Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 Rootkit Virus


  • This topic is locked This topic is locked
5 replies to this topic

#1 dirtypiratehooker

dirtypiratehooker

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:My Mom's basement
  • Local time:11:24 AM

Posted 15 February 2016 - 02:17 PM

Mod Edit: Moved to Virus ... Removal logs ~~ boopme


Before I even get to my issue, let me introduce myself as this is my first post ever in a forum, and I don't want to come off as a noob who throws a tantrum like a red-headed step child with bad gingervitus that cries like a baby if he doesn't get his way.  I am proficient when it comes to basic computing with a little advanced knowledge in simple problem solving, and I would greatly appreciate any help you can give me with this problem I've been having since I upgraded to Windows 10.  To be honest I think my ex played a part, but I won't point the finger unless I'm 100% positive.  Attached is a DDS.com log of my system which is a Dell 3647 Pentium ® Processor 4GB RAM and the DDS application was not run as administrator since the option disappeared on my right click menu.
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Matt at 11:09:13 on 2016-02-15
#Option Extended Search is enabled.
Microsoft Windows 10 Pro  10.0.10586.0.1252.1.1033.18.4047.1853 [GMT -8:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Kaspersky Internet Security *Enabled/Updated* {B41C7598-35F6-4D89-7D0E-7ADE69B4047B}
SP: Kaspersky Internet Security *Enabled/Updated* {0F7D947C-13CC-4207-47BE-41AC12334EC6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {8C27F4BD-7F99-4CD1-5651-D3EB97674300}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
C:\Windows\SysWOW64\nlssrv32.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\WINDOWS\System32\taskhostw.exe
C:\WINDOWS\System32\sihost.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\system32\mmc.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uLocal Page = %11%\blank.htm
mStart Page = about:blank
BHO: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - <orphaned>
uPolicies-Explorer: NoDriveTypeAutoRun = dword:255
uPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{239c7a5e-37d0-4e78-9c01-0194f873c9c0} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{C82EA4B8-AB50-49EE-BFD3-AD34CBE55EA9} : NameServer = 8.8.8.8 8.8.4.4
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = about:blank
x64-BHO: Kaspersky Protection plugin: {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-TB: Kaspersky Protection toolbar: {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-Explorer: MemCheckBoxInRunDlg = dword:1
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 cm_km;Kaspersky Lab ZAO Cryptographic Module x64 (Weak);C:\WINDOWS\System32\drivers\cm_km.sys [2015-7-6 389816]
R0 klbackupdisk;Kaspersky Lab klbackupdisk;C:\WINDOWS\System32\drivers\klbackupdisk.sys [2015-6-6 53432]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-29 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-29 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-29 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-29 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-29 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-29 8192]
R1 klbackupflt;Kaspersky Lab klbackupflt;C:\WINDOWS\System32\drivers\klbackupflt.sys [2015-6-27 70512]
R1 klhk;Kaspersky Lab service driver;C:\WINDOWS\System32\drivers\klhk.sys [2016-2-2 227512]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\WINDOWS\System32\drivers\klim6.sys [2015-6-11 39608]
R1 klpd;Kaspersky Lab format recognizer driver;C:\WINDOWS\System32\drivers\klpd.sys [2015-6-8 41352]
R1 klwfp;klwfp;C:\WINDOWS\System32\drivers\klwfp.sys [2015-6-26 87944]
R1 Klwtp;Klwtp;C:\WINDOWS\System32\drivers\klwtp.sys [2015-6-16 102584]
R1 kneps;kneps;C:\WINDOWS\System32\drivers\kneps.sys [2015-6-23 187056]
R2 AVP16.0.0;Kaspersky Anti-Virus Service 16.0.0;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [2015-7-9 194000]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-29 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R2 kldisk;kldisk;C:\WINDOWS\System32\drivers\kldisk.sys [2015-6-6 68280]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-29 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2016-1-15 102912]
R3 BtFilter;BtFilter;C:\WINDOWS\System32\drivers\btfilter.sys [2016-1-15 618720]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-1-29 245760]
