232D7F59711BB07FC6","name":"91DBCF579531F98A405386CEDADB3B420D6099AE24492226DEE3F7ECCDA0BB27","search_url":"8C0DB19BA2F5C6806F4729DC57FA6AEE3F2EC7B45B3B418FB1AF38834732C1ED"},"default_search_provider_data":{"template_url_data":"08B31ADDBF8B078D83F273D8CC84C271A0BCE7790481422BD26067C5107ED43D"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"722274FE30BF46123E2BDEEDB4148142F842763DD7BC3D47D47C021C03F68D89","bepbmhgboaologfdajaanbcjmnhjmhfn":"79F76B0235FDD32DBB1E7603151FA3159B013A210A8583E044E445B14877AD20","dnhpdliibojhegemfjheidglijccjfmc":"C973234D86C3496DFDBFDB15396C7052ABA9AC27E9067E68A9092C2B3DD4A2FD","eemcgdkfndhakfknompkggombfjjjeno":"A27EF192FCAE6B218FCB0F3BE66D44E6D5A33F7E506E436792D47DB912D8E1CD","ennkphjdgehloodpbhlhldgbnhmacadg":"62936B41CB58C4A04CE88D9DC592667D899A651504F9DE27A2A2290ABD8FB630","gcknhkkoolaabfmlnjonogaaifnjlfnp":"CBFF5506382080938E62C57AC9963BF6E6534449813DC48DCEFD6BF5988A8322","gfdkimpbcpahaombhbimeihdjnejgicl":"9B85E91D94B6E875FD0C2CA91B6D6B8ACD53AF9ED7F1E67F47C559C9069B13B7","gkojfkhlekighikafcpjkiklfbnlmeio":"3C0528DEA341135FE5AAFDA32A4234A580DC74838CAA25F464708F6A19BCC10F","jeaohhlajejodfjadcponpnjgkiikocn":"9E7470C2889A51ED720930E8CA411D8DF08EBF3916282438898BF85FCBF244E7","kmendfapggjehodndflmmgagdbamhnfd":"8DD68A478EA23631A391A55046CDAB9438913F226A1AFA26265A22A9065B34AD","lccekmodgklaepjeofjdjpbminllajkg":"0C444BA0E7F386F0C29DDD01DD0F148634B7EED8A2D8FCA5824E72B5C88918C2","leooadmebmmjogbfhdcbfldndllfkhpg":"62B3D26E3259E465092AC9F999DFA1E066D3FEBBB55F24C4C2C78BA074321722","mfehgcgbbipciphmccgaenjidiccnmng":"60C0501A88962F0255ED423365BDF47866D04E42BD660C10C8AB3E254D63CD10","mfffpogegjflfpflabcdkioaeobkgjik":"E99A226CB50DE8999C86B3BCF645013F4A55963A2EE91CBD2309970C1F5BAB46","mgndgikekgjfcpckkfioiadnlibdjbkf":"5FAE5FD2202BCD786957E066AA6FE5D108B3E35E242F8654FCE73C7FFB365F0F","mhjfbmdgcfjbbpaeojofohoefgiehjai":"8F698D506BE73DE581D9F2E4451DB169159A36512124436D6D5F745EC5939A56","mjnbclmflcpookeapghfhapeffmpodij":"698867671FD661762518190777AF346C7426C779FEB8E6A74ECE5ED09B04D610","nbpagnldghgfoolbancepceaanlmhfmd":"5E64BC98326038E3CF4886B94F335C863602C9BE7629A3C3FA52816B93DDFCB6","neajdppkdcdipfabeoofebfddakdcjhd":"098F78FF9BBD1F91685D2CE7DDB37F34C429140D315648F0071C7DF8A705B053","nkeimhogjdpnpccoofpliimaahmaaome":"F28CB0CCC025B60249D734D1AF77D436483C048CEA3BDB21782C6EFD1937B805","nmmhkkegccagdldgiimedpiccmgmieda":"C3B49576618D1F6350E3815B429BAE8DBD2C9EE7D3474857EDC0BEAC335F3C51","okadibdjfemgnhjiembecghcbfknbfhg":"4BA8FA0CE83BD91DF56839DD5B7215D3C3B13F6671690DF7F56A927049A76C81","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"5B01C1F1275BD9830BC8E56A2C380CD3FA299A59D7534A0B39A16ED3BCAF8340","pflphaooapbgpeakohlggbpidpppgdff":"944797AE3C9A77C2EF898449E833481C4592682B0FAD1EE6560ABE1024C37D7C"}},"google":{"services":{"last_username":"D1E8C8E52CB37288CDFCE948A63C4C77AD90FE25FB18D9FF4D15FC15360FD7A6","username":"D029F3DD4647AABD9D8DD39A29CF6A4050DF3D3A29F0B6AC5912FB3FC1CB778D"}},"homepage":"8F04146396CF1ABD35BBF292333BDE312666321705288A4928D87DDDA318A43A","homepage_is_newtabpage":"8CFADE8DF54CC83A1C1C309607D0280D1DD67990950D6507E8D54589D2B24EE5","pinned_tabs":"DCDE6364213A65C031FBC5FEFC6848AA476F8F82AB7327E314B4838F22F6E2B5","prefs":{"preference_reset_time":"2335914F339501F39B427AA7534D6E99BE1C153FDAC03D239FD07432C2A16A8D"},"profile":{"reset_prompt_memento":"7668144A79246C3D4A3D51BC1161326828F3C9B4402B54A340579CD876AD0946"},"safebrowsing":{"incidents_sent":"34F4D931BC9ABA6D8AF417A0A9A2EA6EC0A59551EA4123023994A793C494ECF7"},"search_provider_overrides":"4E7A8B2992CAD6B9FCA6006915AFE0BA62691D1A0873D0A69172384BC53F8D36","session":{"restore_on_startup":"E9BF0E66CE50B349B3273D9E4CD9CC3B3C3354067515D26D460DD2EC4CF8E72F","startup_urls":"B0B394DA30A8F06EB443AE2086B8507571BC0768AE243EE70ECC7C8EBD59FAE4"},"software_reporter":{"prompt_reason":"12DF08DB526F3C88F6D66ED6A1CAC5F29C7E54A8E327188D8F1A17A363C439B0","prompt_seed":"F11A76904306C3783B313BD882F85C27BF60593CF83F316E3ABB73031ED634A7","prompt_version":"BF5C27CB0EE336C22FF12AA8C7060B076D66605E8C01FAED94D4646E3EBC2DB9"},"sync":{"remaining_rollback_tries":"C5A0B06E795A608AA1E101D5F5936FB7BD022F8B3EC379C83DFEAC40DE5B25EA"}},"super_mac":"C47CC4C1683B12246A42197FCEE832C58009EE94C9688613951E09AFB4CBC1A5"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : B0B394DA30A8F06EB443AE2086B8507571BC0768AE243EE70ECC7C8EBD59FAE4"},"software_reporter":{"prompt_reason":"12DF08DB526F3C88F6D66ED6A1CAC5F29C7E54A8E327188D8F1A17A363C439B0","prompt_seed":"F11A76904306C3783B313BD882F85C27BF60593CF83F316E3ABB73031ED634A7","prompt_version":"BF5C27CB0EE336C22FF12AA8C7060B076D66605E8C01FAED94D4646E3EBC2DB9"},"sync":{"remaining_rollback_tries":"C5A0B06E795A608AA1E101D5F5936FB7BD022F8B3EC379C83DFEAC40DE5B25EA"}},"super_mac":"C47CC4C1683B12246A42197FCEE832C58009EE94C9688613951E09AFB4CBC1A5"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40
 
*************************
 
AdwCleaner[R0].txt - [20813 bytes] - [11/06/2015 07:12:20]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [20873 bytes] ##########


#11 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:38 PM

Posted 11 June 2015 - 09:43 AM

Hi Ace_Evilsin,
 

Although I'd have liked it, if you had asked me beforehand, if I'd like to get my browser cookies removed. A few websites I login to, won't let me access their full features until 1 week from logging in from a new device (which in this case, my browsers just became).

I am sorry about that, I did not know that sites had that feature. I will note that down for next time.
 
Double click on AdwCleaner.exe to run the tool again.

  • The tool will start to update the database, please wait a bit.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished.
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

--------------
 
Please re-run FRST from the desktop (like you did before), put a check into the box next to Addition.txt and press the scan button. It will produce FRST.txt and Addition.txt logs located on the desktop. Please copy and paste the logs into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#12 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 23 June 2015 - 11:27 PM

Hey again Toffee,

 

Apologies for not responding for so long. I was away for a little vacation, but now that I've returned, let's get back to it.

 

Here's the log file of AdwCleaner after the Cleaning process:

 

 

# AdwCleaner v4.207 - Logfile created 24/06/2015 at 09:47:30
# Updated 21/06/2015 by Xplode
# Database : 2015-06-23.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Evilsin - EVILSIN
# Running from : C:\Users\Evilsin\Desktop\AdwCleaner.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\MagniPic
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\WinterSoft
Folder Deleted : C:\ProgramData\Downlload keepeer
Folder Deleted : C:\ProgramData\Weeakapp
Folder Deleted : C:\ProgramData\5bf3107fa073862a
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cain
Folder Deleted : C:\Program Files (x86)\Cain
Folder Deleted : C:\Users\Evilsin\AppData\Local\apn
Folder Deleted : C:\Users\Evilsin\AppData\Local\eSupport.com
Folder Deleted : C:\Users\Evilsin\AppData\Local\genienext
Folder Deleted : C:\Users\Evilsin\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Evilsin\AppData\Local\Hola
Folder Deleted : C:\Users\Evilsin\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Evilsin\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Evilsin\Documents\Mobogenie
File Deleted : C:\Users\Evilsin\daemonprocess.txt
File Deleted : C:\Users\Evilsin\AppData\Local\mysearchdial-speeddial.crx
File Deleted : C:\Users\Evilsin\AppData\Roaming\SYTUncrypted.exe
File Deleted : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\safeguard-secure-search.xml
File Deleted : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\user.js
File Deleted : C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\eSupport.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\cain
Key Deleted : HKLM\SOFTWARE\SP Global
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - localhost:8080
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17801
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
 
-\\ Mozilla Firefox v38.0.5 (x86 en-US)
 
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("aol_toolbar.default.search.check", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40&l=1&q=");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.1gGt2cHbtb7h.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");s[...]
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.4eFZtQl3EN.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i+[...]
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", true);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "in");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "vertitechnologyyb");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "8530a6d8-920e-89f9-ce04-85d0e4ce35e1");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "01/11/2013");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "vertitechnologyyb");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.aflt", "irmsd0101");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.cr", "2104322891");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.irmysearch.instlRef", "");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.cr", "2104322891");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutC[...]
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.id", "F04DA2B7B1F63477");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16076");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1Czu[...]
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1C[...]
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.013:59:41");
[pc2y2b1j.default\prefs.js] - Line Deleted : user_pref("extensions.woKpa.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++){wi[...]
 
-\\ Google Chrome v
 
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=HIP&o=102876&locale=en_US&apn_uid=2eb61d43-2c7a-45a9-a498-909f372c3924&apn_ptnrs=%5E6G&apn_sauid=67959F4C-CD2E-4AE1-9D42-388E2000EADE&apn_dtid=%5EYYYYYY%5EYY%5EIN&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=46877925-6e3a-11e2-9408-f04da2b7b1f6&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://websearch.search-guide.info/?l=1&q={searchTerms}&pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=irmsd0101&cd=2XzuyEtN2Y1L1Qzu0FtDyE0D0AtB0ByB0BtC0FyCtAyEyByBtN0D0Tzu0SyBtAyCtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=2104322891&ir=
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://searchab.com/?aff=7&uid=46877925-6e3a-11e2-9408-f04da2b7b1f6&q={searchTerms}
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] : 
[C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : B0B394DA30A8F06EB443AE2086B8507571BC0768AE243EE70ECC7C8EBD59FAE4"},"software_reporter":{"prompt_reason":"12DF08DB526F3C88F6D66ED6A1CAC5F29C7E54A8E327188D8F1A17A363C439B0","prompt_seed":"F11A76904306C3783B313BD882F85C27BF60593CF83F316E3ABB73031ED634A7","prompt_version":"BF5C27CB0EE336C22FF12AA8C7060B076D66605E8C01FAED94D4646E3EBC2DB9"},"sync":{"remaining_rollback_tries":"C5A0B06E795A608AA1E101D5F5936FB7BD022F8B3EC379C83DFEAC40DE5B25EA"}},"super_mac":"6E05131BEB351C7876CA10D86EA2EC9EB4045869E929F0FAACE8509A076BF7DB"},"session":{"restore_on_startup":5,"startup_urls":["hxxp://www.google.com/","hxxp://websearch.search-guide.info/?pid=821&r=2013/11/01&hid=13377247493267758626&lg=EN&cc=IN&unqvl=40
 
*************************
 
AdwCleaner[R0].txt - [21013 bytes] - [11/06/2015 07:12:20]
AdwCleaner[R1].txt - [21341 bytes] - [24/06/2015 09:45:30]
AdwCleaner[S0].txt - [15024 bytes] - [24/06/2015 09:47:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [15084  bytes] ##########


#13 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 23 June 2015 - 11:35 PM

FRST.txt & Addition.txt in respective order below:

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by Evilsin (administrator) on EVILSIN on 24-06-2015 10:01:36
Running from C:\Users\Evilsin\Desktop
Loaded Profiles: Evilsin (Available Profiles: Evilsin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE
(Dell Inc.) C:\Program Files\Dell\DW WLAN Card\BCMWLTRY.EXE
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MouseDriver] => C:\Windows\system32\TiltWheelMouse.exe [241152 2012-12-19] (Pixart Imaging Inc)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-06-17] (IDT, Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3179288 2010-01-06] (Dell Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-23] (Synaptics Incorporated)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)
HKLM-x32\...\Run: [AMD AVT] => C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe [20992 2012-03-19] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642304 2013-04-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [dellsupportcenter] => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-06-08] (Intel Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\S-1-5-19\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-20\Control Panel\Desktop\\SCRNSAVE.EXE -> 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Desura] => D:\Desura\desura.exe -autostart
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\Evilsin\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2015-01-06] (Electronic Arts)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [DellSystemDetect] => C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Run: [Google Update] => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-13] (Google Inc.)
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: G - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bda6-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdb1-2a34-11e2-b1c4-9510c4efc6a4} - H:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {38f3bdbb-2a34-11e2-b1c4-9510c4efc6a4} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {48966064-12b4-11e2-8653-fdceaf76e38d} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {4a8ebb7f-abe6-11e2-9f66-8fff4772fbee} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {87f2ab20-00e3-11e2-b8b1-c0cb384b7920} - G:\unlock.exe autoplay=true
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf00974-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {cdf0098e-b998-11e2-8d69-9aa4b0b8fe8f} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {ce33edd5-fe1a-11e1-bdf5-806e6f6e6963} - E:\autoRcd.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c34-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c38-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {dc1d6c47-25dd-11e2-a6c2-ca05daa1d190} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2c14440-12b7-11e2-972e-e8358dca088a} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ee7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef5-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5ef7-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\MountPoints2: {e2de5efb-3e09-11e2-b43d-f04da2b7b1f6} - G:\AutoRun.exe
HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2015-06-24]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GameStop Now.lnk [2015-06-24]
ShortcutTarget: GameStop Now.lnk -> D:\GameStop App\GameStop App\Now\GameStopNow.exe (No File)
Startup: C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2015-06-24]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://in.msn.com/?rd=1&ucc=IN&dcc=IN&opt=0&ocid=iehp
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000 -> {4463DAF8-F958-48F1-97B2-A419242941C5} URL = https://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll [2014-12-21] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-12-21] (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-28] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 202.88.149.25 202.88.149.6
 
FireFox:
========
FF ProfilePath: C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default
FF Homepage: hxxp://www.google.com
FF Keyword.URL: 
FF NetworkProxy: "backup.ftp", ""
FF NetworkProxy: "backup.ftp_port", 0
FF NetworkProxy: "backup.socks", ""
FF NetworkProxy: "backup.socks_port", 0
FF NetworkProxy: "backup.ssl", ""
FF NetworkProxy: "backup.ssl_port", 0
FF NetworkProxy: "gopher", ""
FF NetworkProxy: "gopher_port", 0
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-10] ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-12-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-10] ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll [2013-11-21] (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=1.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-07-28] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @hola.org/vlc,version=1.6.390 -> C:\Users\Evilsin\AppData\Local\Hola\firefox\app\vlc No File
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin HKU\S-1-5-21-3448805320-2649480344-1412443562-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Evilsin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-19] (Unity Technologies ApS)
FF Extension: Hola Better Internet - C:\Users\Evilsin\AppData\Roaming\Mozilla\Firefox\Profiles\pc2y2b1j.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2015-05-28]
 