R3 klflt;Kaspersky Lab Kernel DLL;C:\WINDOWS\System32\drivers\klflt.sys [2016-2-2 181640]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\WINDOWS\System32\drivers\klkbdflt.sys [2015-6-6 41656]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\WINDOWS\System32\drivers\klmouflt.sys [2015-6-7 41656]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-29 20480]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-29 216064]
R4 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2016-1-15 255472]
R4 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-2-15 25816]
R4 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2012-1-31 66560]
S0 klelam;klelam;C:\WINDOWS\System32\drivers\klelam.sys [2015-6-24 30328]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-29 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-29 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-29 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-29 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-29 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-29 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-1-29 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 diagnosticshub.standardcollector.service;Microsoft ® Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-29 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-29 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-29 50016]
S3 iai2c;Intel® Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-29 81408]
S3 iaLPSS2i_I2C;Intel® Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-29 165888]
S3 iaLPSSi_GPIO;Intel® Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-29 38128]
S3 iaLPSSi_I2C;Intel® Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-29 113152]
S3 iaStorAV;Intel® SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-29 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-29 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-29 117760]
S3 intelpep;Intel® Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-29 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-29 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-29 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-29 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-29 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-29 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-29 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-29 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-29 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 Revoflt;Revoflt;C:\WINDOWS\System32\drivers\revoflt.sys [2016-1-22 31800]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-29 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-29 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-29 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-29 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-29 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-29 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-29 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-29 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-29 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-29 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-29 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-29 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-29 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-29 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-29 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-29 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-29 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-29 118112]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-29 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-29 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-29 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-29 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-29 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-29 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-29 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S4 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-29 43944]
S4 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S4 mbamchameleon;mbamchameleon;C:\WINDOWS\System32\drivers\mbamchameleon.sys [2016-2-15 109272]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-2-15 1135416]
S4 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-2-15 64216]
S4 MFE_RR;MFE_RR;C:\Users\Matt\AppData\Local\Temp\mfe_rr.sys [2016-2-15 24120]
S4 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S4 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-29 364464]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 60 ================
.
2016-02-15 15:13:56    --------    d-----w-    C:\TDSSKiller_Quarantine
2016-02-15 12:53:58    --------    d-----w-    C:\WINDOWS\System32\appmgmt
2016-02-15 11:39:56    --------    d-----w-    C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-15 11:30:00    --------    d-----w-    C:\Users\Matt\AppData\Local\LockerUnlocker
2016-02-15 11:24:59    --------    d-----w-    C:\matt
2016-02-15 11:24:08    --------    d-----w-    C:\Users\Matt\AppData\Roaming\www.shadowexplorer.com
2016-02-15 11:17:37    --------    d-----w-    C:\Users\Matt\AppData\Roaming\Runscanner.net
2016-02-15 11:08:34    --------    d-----w-    C:\UBCD4Win1
2016-02-15 09:50:15    192216    ----a-w-    C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-02-15 09:50:00    64216    ----a-w-    C:\WINDOWS\System32\drivers\mwac.sys
2016-02-15 09:50:00    25816    ----a-w-    C:\WINDOWS\System32\drivers\mbam.sys
2016-02-15 09:50:00    109272    ----a-w-    C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-02-15 09:50:00    --------    d-----w-    C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-15 06:04:39    --------    d--h--w-    C:\$Windows.~BT
2016-02-15 06:03:38    --------    d--h--w-    C:\$SysReset
2016-02-15 00:11:00    --------    d-----w-    C:\Users\Matt\AppData\Local\Skyrim
2016-02-15 00:10:59    --------    d-----w-    C:\ProgramData\Steam
2016-02-14 06:45:50    --------    d-----w-    C:\ProgramData\ASUS Smart Gesture
2016-02-14 06:36:32    --------    d-----w-    C:\Program Files (x86)\ASUS
2016-02-14 06:23:25    --------    d-----w-    C:\Users\Matt\AppData\Local\Diagnostics
2016-02-14 05:04:50    --------    d-----w-    C:\Program Files (x86)\Bethesda Softworks
2016-02-13 21:55:12    --------    d-----w-    C:\Users\Matt\AppData\Local\AWSToolkit
2016-02-13 21:55:11    --------    d-----w-    C:\Program Files (x86)\ClockworkMod
2016-02-13 21:54:33    --------    d-----w-    C:\Program Files (x86)\One Click Root
2016-02-13 21:53:28    --------    d-----w-    C:\Users\Matt\AppData\Roaming\One Click Root
2016-02-13 11:29:16    --------    d-----w-    C:\Users\Matt\.vnc
2016-02-13 11:26:45    --------    d-----w-    C:\Users\Matt\AppData\Roaming\Yahoo
2016-02-13 11:26:43    --------    d-----w-    C:\Users\Matt\AppData\Local\YSearchUtil
2016-02-13 11:24:21    --------    d-----w-    C:\Users\Matt\.oracle_jre_usage
2016-02-13 11:23:01    --------    d-----w-    C:\ProgramData\Oracle
2016-02-12 23:12:54    --------    d-----w-    C:\Program Files (x86)\EaseUS
2016-02-12 23:09:41    --------    d-----w-    C:\ProgramData\RealVNC-Service
2016-02-12 23:09:30    --------    d-----w-    C:\Program Files\RealVNC
2016-02-12 22:50:20    --------    d-----w-    C:\Users\Matt\AppData\Local\RealVNC
2016-02-12 07:48:36    --------    d-----w-    C:\Program Files\iPod
2016-02-12 07:48:36    --------    d-----w-    C:\Program Files (x86)\iTunes
2016-02-12 07:48:32    --------    d-----w-    C:\Program Files\iTunes
2016-02-12 07:47:57    --------    d-----w-    C:\Program Files\Bonjour
2016-02-12 07:47:57    --------    d-----w-    C:\Program Files (x86)\Bonjour
2016-02-11 13:04:49    --------    d-----w-    C:\AdwCleaner
2016-02-11 06:18:36    --------    d-----w-    C:\FRST
2016-02-11 06:18:04    --------    d-----w-    C:\ProgramData\Malwarebytes
2016-02-11 06:18:04    --------    d-----w-    C:\Program Files\Malwarebytes
2016-02-10 22:44:45    --------    d-----w-    C:\WINDOWS\System32\%LocalAppData%
2016-02-09 08:34:59    --------    d-----w-    C:\WINDOWS\System32\BestPractices
2016-02-09 08:34:59    --------    d-----w-    C:\WINDOWS\ADAM
2016-02-05 04:44:15    --------    d-----w-    C:\Users\Matt\AppData\Roaming\HTC
2016-02-05 04:44:04    --------    d-----w-    C:\Users\Matt\AppData\Local\HTC MediaHub
2016-02-05 04:43:57    --------    d-----w-    C:\Users\Matt\.android
2016-02-05 04:43:54    --------    d-----w-    C:\ProgramData\HTC
2016-02-05 04:43:00    --------    d-----w-    C:\Program Files (x86)\HTC
2016-02-03 10:39:09    --------    d-----w-    C:\Users\Matt\AppData\Roaming\Filter Forge 4
2016-02-03 10:37:26    1030144    ----a-w-    C:\WINDOWS\SysWow64\dbghelp-xfw.dll
2016-02-03 10:37:18    --------    d-----w-    C:\Program Files (x86)\Filter Forge 4
2016-02-02 12:50:11    110176    ----a-w-    C:\WINDOWS\System32\klfphc.dll
2016-02-02 12:49:54    --------    d-----w-    C:\ProgramData\Kaspersky Lab
2016-02-02 12:49:54    --------    d-----w-    C:\Program Files (x86)\Kaspersky Lab