Chrome: 
=======
CHR Profile: C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\Evilsin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
StartMenuInternet: Google Chrome.24TWYNNOOXSDZMBDRMBUXDHRHA - C:\Users\Evilsin\AppData\Local\Google\Chrome\Application\chrome.exe
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DAUpdaterSvc; D:\Steam\steamapps\common\Dragon Age Origins\bin_ship\DAUpdaterSvc.Service.exe [25832 2013-12-12] (BioWare)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2015-01-06] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-05] ()
S2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5426448 2014-12-15] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe [5088256 2010-02-02] (Dell Inc.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-18] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
R3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
S3 ewusbmbb; system32\DRIVERS\ewusbwwan.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 ew_hwusbdev; system32\DRIVERS\ew_hwusbdev.sys [X]
S1 golhzcib; \??\C:\Windows\system32\drivers\golhzcib.sys [X]
S3 huawei_enumerator; system32\DRIVERS\ew_jubusenum.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbfake; system32\DRIVERS\ewusbfake.sys [X]
S1 muwziygj; \??\C:\Windows\system32\drivers\muwziygj.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 10:01 - 2015-06-24 10:01 - 00017506 _____ C:\Users\Evilsin\Desktop\FRST.txt
2015-06-24 10:00 - 2015-06-24 10:01 - 02109952 _____ (Farbar) C:\Users\Evilsin\Desktop\FRST64.exe
2015-06-24 09:42 - 2015-06-24 09:43 - 02244096 _____ C:\Users\Evilsin\Desktop\AdwCleaner.exe
2015-06-24 09:17 - 2015-06-24 09:17 - 00243408 _____ C:\Users\Evilsin\Downloads\Firefox Setup Stub 38.0.5.exe
2015-06-24 09:14 - 2015-06-24 09:15 - 01125056 _____ (Adobe Systems Incorporated) C:\Users\Evilsin\Downloads\flashplayer18_ha_install.exe
2015-06-24 08:49 - 2015-06-24 09:35 - 00000000 ____D C:\Windows\pss
2015-06-17 09:19 - 2015-06-17 09:19 - 00034899 _____ C:\Users\Evilsin\Downloads\prbf2_1.3.0.0_full.iso.torrent
2015-06-12 05:33 - 2015-06-12 05:34 - 00002976 _____ C:\Users\Evilsin\Desktop\steamsupport.txt
2015-06-12 04:58 - 2015-06-12 04:58 - 00000992 _____ C:\Users\Evilsin\Desktop\New Text Document (5).txt
2015-06-12 04:32 - 2015-06-12 04:32 - 00002183 _____ C:\Users\Evilsin\Desktop\New Text Document (4).txt
2015-06-12 03:51 - 2015-06-12 04:07 - 00002379 _____ C:\Users\Evilsin\Desktop\New Text Document.txt
2015-06-11 07:11 - 2015-06-24 09:47 - 00000000 ____D C:\AdwCleaner
2015-06-10 01:45 - 2015-06-10 01:45 - 18169520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-06-08 13:58 - 2015-06-24 10:01 - 00000000 ____D C:\FRST
2015-06-08 12:38 - 2015-06-08 14:55 - 00000418 _____ C:\Windows\wininit.ini
2015-06-08 12:13 - 2015-06-08 11:51 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts.20150608-121307.backup
2015-06-08 11:51 - 2009-06-11 02:30 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts.20150608-115141.backup
2015-06-08 10:44 - 2015-06-08 10:44 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2015-06-08 10:43 - 2015-06-08 14:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-06-06 12:22 - 2015-06-06 12:22 - 00000000 ____D C:\Users\Evilsin\AppData\Local\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-06-06 12:17 - 2015-06-06 12:17 - 00000000 ___SD C:\Windows\system32\GWX
2015-06-06 11:52 - 2015-04-21 21:56 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-05 15:13 - 2015-06-24 08:29 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{68A1E410-1F93-40DF-B169-96D7A80B5DFB}
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieUserList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieSiteList
2015-06-05 15:13 - 2015-06-05 15:13 - 00000000 __SHD C:\Users\Evilsin\AppData\Local\EmieBrowserModeList
2015-06-05 15:05 - 2015-06-05 15:05 - 00000000 ____D C:\Windows\Offline Web Pages
2015-06-05 14:58 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-06-05 14:54 - 2015-06-05 14:54 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-05 14:54 - 2015-06-05 14:54 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-05 14:54 - 2015-06-05 14:54 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-06-05 14:54 - 2015-06-05 14:54 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-05 14:54 - 2015-06-05 14:54 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-06-05 14:54 - 2015-06-05 14:54 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-06-05 14:54 - 2015-06-05 14:54 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-05 14:38 - 2015-06-05 14:58 - 00007222 _____ C:\Windows\IE11_main.log
2015-06-05 13:58 - 2015-06-05 13:58 - 00000000 ____D C:\Windows\system32\MRT
2015-06-05 13:56 - 2015-06-05 13:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-06-05 13:53 - 2014-07-09 07:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-06-05 13:53 - 2014-07-09 07:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-06-05 13:53 - 2014-06-24 08:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-06-05 13:53 - 2014-06-24 08:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-06-05 12:20 - 2015-01-31 09:18 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-06-05 12:20 - 2015-01-31 05:26 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-06-05 12:15 - 2013-11-26 13:46 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-06-05 12:15 - 2013-11-23 04:18 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-06-05 12:14 - 2014-12-11 23:17 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-06-05 10:43 - 2015-06-24 09:49 - 00003360 _____ C:\Windows\setupact.log
2015-06-05 10:43 - 2015-06-05 10:43 - 00000000 _____ C:\Windows\setuperr.log
2015-06-03 14:02 - 2014-06-27 07:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-06-03 14:02 - 2014-06-27 07:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-06-03 13:59 - 2014-09-05 07:41 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-06-03 13:59 - 2014-09-05 07:22 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-06-03 12:42 - 2015-04-20 08:47 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-06-03 12:42 - 2015-04-20 08:26 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-06-03 12:42 - 2015-04-20 07:41 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-03 12:42 - 2015-02-04 08:46 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-06-03 12:42 - 2015-02-04 08:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-06-03 12:42 - 2015-02-03 09:01 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-06-03 12:42 - 2015-02-03 08:42 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-03 12:13 - 2015-06-03 12:14 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-03 11:44 - 2015-01-09 05:14 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-06-03 11:44 - 2015-01-09 05:13 - 00419936 _____ C:\Windows\system32\locale.nls
2015-06-03 11:12 - 2013-10-02 07:52 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-06-03 11:12 - 2013-10-02 07:41 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-06-03 11:12 - 2013-10-02 07:38 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 07:18 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 06:59 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 06:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-06-03 11:12 - 2013-10-02 05:45 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-06-03 11:12 - 2013-10-02 05:44 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-06-03 11:12 - 2013-10-02 05:31 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-06-03 11:12 - 2013-10-02 05:28 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-06-03 11:12 - 2013-10-02 05:01 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-06-03 11:12 - 2013-10-02 04:38 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-06-03 11:12 - 2013-10-02 04:04 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-06-03 10:08 - 2012-08-23 19:40 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-06-03 10:08 - 2012-08-23 16:42 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-06-03 10:08 - 2012-08-23 16:21 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-06-03 09:28 - 2015-05-01 18:47 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:28 - 2015-05-01 18:46 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:47 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:46 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:05 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 02:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-06-03 09:22 - 2013-01-14 01:50 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:39 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:38 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 01:24 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 01:23 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 01:19 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-06-03 09:22 - 2013-01-14 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 01:16 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-06-03 09:22 - 2013-01-14 01:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-06-03 09:22 - 2013-01-14 00:55 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-06-03 09:22 - 2013-01-14 00:54 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-06-03 09:22 - 2013-01-14 00:50 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-06-03 09:22 - 2013-01-14 00:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 23:39 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-06-03 09:22 - 2013-01-13 22:56 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-06-03 09:22 - 2013-01-13 22:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-06-03 09:12 - 2014-07-01 03:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-06-03 09:12 - 2014-07-01 03:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-06-03 09:12 - 2014-06-06 11:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-06-03 09:12 - 2014-06-06 11:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-06-03 09:12 - 2014-03-10 03:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-06-03 09:12 - 2014-03-10 03:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-06-03 08:42 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-06-03 08:42 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-06-03 08:42 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-06-03 08:42 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-06-03 08:42 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-06-03 08:42 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-06-03 08:42 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-06-03 08:42 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-06-03 08:42 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-06-03 08:42 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-06-03 08:42 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-06-03 08:42 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-06-03 08:42 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-06-03 08:42 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-06-03 08:42 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-06-03 08:42 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-06-03 08:42 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-06-03 08:41 - 2015-01-28 05:06 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-06-03 08:39 - 2015-05-22 23:48 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-03 08:39 - 2015-05-22 23:48 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-03 08:39 - 2015-05-22 23:43 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-03 08:39 - 2015-05-21 18:49 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-03 08:35 - 2015-05-25 23:54 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:53 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-03 08:35 - 2015-05-25 23:53 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-03 08:35 - 2015-05-25 23:51 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-03 08:35 - 2015-05-25 23:48 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-03 08:35 - 2015-05-25 23:48 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-03 08:35 - 2015-05-25 23:41 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-03 08:35 - 2015-05-25 23:37 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-06-03 08:35 - 2015-05-25 23:37 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-06-03 08:35 - 2015-05-25 23:34 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-06-03 08:35 - 2015-05-25 23:31 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-06-03 08:35 - 2015-05-25 23:30 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-06-03 08:35 - 2015-05-25 23:30 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-06-03 08:35 - 2015-05-25 23:29 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-06-03 08:35 - 2015-05-25 23:29 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-06-03 08:35 - 2015-05-25 23:25 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-06-03 08:35 - 2015-05-25 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:48 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:44 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:44 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-06-03 08:34 - 2015-05-25 23:31 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-06-03 08:34 - 2015-05-25 23:30 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-06-03 08:34 - 2015-05-25 23:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-06-03 08:34 - 2015-05-25 23:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-06-03 08:34 - 2015-05-25 23:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-06-03 08:34 - 2015-05-25 23:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 23:25 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:20 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-06-03 08:34 - 2015-05-25 22:20 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-06-03 08:34 - 2015-05-25 22:18 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-06-03 08:34 - 2015-05-25 22:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-06-03 08:30 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-06-03 08:25 - 2014-07-17 07:37 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-06-03 08:25 - 2014-07-17 07:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-06-03 08:25 - 2014-07-17 07:37 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-06-03 08:25 - 2014-07-17 07:10 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-06-03 08:25 - 2014-07-17 06:51 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-06-03 08:25 - 2014-07-17 06:51 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-06-03 08:24 - 2014-03-04 15:14 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-06-03 08:24 - 2014-03-04 15:14 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 15:13 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-06-03 08:24 - 2014-03-04 14:47 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-06-03 08:18 - 2012-12-07 18:50 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-06-03 08:18 - 2012-12-07 18:45 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-06-03 08:18 - 2012-12-07 17:56 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-06-03 08:18 - 2012-12-07 17:50 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-06-03 08:18 - 2012-12-07 16:50 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-06-03 08:18 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:49 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-06-03 08:18 - 2012-12-07 16:16 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:50 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-06-03 08:17 - 2012-12-07 16:49 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-06-03 08:17 - 2012-12-07 16:16 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-06-03 08:16 - 2015-05-09 08:57 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-06-03 08:16 - 2015-05-09 08:57 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-06-03 08:16 - 2015-05-09 08:56 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-06-03 08:16 - 2015-05-09 08:56 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-06-03 08:16 - 2015-05-09 08:44 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-06-03 08:16 - 2015-05-09 08:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-06-03 08:16 - 2014-11-11 08:38 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-06-03 08:16 - 2014-11-11 08:14 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-06-03 08:13 - 2015-04-18 08:40 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-06-03 08:13 - 2015-04-18 08:26 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-06-03 08:12 - 2014-06-18 07:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-06-03 08:12 - 2014-06-18 07:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-06-03 08:09 - 2013-12-04 07:57 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:57 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:56 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:46 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:46 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-12-04 07:33 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-06-03 08:09 - 2013-12-04 07:33 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-06-03 08:09 - 2013-12-04 07:32 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-06-03 08:09 - 2013-12-04 07:24 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-06-03 08:09 - 2013-12-04 07:24 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-06-03 08:09 - 2013-05-10 11:19 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-06-03 08:09 - 2013-05-10 08:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-06-03 08:07 - 2014-10-14 07:43 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-06-03 08:06 - 2013-04-26 05:00 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-06-03 08:06 - 2013-04-01 04:22 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-06-03 08:05 - 2014-01-24 08:07 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-06-03 08:04 - 2014-11-08 08:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-06-03 08:04 - 2014-11-08 08:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-06-03 08:03 - 2013-05-13 11:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-06-03 08:03 - 2013-05-13 09:13 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-06-03 08:03 - 2013-05-13 08:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-06-03 08:00 - 2014-10-14 07:43 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-06-03 08:00 - 2014-10-14 07:20 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-06-03 08:00 - 2014-06-03 15:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-06-03 08:00 - 2014-06-03 14:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-06-03 08:00 - 2014-06-03 14:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-06-03 08:00 - 2013-10-04 07:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:55 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-06-03 08:00 - 2013-10-04 07:28 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-06-03 08:00 - 2013-10-04 07:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-06-03 08:00 - 2013-02-27 11:17 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-06-03 07:59 - 2015-03-05 10:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-06-03 07:59 - 2015-03-05 09:35 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-06-03 07:59 - 2015-03-04 10:11 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-06-03 07:59 - 2015-03-04 10:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-06-03 07:59 - 2015-03-04 09:40 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-06-03 07:59 - 2014-12-19 07:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-06-03 07:58 - 2014-06-19 03:53 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-06-03 07:58 - 2014-06-19 03:53 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-06-03 07:58 - 2013-09-08 07:57 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-06-03 07:58 - 2013-09-08 07:33 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-06-03 07:57 - 2015-04-08 08:59 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-06-03 07:57 - 2015-04-08 08:44 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-06-03 07:57 - 2015-02-18 12:36 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-06-03 07:57 - 2015-02-18 12:34 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-06-03 07:57 - 2014-08-01 17:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-06-03 07:57 - 2014-08-01 17:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-06-03 07:57 - 2013-07-26 07:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-06-03 07:57 - 2013-07-26 07:25 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-06-03 07:56 - 2013-07-04 18:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 18:20 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-06-03 07:56 - 2013-07-04 17:27 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-06-03 07:56 - 2013-07-04 17:21 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-06-03 07:56 - 2013-06-26 04:25 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-06-03 07:55 - 2015-02-13 10:56 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-06-03 07:55 - 2015-02-13 10:52 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-06-03 07:55 - 2014-11-26 09:23 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-06-03 07:55 - 2014-11-26 09:02 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-06-03 07:54 - 2014-12-06 09:47 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-06-03 07:54 - 2014-12-06 09:20 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-06-03 07:54 - 2014-06-16 07:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-06-03 07:54 - 2014-01-29 08:02 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-06-03 07:54 - 2014-01-29 07:36 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-06-03 07:54 - 2013-10-04 07:46 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-06-03 07:54 - 2013-10-04 07:06 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-06-03 07:54 - 2013-07-12 16:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-06-03 07:54 - 2013-04-10 11:31 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2015-06-03 07:54 - 2013-02-12 09:42 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-06-03 07:54 - 2011-02-03 16:55 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-06-03 07:53 - 2015-04-13 08:58 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-06-03 07:53 - 2014-12-08 08:39 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-06-03 07:53 - 2014-12-08 08:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-06-03 07:53 - 2013-11-27 07:11 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-06-03 07:53 - 2013-11-27 07:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-06-03 07:53 - 2013-10-19 07:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-06-03 07:53 - 2013-10-19 07:06 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:42 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:41 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-10-03 07:15 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-06-03 07:52 - 2014-10-03 07:15 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-06-03 07:52 - 2014-10-03 07:14 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-06-03 07:52 - 2014-02-04 08:05 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-06-03 07:52 - 2014-02-04 08:05 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-06-03 07:52 - 2014-02-04 07:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-06-03 07:52 - 2014-02-04 07:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-06-03 07:52 - 2013-10-30 08:02 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-06-03 07:52 - 2013-10-30 07:49 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:51 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-06-03 07:49 - 2015-03-14 08:34 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-06-03 07:49 - 2015-02-20 10:11 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-06-03 07:49 - 2015-02-20 10:10 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-06-03 07:49 - 2015-02-20 09:43 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-06-03 07:49 - 2015-02-20 09:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-06-03 07:49 - 2015-02-20 08:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-06-03 07:49 - 2015-02-20 08:39 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-06-03 07:49 - 2015-02-03 09:01 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-06-03 07:49 - 2015-02-03 08:42 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-06-03 07:49 - 2014-10-30 07:33 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-06-03 07:49 - 2014-10-30 07:15 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-06-03 07:49 - 2014-04-25 08:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-06-03 07:49 - 2014-04-25 07:36 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-06-03 07:48 - 2015-01-17 08:18 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-06-03 07:48 - 2015-01-17 08:00 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-06-03 07:48 - 2015-01-09 08:44 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-06-03 07:48 - 2015-01-09 08:18 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-06-03 07:48 - 2013-08-28 06:42 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-06-03 07:48 - 2013-07-04 18:20 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-03 07:48 - 2013-07-04 17:20 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-03 07:47 - 2014-12-19 08:36 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-06-03 07:47 - 2014-08-12 07:32 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-06-03 07:47 - 2014-08-12 07:06 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-06-03 07:47 - 2014-05-30 12:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-06-03 07:47 - 2014-04-05 08:17 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-06-03 07:47 - 2013-11-26 17:10 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-06-03 07:47 - 2013-10-12 08:02 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-06-03 07:47 - 2013-10-12 08:01 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:34 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-06-03 07:47 - 2013-10-12 07:33 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-06-03 07:47 - 2013-10-12 07:03 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-06-03 07:47 - 2013-10-12 07:03 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-06-03 07:47 - 2013-10-12 06:45 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-06-03 07:47 - 2013-07-25 14:55 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-06-03 07:47 - 2013-07-25 14:27 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-06-03 07:47 - 2013-04-26 11:21 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-06-03 07:47 - 2013-04-26 10:25 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-06-03 07:46 - 2015-04-11 08:49 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-03 07:46 - 2015-03-10 08:55 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-06-03 07:46 - 2015-03-10 08:38 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-06-03 07:46 - 2015-03-10 08:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-06-03 07:46 - 2015-02-25 08:48 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-06-03 07:46 - 2014-11-11 07:16 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-06-03 07:46 - 2014-09-04 10:53 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-06-03 07:46 - 2014-09-04 10:34 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-06-03 07:46 - 2014-03-26 20:14 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-06-03 07:46 - 2014-03-26 20:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-06-03 07:46 - 2014-03-26 19:57 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-06-03 07:46 - 2014-03-26 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-06-03 07:46 - 2013-07-03 09:35 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-06-03 07:46 - 2013-07-03 09:35 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-06-03 07:45 - 2015-03-04 10:25 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-06-03 07:45 - 2015-03-04 10:11 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-06-03 07:45 - 2015-03-04 09:40 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-06-03 07:45 - 2015-01-29 08:49 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-06-03 07:45 - 2015-01-29 08:32 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-06-03 07:45 - 2014-10-25 07:27 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-06-03 07:45 - 2014-10-25 07:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-06-03 07:45 - 2014-06-06 15:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-06-03 07:45 - 2014-06-06 15:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-06-03 07:45 - 2014-01-28 08:02 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-06-03 07:45 - 2013-10-12 08:00 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:59 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-06-03 07:45 - 2013-10-12 07:59 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-10-12 07:33 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-06-03 07:45 - 2013-10-12 07:31 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-06-03 07:45 - 2013-08-05 07:55 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-06-03 07:45 - 2013-03-19 11:23 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-06-03 07:45 - 2013-01-24 11:31 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-06-03 07:43 - 2014-07-14 07:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-06-03 07:43 - 2014-07-14 07:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-06-03 07:42 - 2012-11-23 08:43 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-06-24 09:57 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-24 09:57 - 2009-07-14 10:15 - 00022464 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-24 09:53 - 2012-09-14 08:51 - 01945826 _____ C:\Windows\WindowsUpdate.log
2015-06-24 09:50 - 2013-08-26 05:48 - 00000000 ____D C:\Program Files (x86)\Origin
2015-06-24 09:49 - 2013-04-09 22:52 - 00000374 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2015-06-24 09:49 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-24 09:47 - 2012-09-13 20:27 - 00000000 ____D C:\Users\Evilsin
2015-06-24 09:41 - 2013-01-07 19:13 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-24 09:32 - 2012-09-21 20:09 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-24 09:11 - 2012-09-13 21:25 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA.job
2015-06-24 08:27 - 2012-11-11 06:35 - 00000000 ____D C:\ProgramData\Origin
2015-06-24 00:46 - 2012-09-13 21:45 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\uTorrent
2015-06-22 22:59 - 2014-12-18 19:54 - 00000000 ____D C:\Users\Evilsin\Desktop\New folder (2)
2015-06-17 22:29 - 2012-09-13 20:36 - 00196922 _____ C:\Windows\PFRO.log
2015-06-17 22:28 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\DMCache
2015-06-17 22:24 - 2012-09-13 22:00 - 00000000 ____D C:\Users\Evilsin\Downloads\Compressed
2015-06-17 08:48 - 2009-07-14 10:38 - 00032604 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-06-10 22:06 - 2013-08-25 03:21 - 00016982 _____ C:\Users\Evilsin\Desktop\Trade_Keys.txt
2015-06-10 19:34 - 2012-11-11 06:40 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\Origin
2015-06-10 09:42 - 2013-03-13 22:29 - 00003005 _____ C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AoE2Wide.lnk
2015-06-10 01:45 - 2013-01-07 19:13 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-10 01:45 - 2012-11-08 02:30 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-10 01:45 - 2012-11-08 02:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 20:36 - 2014-12-21 03:29 - 00000000 ____D C:\Users\Evilsin\AppData\Roaming\vlc
2015-06-08 18:40 - 2012-09-14 18:11 - 00000000 ___HD C:\Users\Evilsin\AppData\Roaming\Adobe
2015-06-06 15:58 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2015-06-05 15:08 - 2009-07-14 10:15 - 00414544 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 __RSD C:\Windows\Media
2015-06-05 15:05 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-05 13:58 - 2013-03-14 03:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-06-05 13:56 - 2013-03-14 03:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-06-05 04:00 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\AppCompat
2015-06-03 12:37 - 2009-07-14 10:39 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-06-03 12:23 - 2009-07-14 10:43 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-03 12:19 - 2009-07-14 08:50 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-06-03 12:14 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-06-03 12:13 - 2009-07-14 13:15 - 00000000 ____D C:\Program Files\Windows Journal
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files\Windows Defender
2015-06-03 12:13 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\tracing
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\zh-HK
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\tr-TR
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2015-06-03 12:13 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-06-03 11:25 - 2012-09-21 00:50 - 00001945 _____ C:\Windows\epplauncher.mif
2015-06-03 11:24 - 2012-09-21 00:50 - 00002120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-06-03 11:23 - 2012-09-21 00:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-06-03 10:44 - 2012-09-21 00:50 - 00775084 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-06-03 10:27 - 2012-09-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-02 05:09 - 2013-02-22 03:54 - 00000000 ____D C:\Windows\Minidump
2015-05-25 00:16 - 2013-03-28 01:21 - 00000000 ____D C:\Users\Evilsin\Downloads\Video
 