2016-02-02 12:49:40    227512    ----a-w-    C:\WINDOWS\System32\drivers\klhk.sys
2016-02-02 12:49:40    181640    ----a-w-    C:\WINDOWS\System32\drivers\klflt.sys
2016-02-02 01:48:18    11154520    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A83CDAB4-5CFD-48DB-AAE8-CA7FBD4181C1}\mpengine.dll
2016-01-31 23:07:19    11154520    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-01-31 08:05:53    9216    ----a-w-    C:\WINDOWS\System32\cpn64.dll
2016-01-31 08:05:53    7168    ----a-w-    C:\WINDOWS\SysWow64\cpn32.dll
2016-01-31 04:02:37    --------    d-----w-    C:\WINDOWS\System32\SleepStudy
2016-01-31 01:34:13    --------    d-----w-    C:\Program Files (x86)\AirDroid
2016-01-30 21:16:59    1316056    ----a-w-    C:\WINDOWS\System32\RTCOM64.dll
2016-01-30 21:15:58    712296    ----a-w-    C:\WINDOWS\System32\DTSSymmetryDLL64.dll
2016-01-30 21:11:36    2825944    ----a-w-    C:\WINDOWS\RtlExUpd.dll
2016-01-30 21:08:04    --------    d-----w-    C:\Program Files (x86)\Realtek
2016-01-30 21:07:34    --------    d--h--w-    C:\Program Files (x86)\Temp
2016-01-30 08:47:29    --------    d-----w-    C:\NewsFeed
2016-01-29 21:53:26    1190000    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C352443D-694F-431D-90A4-4F721387278A}\gapaengine.dll
2016-01-29 21:11:55    --------    d-----w-    C:\Users\Matt\AppData\Local\Devolutions
2016-01-29 21:10:29    --------    d-----w-    C:\Program Files (x86)\Devolutions
2016-01-29 21:09:21    --------    d-----w-    C:\ProgramData\PC1Data
2016-01-29 20:15:35    --------    d-----w-    C:\Users\Matt\AppData\Roaming\BSplayer PRO
2016-01-29 20:08:56    --------    d-----w-    C:\Users\Matt\AppData\Local\Comms
2016-01-29 19:58:36    --------    d-----w-    C:\WINDOWS\KMSServerService
2016-01-29 19:58:26    --------    d-----w-    C:\WINDOWS\AutoKMS
2016-01-29 19:57:48    4608    ----a-w-    C:\WINDOWS\SECOH-QAD.exe
2016-01-29 19:57:47    3584    ----a-w-    C:\WINDOWS\SECOH-QAD.dll
2016-01-29 19:51:31    --------    d-----w-    C:\Users\Matt\AppData\Local\ActiveSync
2016-01-29 15:57:44    --------    d-sh--we    C:\ProgramData\Documents
2016-01-29 15:57:42    --------    d-sh--w-    C:\Recovery
2016-01-29 15:49:05    --------    d-----w-    C:\WINDOWS\System32\wbem\Performance
2016-01-29 15:45:04    --------    d-----w-    C:\WINDOWS\System32\wbem\MOF\good
2016-01-29 15:45:04    --------    d-----w-    C:\WINDOWS\System32\wbem\MOF\bad
2016-01-29 15:34:02    --------    d-----w-    C:\Program Files (x86)\ATI Technologies
2016-01-29 15:33:46    --------    d-----w-    C:\ProgramData\Package Cache
2016-01-29 15:33:10    0    ----a-w-    C:\WINDOWS\ativpsrm.bin
2016-01-29 15:33:06    --------    d-----w-    C:\Program Files\Common Files\ATI Technologies
2016-01-29 15:32:58    --------    d-----w-    C:\Program Files\AMD
2016-01-29 15:32:29    --------    d-----w-    C:\WINDOWS\System32\SRSLabs
2016-01-29 15:32:15    --------    d-----w-    C:\WINDOWS\SysWow64\RTCOM
2016-01-29 15:32:10    --------    d-----w-    C:\Program Files\Common Files\Atheros
2016-01-29 15:31:45    2718208    ----a-w-    C:\WINDOWS\SysWow64\PrintConfig.dll
2016-01-29 15:29:32    --------    d-----w-    C:\WINDOWS\System32\wbem\MOF
2016-01-29 15:27:20    --------    dc----w-    C:\WINDOWS\Panther
2016-01-29 15:24:39    --------    d-----w-    C:\Windows.old
2016-01-29 15:19:16    --------    d-----w-    C:\WINDOWS\System32\Microsoft
2016-01-29 15:15:30    35480    ----a-w-    C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-01-29 15:15:27    778936    ----a-w-    C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-01-29 15:15:13    103120    ----a-w-    C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-01-29 15:14:29    35480    ----a-w-    C:\WINDOWS\System32\TsWpfWrp.exe
2016-01-29 15:14:29    124624    ----a-w-    C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-01-29 15:14:29    1166520    ----a-w-    C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-01-29 15:14:01    1087488    ----a-w-    C:\WINDOWS\System32\reseteng.dll
2016-01-27 23:12:24    --------    d-----w-    C:\Program Files (x86)\AMD
2016-01-27 22:57:46    --------    d-----w-    C:\RegBackup
2016-01-27 22:57:25    --------    d-----w-    C:\Program Files (x86)\Tweaking.com
2016-01-27 22:53:11    --------    d-----w-    C:\Users\Matt\AppData\Roaming\library_dir
2016-01-27 22:52:28    --------    d-----w-    C:\ProgramData\CSIS
2016-01-27 20:19:00    4318760    ----a-w-    C:\WINDOWS\System32\drivers\athw10x.sys
2016-01-27 20:01:17    819200    ----a-w-    C:\WINDOWS\SysWow64\xvidcore.dll
2016-01-27 20:01:17    77824    ----a-w-    C:\WINDOWS\SysWow64\xvid.ax
2016-01-27 20:01:17    180224    ----a-w-    C:\WINDOWS\SysWow64\xvidvfw.dll
2016-01-26 22:19:16    --------    d-----w-    C:\ProgramData\IsolatedStorage
2016-01-26 22:15:20    --------    d-----w-    C:\Program Files (x86)\FWsim Pro
2016-01-23 21:46:59    --------    d-----w-    C:\Program Files (x86)\Imagenomic
2016-01-23 04:36:40    --------    d-----w-    C:\Users\Matt\AppData\Local\VS Revo Group
2016-01-23 04:36:33    31800    ----a-w-    C:\WINDOWS\System32\drivers\revoflt.sys
2016-01-23 04:36:33    --------    d-----w-    C:\ProgramData\VS Revo Group
2016-01-23 04:36:28    --------    d-----w-    C:\Program Files\VS Revo Group
2016-01-23 04:36:17    --------    d-----w-    C:\Users\Matt\AppData\Local\Programs
2016-01-23 02:28:26    --------    d-----w-    C:\WINDOWS\pss
2016-01-23 00:51:32    --------    d-----w-    C:\Users\Matt\Mozilla
2016-01-22 16:37:45    --------    d-----w-    C:\Users\Matt\AppData\Local\Sony
2016-01-22 16:37:45    --------    d-----w-    C:\Program Files (x86)\Sony
2016-01-20 20:22:35    --------    d-----w-    C:\ProgramData\Microsoft Toolkit
2016-01-20 00:46:58    --------    d-----w-    C:\Users\Matt\rms
2016-01-20 00:46:57    --------    d-----w-    C:\Users\Matt\AppData\Roaming\Pixar
2016-01-20 00:46:57    --------    d-----w-    C:\ProgramData\.pixartokens
2016-01-19 23:46:37    --------    d-----w-    C:\Program Files\Common Files\Autodesk Shared
2016-01-19 19:17:42    --------    d-----w-    C:\Rem-VBSqt
2016-01-19 04:28:47    --------    d-----r-    C:\Users\Matt\OneDrive
2016-01-18 23:47:06    --------    d-----w-    C:\Users\Matt\AppData\Local\Publishers
2016-01-16 22:35:56    3584    ----a-w-    C:\WINDOWS\System32\ColorEfexPro4FC32.dll
2016-01-16 22:34:02    --------    d-----w-    C:\Program Files\Nik Software
2016-01-16 22:26:40    --------    d-----w-    C:\WINDOWS\Downloaded Installations
2016-01-16 22:24:37    --------    d-----w-    C:\Program Files (x86)\AIST
2016-01-16 22:15:38    --------    d-----w-    C:\ProgramData\RedGiant
2016-01-16 22:14:09    --------    d-----w-    C:\Users\Matt\AppData\Local\Downloaded Installations
2016-01-16 21:57:47    16148    ------w-    C:\WINDOWS\System32\RAIDER-NATION_Matt_HistoryPrediction.bin
2016-01-16 21:50:47    --------    d-----w-    C:\Users\Matt\AppData\Local\Apple Computer
2016-01-16 21:50:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2016-01-16 21:50:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2016-01-16 21:50:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2016-01-16 21:50:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2016-01-16 21:50:01    159744    ----a-w-    C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2016-01-16 20:44:14    --------    d-----w-    C:\Users\Matt\AppData\Roaming\nomacs
2016-01-16 15:29:39    --------    d-----w-    C:\Users\Matt\AppData\Local\PeerDistRepub
2016-01-16 14:28:39    --------    d-----w-    C:\Users\Matt\AppData\Local\ATI
2016-01-16 13:14:07    --------    d-----w-    C:\Program Files (x86)\nomacs
2016-01-16 09:46:21    --------    d-----w-    C:\Users\Matt\AppData\Roaming\PotPlayerMini64
2016-01-16 09:45:06    --------    d-----w-    C:\Program Files\DAUM
2016-01-16 07:55:53    --------    d-----w-    C:\Users\Matt\AppData\Local\AMD
2016-01-16 07:45:35    --------    d-----w-    C:\ProgramData\regid.1986-12.com.adobe
2016-01-16 07:34:23    --------    d-----w-    C:\Users\Matt\AppData\Local\Adobe
2016-01-16 00:30:59    --------    d-----w-    C:\Users\Matt\AppData\Roaming\uTorrent
2016-01-15 20:53:30    --------    d-----w-    C:\Users\Matt\AppData\Local\Mozilla
2016-01-15 20:47:49    --------    d-----w-    C:\Users\Matt\AppData\Local\VirtualStore
2016-01-15 20:35:51    103424    ----a-w-    C:\WINDOWS\System32\DelayAPO.dll
2016-01-15 20:35:51    102912    ----a-w-    C:\WINDOWS\System32\drivers\AtihdWT6.sys
2016-01-15 20:35:42    618720    ----a-w-    C:\WINDOWS\System32\drivers\btfilter.sys
2016-01-15 20:35:42    46200    ----a-w-    C:\WINDOWS\System32\BtContextMenu.dll.muien-US
2016-01-15 20:35:42    246804    ----a-w-    C:\WINDOWS\System32\drivers\AtherosBT.bin
2016-01-15 20:35:42    217720    ----a-w-    C:\WINDOWS\System32\BtContextMenu.dll
2016-01-15 20:35:42    216696    ----a-w-    C:\WINDOWS\System32\btcoinst.dll
2016-01-15 20:31:39    --------    d-----w-    C:\Users\Matt\AppData\Local\MicrosoftEdge
2016-01-15 20:28:01    --------    d-----w-    C:\Users\Matt\AppData\Local\TileDataLayer