==================== Files in the root of some directories =======
 
2013-01-05 03:11 - 2013-01-05 03:20 - 0000807 _____ () C:\Users\Evilsin\AppData\Roaming\explorer
2014-01-02 03:45 - 2014-01-02 03:45 - 0000027 _____ () C:\Users\Evilsin\AppData\Roaming\WB.CFG
2013-07-05 11:21 - 2013-07-05 11:22 - 0007984 _____ () C:\Users\Evilsin\AppData\Local\CleanupUninstall.txt
2012-10-19 00:02 - 2012-11-07 03:14 - 0007607 _____ () C:\Users\Evilsin\AppData\Local\Resmon.ResmonCfg
 
Some files in TEMP:
====================
C:\Users\Evilsin\AppData\Local\Temp\Quarantine.exe
C:\Users\Evilsin\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-06-23 12:34
 
==================== End of log ============================


#14 Ace_Evilsin

Ace_Evilsin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:12:08 AM

Posted 23 June 2015 - 11:37 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-06-2015 01
Ran by Evilsin at 2015-06-24 10:02:37
Running from C:\Users\Evilsin\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3448805320-2649480344-1412443562-500 - Administrator - Disabled)
Evilsin (S-1-5-21-3448805320-2649480344-1412443562-1000 - Administrator - Enabled) => C:\Users\Evilsin
Guest (S-1-5-21-3448805320-2649480344-1412443562-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3448805320-2649480344-1412443562-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1210 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated)
Adobe Reader X (10.1.4) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.4 - Adobe Systems Incorporated)
Agarest: Generations of War (HKLM-x32\...\Steam App 237890) (Version:  - Idea Factory)
Age of Empires 2 Gold by KZ (HKLM-x32\...\Age of Empires 2 Gold by KZ_is1) (Version:  - )
Age of Empires II - the Conquerors WideScreen Patcher (HKLM-x32\...\{BA2F3EBC-FE07-4AB5-B906-14DF2C74C523}) (Version: 1.0.40 - Boekabart)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
AMD Catalyst Install Manager (HKLM\...\{37FCE154-7F59-74F0-3A35-BF503CEB230B}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.)
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Arma 2: Free (HKLM-x32\...\Steam App 107400) (Version:  - Bohemia Interactive)
Arma: Cold War Assault (HKLM-x32\...\Steam App 65790) (Version:  - Bohemia Interactive)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Borderlands Granting Tool (HKLM-x32\...\Steam App 301070) (Version:  - )
Borderlands: The Pre-Sequel (HKLM-x32\...\Steam App 261640) (Version:  - 2K Australia)
Child of Light (HKLM-x32\...\Steam App 256290) (Version:  - Ubisoft Montréal)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Codename Gordon (HKLM-x32\...\Steam App 92) (Version:  - Nuclear Vision)
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Cthulhu Saves the World  (HKLM-x32\...\Steam App 107310) (Version:  - Zeboyd Games)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Darksiders II - Death Lives (HKLM-x32\...\Darksiders II - Death Lives_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, spider91)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dell Resource CD (HKLM-x32\...\{42929F0F-CE14-47AF-9FC7-FF297A603021}) (Version: 1.00.0000 - Dell Inc.)
Diablo II (HKLM-x32\...\Diablo II) (Version:  - Blizzard Entertainment)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters)
Don Bradman Cricket 14 (HKLM-x32\...\Don Bradman Cricket 14_is1) (Version:  - Big Ant Studios)
Dragon Age Legends (HKLM-x32\...\com.bwsf.DragonAgeLegends) (Version: 1.0.14 - Electronic Arts)
Dragon Age Legends (x32 Version: 1.0.14 - Electronic Arts) Hidden
Dragon Age: Origins (HKLM-x32\...\Steam App 17450) (Version:  - BioWare)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 5.60.48.35 - Dell Inc.)
DYNASTY WARRIORS 6 (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\InstallShield_{7506D1CD-B7FE-40C7-AE1F-FE8666361700}) (Version: 1.00.0000 - Koei)
Dynasty Warriors 6 (x32 Version: 1.00.0000 - Koei) Hidden
Dynasty Warriors 8 Xtreme Legends (HKLM-x32\...\{DE04539D-C0B7-44FB-98E8-F9F181BEE3CE}) (Version: 6.0 - Black Box)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Euro Truck Simulator 2 (HKLM-x32\...\Euro Truck Simulator 2_is1) (Version: 1.16.2s - Релиз от R.G. Steamgames)
F.E.A.R. Plantinum (HKLM-x32\...\{0A7C4C5C-6DF9-48D5-BEF4-E5E6FB868EAF}_is1) (Version: 1.08 - Timegate Studio)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry® 3 (HKLM-x32\...\Steam App 220240) (Version:  - Ubisoft Montreal, Massive Entertainment, and Ubisoft Shanghai)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM-x32\...\Steam App 251870) (Version:  - OVERDRIVE)
Google Chrome (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\Google Chrome) (Version: 43.0.2357.130 - Google Inc.)
Grand Theft Auto (HKLM-x32\...\Steam App 12170) (Version:  - Rockstar North)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version:  - Opus )
HAWKEN (HKLM-x32\...\Steam App 271290) (Version:  - Adhesive Games)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6289.0 - IDT)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.4.1002 - Intel Corporation)
Intel® Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation)
Java™ SE Development Kit 7 (HKLM-x32\...\{32A3A4F4-B792-11D6-A78A-00B0D0170000}) (Version: 1.7.0.0 - Oracle)
Killing Floor (HKLM-x32\...\Steam App 1250) (Version:  - Tripwire Interactive)
Legendary (HKLM-x32\...\Steam App 16730) (Version:  - Spark Unlimited)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Maxthon Cloud Browser (HKLM-x32\...\Maxthon3) (Version: 4.4.3.4000 - Maxthon International Limited)
MB Condition Zero 2.0 (HKLM-x32\...\MB Condition Zero 2.0) (Version:  - )
MB Counter Strike 1.6 1.0 (HKLM-x32\...\MB Counter Strike 1.6 1.0) (Version:  - )
Metal Slug 3 (HKLM-x32\...\Steam App 250180) (Version:  - DotEmu)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
NARUTO SHIPPUDEN: Ultimate Ninja STORM 3 Full Burst (HKLM-x32\...\Steam App 234670) (Version:  - CyberConnect 2)
Nosgoth (HKLM-x32\...\Steam App 200110) (Version:  - Psyonix)
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.1.4482 - Electronic Arts, Inc.)
Outlast (HKLM-x32\...\Steam App 238320) (Version:  - Red Barrels)
PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version:  - OVERKILL Software)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Quake III Arena (HKLM-x32\...\Steam App 2200) (Version:  - id Software)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.5.0 - Dell Inc.)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.13.112.2010 - Realtek)
Recettear: An Item Shop's Tale (HKLM-x32\...\Steam App 70400) (Version:  - EasyGameStation)
Rise of Nations: Extended Edition (HKLM-x32\...\Steam App 287450) (Version:  - SkyBox Labs)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Setup - Dynasty Warriors 8 Empires ... (HKLM-x32\...\Setup - Dynasty Warriors 8 Empires ...) (Version: ... - Omega Force)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
SMPlayer 14.9.0 (x64) (HKLM\...\SMPlayer) (Version: 14.9.0 - Ricardo Villalba)
Sniper Elite: Nazi Zombie Army (HKLM-x32\...\Steam App 227100) (Version:  - Rebellion)
Split/Second (HKLM-x32\...\Steam App 297860) (Version:  - Black Rock Studio)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.0.0.1 - Synaptics Incorporated)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
The Showdown Effect (HKLM-x32\...\Steam App 204080) (Version:  - Arrowhead Game Studios)
The Walking Dead (HKLM-x32\...\The Walking Dead_R.G. Mechanics_is1) (Version:  - R.G. Mechanics, Panky)
Tom Clancy's Splinter Cell® Blacklist™ (HKLM-x32\...\{A6356F2F-D3E1-4D83-9AA2-72871DD0C298}) (Version: 1.01 - Ubisoft)
Tomb Raider (HKLM-x32\...\Steam App 203160) (Version:  - Crystal Dynamics)
Torchlight (HKLM-x32\...\Torchlight_is1) (Version:  - GOG.com)
Total War: ROME II - Emperor Edition (HKLM-x32\...\Steam App 214950) (Version:  - Creative Assembly)
Truck Racer (HKLM-x32\...\Steam App 256070) (Version:  - Kylotonn Entertainment)
Unity Web Player (HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version:  - Ubisoft Montpellier)
Verdun (HKLM-x32\...\Steam App 242860) (Version:  - M2H)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.1.1100 - Broadcom Corporation)
WiFi HotSpot Creator (HKLM-x32\...\WiFi HotSpot Creator) (Version:  - )
Winamp (HKLM-x32\...\Winamp) (Version: 5.623  - Nullsoft, Inc)
Windows Driver Package - Broadcom Corporation (BTHUSB) Bluetooth  (03/24/2010 6.3.0.2501) (HKLM\...\AF09E130E2FD4D1BEFD1B9132AE624BAE0364719) (Version: 03/24/2010 6.3.0.2501 - Broadcom Corporation)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Evilsin\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll (Google Inc.)
 