2016-01-15 11:08:34    193336    ----a-w-    C:\WINDOWS\System32\drivers\TeeDriverW8x64.sys
2016-01-15 10:24:07    16148    ----a-w-    C:\WINDOWS\System32\DESKTOP-V60199L_Matt_HistoryPrediction.bin
2016-01-15 09:55:01    --------    d-----w-    C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2016-01-15 09:46:14    --------    d-----r-    C:\Users\Matt\Searches
2016-01-15 09:46:14    --------    d-----r-    C:\Users\Matt\Contacts
2016-01-15 09:46:01    --------    d-----w-    C:\Users\Matt\AppData\Local\Packages
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Videos
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Saved Games
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Pictures
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Music
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Links
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Downloads
2016-01-15 09:45:56    --------    d-----r-    C:\Users\Matt\Documents
2016-01-15 09:45:55    16148    ----a-w-    C:\WINDOWS\System32\DESKTOP-V60199L_defaultuser0_HistoryPrediction.bin
2016-01-15 09:34:15    --------    d-sh--w-    C:\Boot
.
==================== Find6M  ====================
.
2016-02-02 12:55:05    87944    ----a-w-    C:\WINDOWS\System32\drivers\klwfp.sys
2016-02-02 12:55:05    41352    ----a-w-    C:\WINDOWS\System32\drivers\klpd.sys
2016-01-15 11:07:20    96752    ----a-w-    C:\WINDOWS\SysWow64\mantleaxl32.dll
2016-01-03 01:40:25    826872    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-01-03 01:40:25    176632    ----a-w-    C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-12-09 21:59:36    94208    ----a-w-    C:\WINDOWS\SysWow64\QuickTimeVR.qtx
2015-12-09 21:59:36    69632    ----a-w-    C:\WINDOWS\SysWow64\QuickTime.qts
2015-12-09 03:39:31    301728    ------w-    C:\WINDOWS\System32\MpSigStub.exe
2015-10-30 09:03:16    6359040    ----a-w-    C:\WINDOWS\System32\NlsData0009.dll
2015-10-30 09:03:16    5739520    ----a-w-    C:\WINDOWS\System32\prm0009.dll
2015-10-30 09:03:16    2629632    ----a-w-    C:\WINDOWS\System32\NlsLexicons0009.dll
2015-10-30 09:03:15    4847616    ----a-w-    C:\WINDOWS\SysWow64\NlsData0009.dll
2015-10-30 09:03:15    2629632    ----a-w-    C:\WINDOWS\SysWow64\NlsLexicons0009.dll
2015-10-30 09:02:01    12288    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2015-10-30 09:02:00    8704    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2015-10-30 09:01:59    7168    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2015-10-30 09:01:59    4096    ----a-w-    C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2015-10-30 09:01:59    3072    ----a-w-    C:\WINDOWS\SysWow64\drivers\UMDF\en-US\SensorsCx.dll.mui
2015-10-30 07:21:31    209408    ----a-w-    C:\WINDOWS\SysWow64\msclmd.dll
2015-10-30 07:21:29    230912    ----a-w-    C:\WINDOWS\System32\msclmd.dll
2015-10-30 07:20:00    926208    ----a-w-    C:\WINDOWS\SysWow64\FXSRESM.dll
2015-10-30 07:20:00    79360    ----a-w-    C:\WINDOWS\SysWow64\FXSCOM.dll
2015-10-30 07:20:00    525824    ----a-w-    C:\WINDOWS\SysWow64\FXSCOMEX.dll
2015-10-30 07:20:00    34816    ----a-w-    C:\WINDOWS\SysWow64\sxproxy.dll
2015-10-30 07:20:00    27136    ----a-w-    C:\WINDOWS\SysWow64\WinFax.dll
2015-10-30 07:20:00    232448    ----a-w-    C:\WINDOWS\SysWow64\FXSAPI.dll
2015-10-30 07:20:00    222208    ----a-w-    C:\WINDOWS\SysWow64\spp.dll
2015-10-30 07:18:47    874    ----a-w-    C:\WINDOWS\System32\manage-bde.wsf
2015-10-30 07:17:59    990720    ----a-w-    C:\WINDOWS\System32\SettingSyncCore.dll
2015-10-30 06:31:04    143360    ----a-w-    C:\WINDOWS\System32\poqexec.exe
2015-10-30 06:31:03    119296    ----a-w-    C:\WINDOWS\SysWow64\poqexec.exe
2015-10-30 06:28:36    901632    ----a-w-    C:\WINDOWS\System32\SmiEngine.dll
2015-10-30 06:28:36    257376    ----a-w-    C:\WINDOWS\System32\wdscore.dll
2015-10-30 06:28:36    202240    ----a-w-    C:\WINDOWS\System32\PkgMgr.exe
2015-10-30 06:28:36    141664    ----a-w-    C:\WINDOWS\System32\SSShim.dll
2015-10-30 06:28:34    622912    ----a-w-    C:\WINDOWS\System32\sxs.dll
2015-10-30 06:28:34    36864    ----a-w-    C:\WINDOWS\System32\sxstrace.exe
2015-10-30 06:28:34    199168    ----a-w-    C:\WINDOWS\SysWow64\PkgMgr.exe
2015-10-30 06:28:34    117080    ----a-w-    C:\WINDOWS\SysWow64\SSShim.dll
2015-10-30 06:28:33    208224    ----a-w-    C:\WINDOWS\SysWow64\wdscore.dll
2015-09-21 12:38:23    16148    ----a-w-    C:\WINDOWS\System32\DESKTOP-HCKHGV8_Administrator_HistoryPrediction.bin
.
============= FINISH: 11:11:04.69 ===============

Edited by boopme, 15 February 2016 - 02:57 PM.


BC AdBot (Login to Remove)

 


#2 dirtypiratehooker

dirtypiratehooker
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:My Mom's basement
  • Local time:11:24 AM

Posted 16 February 2016 - 05:46 AM

Updated vague discovery after trying countless programs as Administrator and on my primary account with Run As Administrator Privileges ever since that option was magically restored without a restart.  The place on my back that I can barely see and can't scratch is in fact a hidden rootkit discovered by SpyDllRemover with the main aggressor being ntoskrnl.dll to which, I discovered, and I'm not sure if it makes a big difference, has an original file name of "ntkrnlmp.exe".  The computer rebooted after trying to end 5 separate explorer.exe processes, and as soon as I ended the "system and compressed memory" process with a PID showing "4" a screen came up saying that a critical process died and the system would automatically log me out and restart.  Below is an updated FRST log.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016
Ran by Matt (administrator) on RAIDER-NATION (16-02-2016 02:39:30)
Running from C:\Users\Matt\Desktop
Loaded Profiles: Matt (Available Profiles: Matt & Administrator)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
(Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\OnDemand\GearsAgentService.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\OnDemand\ondemands\bs\wabpoes.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\OnDemand\ondemands\bs\wabpmsn.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\OnDemand\ondemands\wd\waodwd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\GEARS Client\GearsHelper.exe
(OPSWAT, Inc.) C:\Program Files (x86)\OPSWAT\GEARS Client\Gears.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.)
HKLM-x32\...\Run: [GEARS] => C:\Program Files (x86)\OPSWAT\GEARS Client\GEARS.exe [1726384 2016-01-18] (OPSWAT, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-21-2857735560-990075334-390690746-1002\...\MountPoints2: {2ae3e88e-bb72-11e5-9bc9-c1327e560543} - "G:\HTC_Sync_Manager_PC.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2016-02-16]
ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAHConsole.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Update Notifier.lnk [2016-02-16]
ShortcutTarget: Update Notifier.lnk -> C:\Program Files\WinZip\WZUpdateNotifier.exe (Nico Mak Computing)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2016-02-16]
ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{239c7a5e-37d0-4e78-9c01-0194f873c9c0}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{C82EA4B8-AB50-49EE-BFD3-AD34CBE55EA9}: [NameServer] 8.8.8.8 8.8.4.4