==================== Restore Points =========================
 
23-06-2015 12:50:03 Scheduled Checkpoint
24-06-2015 08:45:18 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 08:04 - 2015-06-08 12:13 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {06DE7048-A87D-46C4-A729-A14DB4037770} - System32\Tasks\MSIAfterburner => C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
Task: {0A120C22-B979-456F-9BA6-20FC67231EE4} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {20C0EB02-8B09-43CA-AB12-B8A268D9194B} - System32\Tasks\{177EC37E-FB18-4C67-81CB-4BB0FFE3C1C3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=4.2.0.169.404&amp;LastError=404
Task: {211B6572-9FAC-4384-891C-97A44D5908AC} - System32\Tasks\{24E02306-CA83-4B93-B270-712C8216BA24} => pcalua.exe -a D:\Steam\steam.exe -c steam://uninstall/231060
Task: {25BCAE0B-2B6D-4092-AC28-03D11AC933A8} - System32\Tasks\{5D26FAE2-A2E1-4933-9DFC-DE8BF4A25492} => pcalua.exe -a "C:\Program Files\sges-v3\uninstall.exe"
Task: {3A9AC1C9-3B6A-4668-BD5D-2B6CA16909A1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated)
Task: {48EFA838-E88A-4AF2-8D4C-E1BEADF1441C} - System32\Tasks\{D9819C55-381D-48A9-98F2-484FCDB07CE1} => F:\Call.of.Duty.Black.Ops.II.Update.3.exe
Task: {4925A30D-3C60-440A-8977-1F843058EE41} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {4EF60CB2-02B7-459F-B9C6-6053EE6B2253} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {4FA04AE8-6750-494D-8CF4-CA18DB63A55F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {54556F8D-479E-4380-BD70-BD632F86ABE3} - System32\Tasks\{A2D0627B-89F4-44A4-92AD-8AE1CA688F20} => pcalua.exe -a "D:\Unreal Tournament 3 Black Edition\OpenAL\oalinst.exe" -d "D:\Unreal Tournament 3 Black Edition\OpenAL"
Task: {65A0472D-5385-455A-B902-E073C6BC609F} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {7A3F56FD-EBF5-451D-A453-446041F41739} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: {84144F8F-FBF6-4B13-9B5E-1264833740A9} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation)
Task: {9DEC89C1-FC5E-4C21-AEA3-2D94421B37D5} - System32\Tasks\{F37F6C46-D011-40C0-A15B-D5ECBCF379C0} => C:\Program Files (x86)\Condition Zero\hl.exe
Task: {9E2D89D8-EEE3-46AD-9275-BD1433131282} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-13] (Google Inc.)
Task: {A2B738D6-559A-4F97-847D-9728E962651C} - System32\Tasks\{12CCF9DA-488E-4E32-9E5C-2402BBEFB4DC} => pcalua.exe -a C:\Users\Evilsin\Downloads\Compressed\CSIW_Setup_26_Dec_2012\CSIW_Setup_26_Dec_2012.exe -d C:\Users\Evilsin\Downloads\Compressed\CSIW_Setup_26_Dec_2012
Task: {A514098C-CF17-417F-AC69-D159B88B4DF7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-08] (Microsoft Corporation)
Task: {A8759C09-DDE6-494B-B741-B43E0105961A} - System32\Tasks\{DD6EEA7C-418D-494E-A8BC-3513AAB9E9DA} => pcalua.exe -a C:\Windows\System32\msiexec.exe -d "D:\Steam\steamapps\common\Truck Racer" -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS3F5C371F8EA24F259D3DD0B4526E3AEA_9_10_0513.MSI" WISE_SETUP_EXE_PATH="D:\Steam\steamapps\common\Truck Racer\Redist\PhysX_9.10.0513_SystemSoftware.exe"
Task: {B3F74957-5C17-4DF5-B489-E55BF4B01671} - System32\Tasks\{5F6E9957-ACDD-4E70-A645-F54DE5937254} => pcalua.exe -a "C:\Users\Evilsin\Downloads\Compressed\Instalation Guild Wars 2 Key Generator\Instalation Guild Wars 2 Key Generator\Application Files\Installation_1_0_0_8\Installation.exe" -d "C:\Users\Evilsin\Downloads\Compressed\Instalation Guild Wars 2 Key Generator\Instalation Guild Wars 2 Key Generator\Application Files\Installation_1_0_0_8"
Task: {BAFB18B2-F3D8-45C4-A3B6-F4D2C1F425B7} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-14] (Microsoft Corporation)
Task: {C1EF0E3C-CE83-4E2B-8BA8-1EF8E098E0A9} - System32\Tasks\Maxthon Update => C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe [2015-06-02] (Maxthon International ltd.)
Task: {D16C4DA4-405C-463B-98FA-CEB806B84DD3} - System32\Tasks\{2C384E0F-9ED4-49F5-A650-B7E2FFF8BF35} => pcalua.exe -a C:\Windows\System32\msiexec.exe -d D:\Steam\steamapps\common\Antichamber -c /passive /I "C:\Program Files (x86)\Common Files\Wise Installation Wizard\WIS8A809006C25A4A3A9DAB94659BCDB107_9_10_0224.MSI" WISE_SETUP_EXE_PATH="D:\Steam\steamapps\common\Antichamber\Binaries\Redist\physx\PhysX_9.10.0224_SystemSoftware.exe"
Task: {DBE253E2-9A23-422F-A67E-76472DEF25DE} - System32\Tasks\{E08968D4-5CC3-4237-ABC9-1219CCC0C217} => pcalua.exe -a C:\Users\Evilsin\Downloads\Programs\cain20.exe -d C:\Users\Evilsin\AppData\Roaming\IDM
Task: {DC47F4DB-2C93-495F-9181-87E9DE07371F} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {E033C673-33F8-42C2-963F-AA1B5546E053} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-08] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1cf8d161ad047f7.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1cfeac8a36689ae.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d001208f67edf3.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d040cbdb7819e0.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000Core1d09089c61b5c9.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3448805320-2649480344-1412443562-1000UA.job => C:\Users\Evilsin\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2013-04-23 11:44 - 2014-02-05 00:40 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-04-29 23:08 - 2013-04-29 23:08 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-06-18 15:49 - 2013-06-18 15:49 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-06-03 12:34 - 2015-06-03 12:34 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\9419a7c2030ade01725f8fd9344e218d\IsdiInterop.ni.dll
2012-09-13 20:49 - 2010-06-08 10:44 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\...\dell.com -> dell.com
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3448805320-2649480344-1412443562-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Evilsin\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 202.88.149.25 - 202.88.149.6
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [TCP Query User{0642D852-FD18-4422-9DC9-176DC68BB0BB}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{149BBF58-F105-4062-8125-2D573D0EC224}C:\program files (x86)\winamp\winamp.exe] => (Block) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{D92FC20D-E426-446E-86FF-50B16C86C691}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [UDP Query User{5FAA7894-FA9B-4908-82B1-E31077AB26ED}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [TCP Query User{FC193D0F-211C-45AE-96C2-5D4F5A2EC953}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [UDP Query User{ADB652CD-5100-4F64-B255-4E323710F62A}C:\program files (x86)\condition zero\hl.exe] => (Allow) C:\program files (x86)\condition zero\hl.exe
FirewallRules: [TCP Query User{534C342E-E0C6-4EA9-BBA4-102C5744DE69}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [UDP Query User{C1DD4703-648F-423F-AC3C-0285768DE991}C:\program files (x86)\winamp\winamp.exe] => (Allow) C:\program files (x86)\winamp\winamp.exe
FirewallRules: [TCP Query User{C6B7ED91-2D25-4F6D-A114-354386FAC990}D:\bzzzt\valve\condition zero\hl.exe] => (Allow) D:\bzzzt\valve\condition zero\hl.exe
FirewallRules: [UDP Query User{DB3BBB20-8881-4B04-AB59-43F35719848E}D:\bzzzt\valve\condition zero\hl.exe] => (Allow) D:\bzzzt\valve\condition zero\hl.exe
FirewallRules: [TCP Query User{CFAA90A7-978F-44A4-8401-AD63F2C79785}C:\program files (x86)\activision\blur™\blur.exe] => (Allow) C:\program files (x86)\activision\blur™\blur.exe
FirewallRules: [UDP Query User{755594BB-F386-4F58-88E3-D4819ADF5BFD}C:\program files (x86)\activision\blur™\blur.exe] => (Allow) C:\program files (x86)\activision\blur™\blur.exe
FirewallRules: [{E331DE8A-D17C-42DA-8E2E-47EFBE719CA7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires Online\Spartan.exe
FirewallRules: [{B9BA3F48-2C9B-459F-BC7E-2C6BEB1EFE9D}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires Online\Spartan.exe
FirewallRules: [TCP Query User{94D57E46-0D5D-4C66-80D7-2CD690B7CE44}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{163D86A2-5E20-4B3E-AA5D-EC5582655F0D}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{B97AE4DE-FB1A-4A01-8427-6553721E9B45}D:\bzzzt\need for speed most wanted\speed.exe] => (Allow) D:\bzzzt\need for speed most wanted\speed.exe
FirewallRules: [UDP Query User{B2B2056C-6A2F-406B-AAD3-F56F517DAF43}D:\bzzzt\need for speed most wanted\speed.exe] => (Allow) D:\bzzzt\need for speed most wanted\speed.exe
FirewallRules: [TCP Query User{F795D62E-7752-4F8A-B146-0A37B65C5614}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [UDP Query User{379F5730-CC5C-4FD3-BD91-6C95B4CB1113}D:\bzzzt\black_box\max payne 3\maxpayne3.exe] => (Allow) D:\bzzzt\black_box\max payne 3\maxpayne3.exe
FirewallRules: [TCP Query User{ACD3D674-CC5F-4C3C-A92C-D87D98BF45DB}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [UDP Query User{AB5A36C8-D934-425B-A3D5-E5E97C3C8DCA}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [TCP Query User{3D10530A-537F-4075-9D7F-7ED9088EC433}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe
FirewallRules: [UDP Query User{64D59434-114F-4300-B2FC-EB7B7C97D8B1}C:\program files (x86)\origin games\battlefield 1942\bf1942.exe] => (Allow) C:\program files (x86)\origin games\battlefield 1942\bf1942.exe
FirewallRules: [TCP Query User{7C292975-6C3E-461A-8924-ACFF85D96AE8}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [UDP Query User{F8A2FFCC-C0B5-46AE-B083-850441FAC171}C:\program files (x86)\mb condition zero\hl.exe] => (Allow) C:\program files (x86)\mb condition zero\hl.exe
FirewallRules: [TCP Query User{1E8BFA79-1B13-4070-99F5-DC73B38DCA81}C:\program files (x86)\mb condition zero\hlds.exe] => (Allow) C:\program files (x86)\mb condition zero\hlds.exe
FirewallRules: [UDP Query User{AFDA793A-9267-4EDA-A95F-36AA45F86F28}C:\program files (x86)\mb condition zero\hlds.exe] => (Allow) C:\program files (x86)\mb condition zero\hlds.exe
FirewallRules: [{4D20AD9D-7026-4E17-A3F4-05D9EFF402E3}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{BC66AD3C-4C1A-4C38-9DD9-2E3C0E8544A9}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
FirewallRules: [{14FE247A-5A2C-4202-97AF-2D97ABC03433}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [{8BB6F500-4CA9-4C38-BAC0-3AA4C2CAC732}] => (Allow) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
FirewallRules: [TCP Query User{7004E2FE-936A-4703-8001-8094A192D21C}C:\program files (x86)\mb counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\mb counter strike 1.6\hl.exe
FirewallRules: [UDP Query User{0C37D36E-8B51-4957-A0F9-16677E331A29}C:\program files (x86)\mb counter strike 1.6\hl.exe] => (Allow) C:\program files (x86)\mb counter strike 1.6\hl.exe
FirewallRules: [TCP Query User{A652426C-DE4B-4B5E-A51A-8BF3C5A50A47}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [UDP Query User{20E70F76-4B68-4F6D-BFE6-EB59FCA94172}C:\program files (x86)\cain\cain.exe] => (Allow) C:\program files (x86)\cain\cain.exe
FirewallRules: [{95336B00-56DE-41A1-B136-35BF6B58E838}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{B56C2628-E6CC-460B-A87C-D0696F2324AE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{BA100FB4-E997-42AD-8361-E289B505CD7B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{8D9FFFD4-9C2F-4152-85E6-C4D6BD1096A3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{FD168F22-E001-4A75-9289-CFEDAF32B254}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{00107891-CA2A-4587-ABE5-488069F4AD3D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires Online\AOEOnline.exe
FirewallRules: [{33648313-197C-46FB-A650-071FBBCB25F0}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{1993567E-E931-496D-9ED4-318817297EC1}] => (Allow) C:\Program Files (x86)\Cracked Steam\steam.exe
FirewallRules: [{0B6B6444-5205-4AF3-8756-01B50BC9B716}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{2A7713BF-F9D7-442B-A12A-4FF9848F5CF9}] => (Allow) C:\Program Files (x86)\Steam\steam.exe
FirewallRules: [{6E61854D-E93A-4793-A08C-735706213655}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6768CC39-426B-4499-93AB-4800345A71E1}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{DC7D8BCA-6BA3-4297-A84F-1FF446DC2525}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{14849EC6-DF93-490C-BB91-B62F8446EE2D}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{7CB95DA9-7253-41FE-8B65-73595E0FA5FB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{5AC76F86-E519-41CC-BF07-F5FA8B972114}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\counter-strike\hl.exe
FirewallRules: [{40D3412D-DAC2-4A6B-B89C-19969BB1D5C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{E549B6A2-DB89-4792-9128-DE78F55D17F3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{6D0F1CB7-9FF1-44F0-B7B2-914C09CA6E60}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{E02D3466-0BCB-4B5C-A5E9-40F18D8BD550}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{987D6778-7C75-4D35-B378-EEE4C1E2124B}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{7CC3CED9-9572-4537-A4A2-69B78847D4C0}] => (Allow) C:\Program Files (x86)\AMX Mod X\Installer.exe
FirewallRules: [{EFA6D350-A889-427A-8928-C59A888BCC44}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{36397D21-2FFF-4A58-AB87-515A5EB7FAE8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life\hl.exe
FirewallRules: [{1D9C11F4-C438-4A81-8651-C2D45FE010C3}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D36A6478-F699-4911-AD8C-DB58BB807A60}] => (Allow) D:\Steam\Steam.exe
FirewallRules: [{D66E3786-C8D4-439F-A65B-6B602F7B0A0C}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{554CE5A6-A75A-4E9C-87AA-B00B9BECE104}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{2A8848B1-E259-49E9-9D23-4CF3E686C622}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [{F58CC93F-F5B7-42CC-8406-9AAAF2E0E27F}] => (Allow) D:\Steam\SteamApps\ace_evilsin\condition zero\hl.exe
FirewallRules: [TCP Query User{668D924B-4AEA-466E-AF56-FF010B8D7E31}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{845910EB-EE89-4EB5-8A19-7D25F8B47FA6}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [TCP Query User{3FDB49AD-F426-406B-B37B-3C1D8A0F00C9}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{9B753886-A99A-406E-8799-90EE7480CF1F}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [TCP Query User{CCB3AF9F-3397-40EF-BC0A-7C9E00D7DD4C}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [UDP Query User{D1266558-40AA-4F09-BD59-7D45A7F8A006}C:\windows\syswow64\dplaysvr.exe] => (Allow) C:\windows\syswow64\dplaysvr.exe
FirewallRules: [{4576FE43-CC0D-41C6-B369-B4D37F0C0BEE}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{6E3E1F2B-9E1D-400A-9815-D349B4FEAE50}] => (Allow) C:\Windows\System32\migwiz\migwiz.exe
FirewallRules: [{CA8CE1F7-F3EC-48F1-A503-46C5BC27F7CC}] => (Allow) LPort=7000
FirewallRules: [{E58DEDA4-B937-42EF-B841-D2EB8EC1D19B}] => (Allow) LPort=7000
FirewallRules: [{CD6CE66B-7115-433C-A3A8-9CD3BA6879B7}] => (Allow) D:\bzzzt\Crysis 3\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{2B3F5D08-4676-41C6-BC2D-DFD8A95D4E52}] => (Allow) D:\bzzzt\Crysis 3\Crysis 3\Bin32\Crysis3.exe
FirewallRules: [{000586EF-F051-400C-9543-A0E7E5E43472}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{AD375DBB-405B-4FE2-9972-E8F5C6239DE7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{45C30E35-896C-4AC6-BE61-BCD744B0E5BD}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{95CBA3E6-1793-4C49-A6D5-DE3F39C8471B}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{B2D7F061-5F0E-40FF-8BE9-2E011D468E89}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{4AF88417-F691-4CF2-A2E0-94E75BA20A0D}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{415C2A2F-575E-429E-AF84-3BD28D8836D8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F925E9C3-3D41-48C3-B7FA-156DA28C07C8}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{58B8B59D-ACA1-4278-B1E2-E5D47A511234}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{5A317F8B-68E0-475B-BD18-6DF3026B478F}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [TCP Query User{5EF5887D-CD4A-4D95-9672-2E8EA68FD470}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe] => (Allow) C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe
FirewallRules: [UDP Query User{D93B13C7-797B-44A8-84AE-3105BBF7A0BA}C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe] => (Allow) C:\program files (x86)\vertrigoserv\apache\bin\v_apache.exe
FirewallRules: [TCP Query User{1E6D549D-A52A-4D2D-B031-27D6428997A0}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe] => (Allow) C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe
FirewallRules: [UDP Query User{DA49368D-BB09-4288-B5AE-11FF8BB7C8EA}C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe] => (Allow) C:\program files (x86)\vertrigoserv\mysql\bin\v_mysqld.exe
FirewallRules: [TCP Query User{72483714-CA33-42D2-8451-4DC8A06BDC6E}C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [UDP Query User{BA5CF626-33DE-4302-8D65-CE42673B9C9E}C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\jre\bin\java.exe
FirewallRules: [TCP Query User{1FF6CFC2-64F1-4046-BA0F-5E124B47B5DC}C:\program files\netbeans 6.8\bin\netbeans.exe] => (Allow) C:\program files\netbeans 6.8\bin\netbeans.exe
FirewallRules: [UDP Query User{224D495E-1534-4F0B-884F-91590D2A1800}C:\program files\netbeans 6.8\bin\netbeans.exe] => (Allow) C:\program files\netbeans 6.8\bin\netbeans.exe
FirewallRules: [TCP Query User{96154207-4FB2-4A2F-A12B-D614F55D4CBD}C:\program files (x86)\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\bin\java.exe
FirewallRules: [UDP Query User{1BBD3EF9-0BA1-4B9A-8AFB-03DE69B19F8F}C:\program files (x86)\java\jdk1.7.0\bin\java.exe] => (Allow) C:\program files (x86)\java\jdk1.7.0\bin\java.exe
FirewallRules: [{285EC5B8-D499-44D8-859F-09F6FEFE036F}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{6F944341-D501-4788-8587-CE670CB265C5}] => (Allow) C:\Program Files (x86)\Opera\opera.exe
FirewallRules: [{E08D2B45-8822-4515-B176-2D40EBDA8D31}] => (Allow) D:\Steam\SteamApps\common\Chess the Gathering\CTG.exe
FirewallRules: [{405057AC-A26B-4145-A300-1D63489A224F}] => (Allow) D:\Steam\SteamApps\common\Chess the Gathering\CTG.exe
FirewallRules: [{45002D5A-90EA-4851-B5D9-BD3AF0DE30A5}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{A8C22DC2-E069-42A3-8520-7B35812BA787}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{F1E0B70D-0D86-48A9-8572-7BD50E3CCE67}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{8FF44AE6-45FD-4FCB-8EE4-B5B6E938673C}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{A5F9A100-9960-4DB1-8FCF-652F7022247A}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{30C33E4B-CEFB-408E-AB47-DACEC00BB4AA}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Borderlands2.exe
FirewallRules: [{1457DA87-90CA-41A2-85D2-78A3DBB72EAC}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B4930DFB-4F5B-4640-9843-A52C998B5351}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{B3D0B762-8880-4F76-9474-2389AC26ABDB}] => (Allow) D:\Steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{ABA03C4C-9BC9-4DBA-9866-9D7CEE39F422}] => (Allow) D:\Steam\SteamApps\common\DmC Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe
FirewallRules: [{2470924E-9E67-4244-B042-78FAB6C2AEFA}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{53D554AA-C02E-44E4-9DD6-F8844FEAF6C8}] => (Allow) D:\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{0B2F6B5F-96C3-4229-88F7-0F49B4F0D208}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{99C3800E-0315-4326-9917-204979DDE2B6}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{81DADB17-8F69-4E1F-A22A-4CEECE018366}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{5EDFC50E-483A-4B6D-984B-C37BFFEDF9E1}] => (Allow) C:\Program Files (x86)\Microsoft Games for Windows - LIVE\Client\GFWLive.exe
FirewallRules: [{7391B9B6-C5E1-41C0-8752-EB7BD99A32C9}] => (Allow) LPort=80
FirewallRules: [{D0D18DF0-9A24-4623-BAD7-CCB0E068E795}] => (Allow) LPort=53
FirewallRules: [{2F18CE06-A3DB-4C44-B37F-299D4425E016}] => (Allow) LPort=80
FirewallRules: [{4D1F921F-B8F2-4A4C-9B56-97B894FBF6D6}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{7EE0404E-5540-4701-9176-BCC7CFF299ED}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{C6BA68EC-83EA-409B-AA6B-E042264DB80E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{8CC574AB-9BE4-4817-915C-11640E929660}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{143DC4F1-B24C-4FB5-A937-30E3C07A3C2A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{447E550E-D184-40D0-BF0A-E95E0A3AD38E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E8340455-E95E-4F8C-9CD3-2A4ED28AEE86}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{564FF3BA-F1B5-47BE-8032-C05BA40696F4}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{998629BE-B464-49C7-B341-21B78E4A4517}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{3FEBFE09-A2D6-4973-92E9-DA6DB3843841}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{7734A3C8-FEBE-4239-83EC-2F994F82F5A1}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{081E7089-E175-462F-AD81-A382A926A458}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{15F02FFF-D1B5-4CBE-B652-073F24134D74}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{E0C5C928-8846-42E9-B130-B10D8B838214}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{05E98E6E-C881-44B1-9D70-2B3C9FF7839E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{99FB14B0-C527-436E-A62F-B1FFB6D7FE48}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{6F638AFC-DFF3-4288-B435-B9B81E600973}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{58738155-7FCE-4015-8750-53E2550BEE75}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{365A6D3A-80F0-478B-B959-F5872A02AF5B}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{D431D414-F473-42CD-A9F1-F56C8B3DB8AC}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird.exe
FirewallRules: [{8EC2A864-2B8A-4955-95D6-E94103ABCE16}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{2BDBC0ED-E03A-41E4-8C5E-4E76B4351F3F}] => (Allow) D:\Steam\SteamApps\common\Saints Row the Third\SaintsRowTheThird_DX11.exe
FirewallRules: [{9AB52921-2490-415D-BDEC-E6412E6BC6BE}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{ABC13754-8892-43A7-BD39-E4B9A19E4116}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{B7576DFC-BA4A-40F5-99D2-350724F9506C}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{EE73CAC4-17DE-4CEB-A6DF-7FFA89D37E0F}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{5389B134-A811-4284-B50D-887611ACAFEC}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{CB543882-0D3A-43CA-9066-B5F47597AF81}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\Blacklist_Launcher.exe
FirewallRules: [{03FB869A-5437-4458-BCDD-02A4EB68A149}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{A95DD0C4-D505-4170-8B5C-3F5AC1830E66}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_game.exe
FirewallRules: [{0269F55C-154A-43BD-8D48-0B90D71B8523}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{8D09DFA3-374C-4189-8704-6138909351EE}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\Blacklist_DX11_game.exe
FirewallRules: [{9290D00C-63D1-4560-B76C-AF81AE0D853F}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{83D8E05A-4CD5-4CA0-997D-ACCB46AEC283}] => (Allow) D:\Ubisoft\Ubisoft\Tom Clancy's Splinter Cell® Blacklist™\src\SYSTEM\gu.exe
FirewallRules: [{95D53667-E811-4DC7-B48A-D714E70CB6EE}] => (Allow) D:\Steam\SteamApps\common\Legendary\Binaries\Legendary.exe
FirewallRules: [{3B51C0F5-AFCE-4565-81F1-747655395F33}] => (Allow) D:\Steam\SteamApps\common\Legendary\Binaries\Legendary.exe
FirewallRules: [{68920A3E-0B25-45D7-9C2F-A8E426398AA3}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{9D8B6619-C6FF-4ACA-A6AD-237D6BDA7A90}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{FB3B9766-7836-4C24-883F-D17C7F06C2E1}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{C28B6BB8-D4F6-4630-A3A7-55B38AFFEC72}] => (Allow) D:\Steam\SteamApps\common\Tomb Raider\TombRaider.exe
FirewallRules: [{DB48FDF6-137B-478F-809D-B4E29ED98994}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{688E765F-3499-4350-8303-835BEBD3497A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{CE1AE15E-3E0D-4E3C-B49A-7DE1EDF5D0FA}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{C3C72ACA-1C26-4DB6-AB2C-96411CAB5398}] => (Allow) D:\Steam\SteamApps\common\KillingFloor\System\KillingFloor.exe
FirewallRules: [{857969B7-64FF-46B5-8826-C463F7519651}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{C10A46CE-79D9-4488-A10E-EBC7EBCB2117}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3.exe
FirewallRules: [{7AF7C40A-924E-461F-B894-39C480323584}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{66A6E23D-57F5-419F-AD1B-3878A78D3F57}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\farcry3_d3d11.exe
FirewallRules: [{8CA63E8B-ECF1-4596-AA1A-7580688DB43A}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ADA16ECE-AFAD-46BC-B744-40551DF3F28E}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{4B074DE3-8E87-4312-854C-6A63D9471147}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{DEFF95C8-7140-4178-BE5A-159A3CD36241}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\DAOrigins.exe
FirewallRules: [{3E4FFBFB-D642-41A9-A454-5D294C998E28}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{5A5F5F60-CC1C-45C2-946F-09C3B86DF103}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\DAOriginsLauncher.exe
FirewallRules: [{2C6CD4A5-B0E0-404D-BCA9-8F464B69FFE7}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{7E395431-7906-4F6A-A882-C2A26B26AF67}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\docs\EA Help\Electronic_Arts_Technical_Support.htm
FirewallRules: [{AEA18506-4A78-4273-AE35-15785D33EF3A}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{66A6B495-7CB5-4C46-BCD6-DCDCA16F2293}] => (Allow) D:\Steam\SteamApps\common\BioShock Infinite\Binaries\Win32\Benchmark.bat
FirewallRules: [{B2D6CE48-5B16-437B-BEEF-AAF62DCE4F77}] => (Allow) D:\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{62F932B5-E75A-4E81-B0EC-E5B7ADB2CA29}] => (Allow) D:\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{00369489-6364-45AE-AF66-EF648A752783}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{513F8485-63F1-4AFB-B039-6CF207D4A335}] => (Allow) D:\Steam\SteamApps\common\Dragon Age Origins\bin_ship\daupdatersvc.service.exe
FirewallRules: [{F8193AAD-07CD-4EC8-8318-543DECA16C4E}] => (Allow) D:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{F5B7EB21-F9EE-4110-9239-A754D0B5A3D6}] => (Allow) D:\Steam\SteamApps\common\SleepingDogs\HKShip.exe
FirewallRules: [{B6AA828E-57C0-40A5-BFA8-E4ACB8631997}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{05C57653-AC44-4074-B313-6DCA8076A346}] => (Allow) D:\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C77DA7A7-3051-43D2-85B7-A9C583F8D988}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{100E05F4-43C2-40CB-8564-1DE8B372144B}] => (Allow) D:\Steam\SteamApps\common\Far Cry 3\bin\FC3UpdaterSteam.exe
FirewallRules: [{3222EFB2-759B-4119-8D09-84006BA5EF10}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{EB731D9D-5FB8-4320-85FD-63936878343E}] => (Allow) D:\Steam\SteamApps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{BA06B19A-6BD7-4A69-9C4B-7448C2C64395}] => (Allow) D:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{02CC6ADD-35BC-457E-A733-24409B2C8463}] => (Allow) D:\Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{046D9637-7C27-4F3F-B60E-94AA16970BDC}] => (Allow) D:\Games\Battlefield 4\bf4.exe
FirewallRules: [{D0B46860-2ECB-4151-A836-673F83325E95}] => (Allow) D:\Games\Battlefield 4\bf4.exe
FirewallRules: [TCP Query User{72D63506-3D80-45CA-8EF3-227825B1B842}C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [UDP Query User{E292C7AA-CE88-44C1-93DE-E88D0E9BEE1D}C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe] => (Allow) C:\program files (x86)\danusoft\wifi hotspot creator\wifi hotspot creator.exe
FirewallRules: [{9FE37AC8-8236-4167-9431-85B76970D25A}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [{BF258CB3-EB77-486C-9CFA-0E480774943C}] => (Allow) C:\Program Files (x86)\mHotspot\mHotspot.exe
FirewallRules: [{6BCF0782-9616-487B-9126-74B3FF561DBB}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{FCB22CFF-74EF-4831-8F50-B959A4C99327}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
FirewallRules: [{74A33311-11EB-4244-BBBC-B9F0579131D9}] => (Allow) D:\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{9F30F195-2487-4DBA-8D08-142D62D3CCD2}] => (Allow) D:\Origin Games\Battlefield 4\bf4_x86.exe
FirewallRules: [{B1453B6F-F39A-460A-8F2A-F6C858E96CDC}] => (Allow) D:\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{C3BE4645-B13B-41E7-AA03-9469038AB6D9}] => (Allow) D:\Origin Games\Battlefield 4\bf4.exe
FirewallRules: [{A795562E-D3C9-4D58-AF86-0B995048ADAC}] => (Allow) D:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{59D18818-388C-496F-B7EF-612A9086D997}] => (Allow) D:\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{015F5934-89AC-41FE-A5F1-71B0249F72D6}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{85138A44-68E5-46C6-99CB-253EA3CF49B1}] => (Allow) D:\Steam\SteamApps\common\Dishonored\Binaries\Win32\Dishonored.exe
FirewallRules: [{DF18D910-74F3-4863-99E1-EBCE80A59D12}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{CD00A9EE-20E9-47C9-8230-261240287ED6}] => (Allow) D:\Steam\SteamApps\common\Fallout 3 goty\FalloutLauncher.exe
FirewallRules: [{24D51416-9934-4A18-8C13-3BA1197D4D0E}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{449485F4-500D-40E9-8E64-D0016310E522}] => (Allow) D:\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{0D52EFCD-7B02-47EF-B0E6-F8F4CFCD182C}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{A6CEC478-2034-40E2-A3C7-4DD046D1CF19}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{C54301F9-9CC2-4605-B992-90A78C49C4B9}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E5C5B0F8-3087-493F-AB07-1E6D7057F05E}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{75AE943F-AC9E-49AE-9ABA-C53748D3B7DB}] => (Allow) D:\Origin Games\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{6A60E5BB-3F0E-4522-9154-523F088FD3E6}] => (Allow) D:\Origin Games\Medal of Honor Warfighter\MOHW.exe
FirewallRules: [{20B3908D-25B5-4744-B978-7D6D2908484D}] => (Allow) D:\Steam\SteamApps\common\Codename Gordon\cg.exe
FirewallRules: [{F789F6F3-054D-4195-BCDE-4C148D2D488E}] => (Allow) D:\Steam\SteamApps\common\Codename Gordon\cg.exe
FirewallRules: [{C22A0503-84A2-4858-9280-2358D472FBD2}] => (Allow) D:\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{76078769-A512-460E-BB9F-B3C894696968}] => (Allow) D:\Steam\SteamApps\common\Outlast\OutlastLauncher.exe
FirewallRules: [{00B4EFFA-DA18-4DBC-ADA8-870E4F121EDA}] => (Allow) D:\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{EB7917B9-10C4-4C9B-936F-B12A6281DA77}] => (Allow) D:\Steam\SteamApps\common\ContagionBeta\contagionds.exe
FirewallRules: [{1414C94D-CA2E-4824-A612-C9F5C8C9E785}] => (Allow) D:\Steam\SteamApps\common\Castlevania Lords of Shadow 2 Demo\bin\CLOS2DEMO.exe
FirewallRules: [{E1BD192A-219A-4CFF-BB1B-5058BDDB514D}] => (Allow) D:\Steam\SteamApps\common\Castlevania Lords of Shadow 2 Demo\bin\CLOS2DEMO.exe
FirewallRules: [{A1A7317A-BBAA-47C7-ACF8-DED6E8E4608D}] => (Allow) D:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{B68D8578-7BFA-4E4E-B18D-1CB092FC48D7}] => (Allow) D:\Steam\SteamApps\common\PAYDAY The Heist\payday_win32_release.exe
FirewallRules: [{8FA4AC3B-9719-4CF8-934E-D89499C2B3E7}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{CAEFAF55-605B-4DCD-BA1D-734918AFCEF1}] => (Allow) D:\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{83DA6373-DB52-4384-B58F-EFA7B69F826E}] => (Allow) D:\Steam\SteamApps\common\Showdown\binaries\showdown.exe
FirewallRules: [{8F775263-AE70-449F-9E11-D0B60C239A7C}] => (Allow) D:\Steam\SteamApps\common\Showdown\binaries\showdown.exe
FirewallRules: [TCP Query User{553C3237-C750-44A3-9897-07DD781821E3}D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [UDP Query User{959D165D-A0CA-470B-AC00-E02924E7CEBD}D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe] => (Allow) D:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe
FirewallRules: [TCP Query User{B0FB0F53-5575-4912-A8DF-34145F753609}D:\nether\nether\binaries\win64\nether.exe] => (Allow) D:\nether\nether\binaries\win64\nether.exe
FirewallRules: [UDP Query User{D279B3CE-DF9C-45AB-9928-7D2694EB8E82}D:\nether\nether\binaries\win64\nether.exe] => (Allow) D:\nether\nether\binaries\win64\nether.exe
FirewallRules: [{51CF56C6-54DC-48BC-BA93-22B97534023C}] => (Allow) D:\Steam\SteamApps\common\Cyber Disk\Binaries\Win64\TinyBrains.exe
FirewallRules: [{E13FC783-54EA-43D7-84B8-DD1232B72980}] => (Allow) D:\Steam\SteamApps\common\Cyber Disk\Binaries\Win64\TinyBrains.exe
FirewallRules: [{B2BC2BAA-006E-4A77-93CA-20FB0432B929}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{E23AC2DA-E1A1-4525-A1A2-BB062D6BDA6A}] => (Allow) D:\Steam\SteamApps\common\Half-Life\hl.exe
FirewallRules: [{2502384D-6841-4561-84CA-657637256FA9}] => (Allow) D:\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{0FBDB231-0F66-4F02-BE0E-714DEB14686D}] => (Allow) D:\Steam\SteamApps\common\Antichamber\Binaries\Win32\UDK.exe
FirewallRules: [{E4194A30-D714-489A-8381-58CA5274B81B}] => (Allow) D:\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{5DFD4D1E-E62E-483D-9AED-933F7265A87A}] => (Allow) D:\Steam\SteamApps\common\Hawken\Binaries\Win32\HawkenGame-Win32-Shipping.exe
FirewallRules: [{77C5A47E-F3F8-4918-A3E1-7E6C0B711E0A}] => (Allow) D:\Steam\SteamApps\common\GoGoNippon\GoGoNippon\BGI.exe
FirewallRules: [{59D2BB6F-76EF-4853-8012-D18F47C5B542}] => (Allow) D:\Steam\SteamApps\common\GoGoNippon\GoGoNippon\BGI.exe
FirewallRules: [{E5821BB2-1911-4A74-A18F-CE3A4FF12055}] => (Allow) D:\Steam\SteamApps\common\ConquestOfChampions\ConquestGame.exe
FirewallRules: [{91A0C530-1173-413C-8D38-11F76A9DEE9E}] => (Allow) D:\Steam\SteamApps\common\ConquestOfChampions\ConquestGame.exe
FirewallRules: [{89CE7D59-4C84-43C3-9758-FA14C2029BA4}] => (Allow) D:\Steam\SteamApps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{23B9C30B-F4C6-42D9-946B-E502F4E968C9}] => (Allow) D:\Steam\SteamApps\common\Quake 3 Arena\quake3.exe
FirewallRules: [{7DF6E59B-6739-4405-9917-61E56A001B0E}] => (Allow) D:\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{863368BA-FF5B-453C-8F54-5E4CF0E915B4}] => (Allow) D:\Steam\SteamApps\common\Metal Slug 3\mslug3.exe
FirewallRules: [{83922DAC-6F56-4F2D-9DA8-3B557B0485AB}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{FE18CD3C-C6D9-4E50-8073-61DBA138543F}] => (Allow) D:\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{92B53F19-67F8-4875-8E48-31A6CA7DE04C}] => (Allow) D:\Steam\SteamApps\common\Truck Racer\TruckRacer.exe
FirewallRules: [{17D3A247-480A-45B0-9F8D-2642C4B3F288}] => (Allow) D:\Steam\SteamApps\common\Truck Racer\TruckRacer.exe
FirewallRules: [{F605FD54-374C-49CF-92D6-269F6986C1ED}] => (Allow) D:\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{CE40418B-E8A9-450F-9AB4-B70928EFAC4B}] => (Allow) D:\Steam\SteamApps\common\Cthulhu Saves the World\CSTW.exe
FirewallRules: [{16FBE543-BE33-4615-BBE0-529914E80C60}] => (Allow) D:\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{3ED7453D-CABD-4BA6-95EE-D74A2E442B74}] => (Allow) D:\Steam\SteamApps\common\ARMA Cold War Assault\ColdWarAssault.exe
FirewallRules: [{9685CC6C-F7D8-4F92-9BAB-FAEE4E7C380C}] => (Allow) D:\Steam\SteamApps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{38A6598F-5C11-4B2D-A5D3-40E09C4C7691}] => (Allow) D:\Steam\SteamApps\common\Agarest Generations of War\Agarest.exe
FirewallRules: [{D8C71E3B-7DF9-4C78-9FDA-2904BB523774}] => (Allow) D:\Steam\SteamApps\common\Half Minute Hero\HMH.exe
FirewallRules: [{50FCED8C-A589-44B2-BE63-436EA45067A6}] => (Allow) D:\Steam\SteamApps\common\Half Minute Hero\HMH.exe
FirewallRules: [{B38062D1-DFC7-4F70-A399-3F82D9E6E261}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
FirewallRules: [{9625E253-2292-4664-AF08-78ECF81E08BD}] => (Allow) D:\Steam\SteamApps\common\Grand Theft Auto\WINO\Grand Theft Auto.exe
FirewallRules: [{CE5A0F73-5F3C-452D-BCB8-BB3BD9218842}] => (Allow) D:\Steam\SteamApps\common\TheCatLady\The Cat Lady.exe
FirewallRules: [{B7D7E574-1CDB-4ED5-B1A6-921A9A96AB28}] => (Allow) D:\Steam\SteamApps\common\TheCatLady\The Cat Lady.exe
FirewallRules: [{CAC44CBC-EED3-4FA9-B682-CD8BB263B783}] => (Allow) D:\Steam\SteamApps\common\NZA\bin\NZA.exe
FirewallRules: [{52CF865F-969C-4F18-8371-27E096330606}] => (Allow) D:\Steam\SteamApps\common\NZA\bin\NZA.exe
FirewallRules: [{55122A57-9C9C-4621-8D3B-9A35F6D7B502}] => (Allow) D:\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{D2AE1D59-9075-4C83-8A7B-E74DE78A37BC}] => (Allow) D:\Steam\SteamApps\common\Verdun\Verdun.exe
FirewallRules: [{DC81CADB-6DAD-43EA-8A71-BA8407BEFD4D}] => (Allow) D:\Steam\SteamApps\common\BGT\DjinniSecure.exe
FirewallRules: [{66E63B1F-6F09-4914-AADA-7A072F3CFEDF}] => (Allow) D:\Steam\SteamApps\common\BGT\DjinniSecure.exe
FirewallRules: [{B62BCE3B-5AD9-48AA-958F-F89FC1B4030B}] => (Allow) D:\Steam\SteamApps\common\ARMA 2 Free\ArmA2Free.exe
FirewallRules: [{8E6CBE35-C39A-44CB-BB63-614ADE688BBE}] => (Allow) D:\Steam\SteamApps\common\ARMA 2 Free\ArmA2Free.exe
FirewallRules: [{6C9967EB-5FE5-480D-9C87-D1431F3442F0}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{0FDAB42B-EDCE-40BB-9387-3C78245CA66A}] => (Allow) D:\Steam\bin\steamwebhelper.exe
FirewallRules: [{01ADF390-EF82-4048-9DFD-61A1330D5511}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{6FAA8E66-6B1D-463F-B427-023F273FF899}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Nexuiz.exe
FirewallRules: [{268C3BD9-5EE6-4244-941C-B37E297A0DEA}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{4DBD873B-D8E2-44B1-8CD5-D71E550EA472}] => (Allow) D:\Steam\SteamApps\common\Nexuiz\Bin32\Editor.exe
FirewallRules: [{0DBED09A-B3AC-454B-9A28-62E7377DD7EF}] => (Allow) D:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{861F7601-6425-42B4-AB88-2C6EB27E61B8}] => (Allow) D:\Steam\SteamApps\common\Valiant Hearts\Valiant Hearts.exe
FirewallRules: [{F219B15C-9663-47F5-801D-F312B828F5BB}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{9DADF001-8CE5-4755-B49F-D335EC511D3C}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{FB13A9E2-E8DB-4B1D-B8F4-901178388459}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{749D0004-DD04-429B-8334-5E19D5F720B3}] => (Allow) D:\Steam\SteamApps\common\Child of Light\ChildofLight.exe
FirewallRules: [{0EECD6E6-F27D-4F9C-8BC4-8686B5A6D931}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{7E8394A5-B817-4EE0-8BA0-63170F4F4D34}] => (Allow) D:\Steam\SteamApps\common\NARUTO SHIPPUDEN Ultimate Ninja STORM 3 Full Burst\NS3FB_launcher.exe
FirewallRules: [{199C78E6-FA73-4458-B579-AE51C1D0F137}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{7D8DA823-CB0F-4615-BFFE-37E2CACCF2DB}] => (Allow) D:\Steam\SteamApps\common\ShadowOfMordor\x64\ShadowOfMordor.exe
FirewallRules: [{A738A2FD-BC66-4586-9768-56924D202A6E}] => (Allow) D:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [{FACA51FC-4BC1-4504-A9D6-B8769CB3C9C1}] => (Allow) D:\Steam\SteamApps\common\BorderlandsPreSequel\Binaries\Win32\Launcher.exe
FirewallRules: [TCP Query User{0C4AE6C0-E53A-4579-B6AA-F6DEF745B3A4}D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [UDP Query User{902F9358-DDD0-49C5-96DC-B3B08FD104D2}D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe] => (Allow) D:\steam\steamapps\common\borderlandspresequel\binaries\win32\borderlandspresequel.exe
FirewallRules: [{5B746054-CA94-4DC8-8CD0-C68C53449495}] => (Allow) D:\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{4C003BC8-DFF2-43FF-BF64-F4C1AA7229C4}] => (Allow) D:\Steam\SteamApps\common\SplitSecond\SplitSecond.exe
FirewallRules: [{BB414C0A-F25D-4628-BF30-5E2D95896C0D}] => (Allow) C:\Users\Evilsin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{AE578990-B6B3-4DD8-BECA-52A1ABFB5E36}] => (Allow) C:\Users\Evilsin\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{DC17A39D-023D-4BE6-8FAE-CE148541BCBA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{1A8D08C0-1133-4512-969A-2D8F6000BC40}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
FirewallRules: [{C561B0D0-A9BB-4B18-8BB0-967F94AACD5A}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{EB5673E1-A8A2-44D1-9A03-70FA20543F61}] => (Allow) D:\Battle.net\Battle.net.exe
FirewallRules: [{816EC391-A89C-41EF-AF32-E52F984D2839}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [{9DED9A5E-015F-4328-AE6F-E8D40DDDA547}] => (Allow) D:\Diablo III\Diablo III.exe
FirewallRules: [TCP Query User{7B5569B9-D74D-4902-B1FE-CD08F62063B6}D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [UDP Query User{18C498FE-0B63-42E2-AD7C-A26E6D406BF6}D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe] => (Block) D:\steam\steamapps\common\outlast\binaries\win64\olgame.exe
FirewallRules: [{152518FA-8387-4CAE-A742-ED8726F4259F}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{907D90C9-B6B6-44F7-8428-C0679C264FA9}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9C23133B-17FF-44FC-B9A5-C388BBAB9520}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\MxUp.exe
FirewallRules: [{63C237AE-AFEC-4C79-8198-031D3B17A6C8}] => (Allow) C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
FirewallRules: [{9E41341D-DE6E-4F86-BF51-C1AB2D3FE2F4}] => (Allow) D:\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{86E1F757-9D7D-4F02-8BDE-A614EE00C801}] => (Allow) D:\Steam\SteamApps\common\Duke Nukem 3D\bin\dosbox\dosbox.exe
FirewallRules: [{3F767A6E-50DA-4FAB-9EDE-4D486C738141}] => (Allow) D:\Steam\SteamApps\common\Recettear\recettear.exe
FirewallRules: [{044AC12A-AB58-460C-B33C-7E6BADB51CBC}] => (Allow) D:\Steam\SteamApps\common\Recettear\recettear.exe
FirewallRules: [{26C7252E-083F-402A-9A9B-1CE743060D38}] => (Allow) D:\Steam\SteamApps\common\Recettear\custom.exe
FirewallRules: [{BFA6466A-9A37-4AEA-906F-7EB820621907}] => (Allow) D:\Steam\SteamApps\common\Recettear\custom.exe
FirewallRules: [TCP Query User{9743C03D-98FC-4615-BE42-D5E858385519}D:\singularity\binaries\singularity.exe] => (Block) D:\singularity\binaries\singularity.exe
FirewallRules: [UDP Query User{BF9B28DB-240A-4D6F-9592-439D4C7F4CDE}D:\singularity\binaries\singularity.exe] => (Block) D:\singularity\binaries\singularity.exe
FirewallRules: [{3338F006-BF29-4099-BE0D-62FF14565024}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F022AD7B-9E8A-4500-96D3-C716E4D0C162}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{93811A85-51A4-4700-B29A-28B608BF1BAF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{76D6CBAC-76C2-45F4-898F-C84ACC8DBBDD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{D1209F56-64A8-4CE2-91B4-C17DAB1AE88A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{F3AE9A28-FC2A-4A11-89C0-9DBDA7246AA2}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [TCP Query User{B6117181-4817-4162-A693-A6D682FB4FA4}C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [UDP Query User{5E893497-15D5-4EEE-BB46-F30FBBE2178E}C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe] => (Allow) C:\users\evilsin\appdata\local\hola\firefox\app\hola_plugin.exe
FirewallRules: [{CF2EFE9A-B0B1-497D-8C2E-58373BB672FF}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{40835787-AC66-47C7-9C46-2D72FBC2CE95}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3632\Agent.exe
FirewallRules: [{10CD588D-5777-4A47-90A3-638CF2607787}] => (Allow) C:\Program Files (x86)\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{50170AD7-3CAF-4220-8C56-924545AF0002}] => (Allow) C:\Program Files (x86)\WiFi HotSpot Creator\WiFi HotSpot Creator.exe
FirewallRules: [{8F0CF80C-08D5-4131-A0FD-7520C50D2D63}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{D45FF2A2-0D12-4450-9D29-CAD9706B1624}] => (Allow) D:\Steam\SteamApps\common\Don't Starve Together Beta\bin\dontstarve_steam.exe
FirewallRules: [{509220CC-4D02-4F1E-B4F6-1A290602F389}] => (Allow) C:\Program Files (x86)\Activision\Prototype\prototypef.exe
FirewallRules: [{78EC6B99-3531-46B0-AFBD-1F72176A4442}] => (Allow) C:\Program Files (x86)\Activision\Prototype\prototypef.exe
FirewallRules: [TCP Query User{C35582B3-0346-4A43-A900-E2293107F187}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [UDP Query User{62E71DFD-EBE4-4DF1-A773-514AC157AA31}C:\windows\syswow64\ftp.exe] => (Block) C:\windows\syswow64\ftp.exe
FirewallRules: [TCP Query User{F0A4327B-0EF3-49F8-8061-61D9B32A1D71}C:\program files (x86)\aoe2\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\aoe2\age2_x1\age2_x1.exe
FirewallRules: [UDP Query User{C8960EE2-FBE6-4443-9A7D-4021A503582F}C:\program files (x86)\aoe2\age2_x1\age2_x1.exe] => (Block) C:\program files (x86)\aoe2\age2_x1\age2_x1.exe
FirewallRules: [TCP Query User{E18C5E6D-6283-441F-B547-4615F3A1D53D}C:\program files (x86)\aoe2\age2_x1_1.0e_1366x768.exe] => (Block) C:\program files (x86)\aoe2\age2_x1_1.0e_1366x768.exe
FirewallRules: [UDP Query User{AC927F91-BC8C-443F-A4C7-965A20B60980}C:\program files (x86)\aoe2\age2_x1_1.0e_1366x768.exe] => (Block) C:\program files (x86)\aoe2\age2_x1_1.0e_1366x768.exe
 
==================== Faulty Device Manager Devices =============
 
Name: Broadcom Virtual Wireless Adapter
Description: Broadcom Virtual Wireless Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BcmVWL
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: DW1501 Wireless-N WLAN Half-Mini Card
Description: DW1501 Wireless-N WLAN Half-Mini Card
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Broadcom
Service: BCM43XX
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/24/2015 09:58:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 7.6.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 4d0
 
Start Time: 01d0ae3629a2b0bd
 
Termination Time: 0
 
Application Path: C:\Users\Evilsin\Desktop\FRST64.exe
 
Report Id: 739c7829-1a29-11e5-bb16-f04da2b7b1f6
 
Error: (06/10/2015 09:43:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: age2_x1_1.0e_1366x768.exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Faulting module name: age2_x1_1.0e_1366x768.exe, version: 0.7.26.809, time stamp: 0x3b7433ec
Exception code: 0xc0000005
Fault offset: 0x0002d520
Faulting process id: 0x13a0
Faulting application start time: 0xage2_x1_1.0e_1366x768.exe0
Faulting application path: age2_x1_1.0e_1366x768.exe1
Faulting module path: age2_x1_1.0e_1366x768.exe2
Report Id: age2_x1_1.0e_1366x768.exe3
 
Error: (06/08/2015 10:04:44 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: A critical system process, C:\Windows\system32\lsass.exe, failed with status code 1.  The machine must now be restarted.
 
Error: (05/27/2015 11:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0055e221
Faulting process id: 0x2bc
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/27/2015 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0xa0c
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/23/2015 11:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MagicISO.exe version 5.5.0.281 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: ebc
 
Start Time: 01d09582ed3e1267
 
Termination Time: 0
 
Application Path: C:\Program Files (x86)\MagicISO\MagicISO.exe
 
Report Id: 5d27c831-0176-11e5-ae08-f04da2b7b1f6
 
Error: (05/23/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/22/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/21/2015 11:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x624
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
Error: (05/21/2015 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Faulting module name: Launch.exe, version: 1.0.1.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x007ddeca
Faulting process id: 0x162c
Faulting application start time: 0xLaunch.exe0
Faulting application path: Launch.exe1
Faulting module path: Launch.exe2
Report Id: Launch.exe3
 
 
System errors:
=============
Error: (06/24/2015 09:48:25 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (06/24/2015 09:47:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/24/2015 09:47:55 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management & Security Application User Notification Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The PnkBstrA service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (06/24/2015 09:47:30 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bluetooth Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office:
=========================
Error: (06/24/2015 09:58:35 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe7.6.2015.04d001d0ae3629a2b0bd0C:\Users\Evilsin\Desktop\FRST64.exe739c7829-1a29-11e5-bb16-f04da2b7b1f6
 
Error: (06/10/2015 09:43:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: age2_x1_1.0e_1366x768.exe0.7.26.8093b7433ecage2_x1_1.0e_1366x768.exe0.7.26.8093b7433ecc00000050002d52013a001d0a333c8237ec5C:\Program Files (x86)\AoE2\age2_x1_1.0e_1366x768.exeC:\Program Files (x86)\AoE2\age2_x1_1.0e_1366x768.exe1166459c-0f27-11e5-8cf3-f04da2b7b1f6
 
Error: (06/08/2015 10:04:44 AM) (Source: Wininit) (EventID: 1015) (User: )
Description: C:\Windows\system32\lsass.exe1
 
Error: (05/27/2015 11:58:29 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c00000050055e2212bc01d0983643efe68cD:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exe96859e06-0439-11e5-bc22-f04da2b7b1f6
 
Error: (05/27/2015 10:02:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddecaa0c01d09831db2001deD:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exe6fb9bb80-0429-11e5-bc22-f04da2b7b1f6
 
Error: (05/23/2015 11:36:06 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: MagicISO.exe5.5.0.281ebc01d09582ed3e12670C:\Program Files (x86)\MagicISO\MagicISO.exe5d27c831-0176-11e5-ae08-f04da2b7b1f6
 
Error: (05/23/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/22/2015 11:29:01 AM) (Source: Google Update) (EventID: 20) (User: EVILSIN)
Description: Network Request Error.
Error: 0x80042194. Http status code: 404.
Trying config: source=IE, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80042194. Http status code 404.
 
Error: (05/21/2015 11:56:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca62401d093f3937c9563D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.exeddd8ce6a-ffe6-11e4-8705-f04da2b7b1f6
 
Error: (05/21/2015 11:55:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Launch.exe1.0.1.000000000Launch.exe1.0.1.000000000c0000005007ddeca162c01d093f380c1e4d3D:\Dynasty Warriors 8 Empires\Launch.exeD:\Dynasty Warriors 8 Empires\Launch.execc33ef13-ffe6-11e4-8705-f04da2b7b1f6
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 33%
Total physical RAM: 3958.68 MB
Available physical RAM: 2643.86 MB
Total Pagefile: 7915.57 MB
Available Pagefile: 6398.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
 
==================== Drives ================================
 
Drive c: (Ace) (Fixed) (Total:97.56 GB) (Free:21.16 GB) NTFS
Drive d: (Evilsin) (Fixed) (Total:368.1 GB) (Free:53.18 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 8BD01A45)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=368.1 GB) - (Type=07 NTFS)
 
==================== End of log ============================


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,041 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:38 PM

Posted 24 June 2015 - 06:55 AM

Hi Ace_Evilsin,
 
How is the computer running now?
 
Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Emsisoft log
  • ESET log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users