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2857735560-990075334-390690746-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Kaspersky Protection plugin -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-02] (AO Kaspersky Lab)
BHO-x32: No Name -> {C66D064F-82FE-4E1A-B06A-B2490BA48B18} -> No File
Toolbar: HKLM - Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\IEExt\ie_plugin.dll [2016-02-02] (AO Kaspersky Lab)

FireFox:
========
FF ProfilePath: C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default
FF DefaultSearchEngine.US: Multi Web Search
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_286.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_286.dll [No File]
FF Extension: PDF Download - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}.xpi [2016-01-25]
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\artur.dubovoy@gmail.com [2016-01-27]
FF Extension: Rebrand - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\rebrand@extensions.kaply.com.xpi [2016-01-27]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-01-27]
FF Extension: 1-Click YouTube Video Downloader - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\YoutubeDownloader@PeterOlayev.com.xpi [2016-01-27]
FF Extension: SaveAS - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\{018f3160-1a6f-4650-84fd-aad8c13609c8}.xpi [2016-01-27]
FF Extension: Greasemonkey - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2016-01-27]
FF Extension: Menu Wizard - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\s3menu@wizard.xpi [2016-01-27]
FF Extension: Personas Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\personas@christopher.beard.xpi [2016-01-30]
FF Extension: Add-ons Manager Context Menu - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\amcontextmenu@loucypher.xpi [2016-01-30]
FF Extension: Download Manager (S3) - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\s3download@statusbar.xpi [2016-02-02]
FF Extension: SQLite Manager - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\SQLiteManager@mrinalkant.blogspot.com.xpi [2016-02-12]
FF Extension: customize_titlebar_v2 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\customize-titlebar-v2@solc.me.xpi [2016-02-15]
FF Extension: Restart - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\extensions\Restart@schuzak.jp.xpi [2016-02-15]
FF Extension: Kaspersky Protection - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox [2016-02-02]
FF Extension: Diagnostics for Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\abpwatcher@adblockplus.org.xpi [2016-01-27]
FF Extension: Easy Screenshot - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\easyscreenshot@mozillaonline.com [2016-02-15]
FF Extension: F.B. Purity - Cleans Up Facebook - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\fbp@fbpurity.com.xpi [2016-01-27]
FF Extension: YouTube™ Enhancer Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\firefoxaddon@youtubeenhancer.com [2016-02-15]
FF Extension: Webmail Ad Blocker - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\gmailnoads@mywebber.com.xpi [2016-01-27]
FF Extension: YouTube mp3 - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\info@youtube-mp3.org.xpi [2016-01-27]
FF Extension: Facebook™ Disconnect - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\jid0-dBgF7UkIiOsWqvBng4hYu@jetpack.xpi [2016-02-12]
FF Extension: ipswitcher - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\jid0-hjBdm7jJii7llLkqacvGnd3gHge@jetpack.xpi [2016-02-15]
FF Extension: Google search link fix - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2016-02-12]
FF Extension: Lightbeam - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2016-01-27]
FF Extension: Restartless Restart - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\restartless.restart@erikvold.com.xpi [2016-02-15]
FF Extension: Facebook Phishing Protector - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{023e9ca0-63f3-47b1-bcb2-9badf9d9ef28}.xpi [2016-01-27]
FF Extension: Flashblock - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2016-02-15]
FF Extension: YouTube High Definition - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2016-01-27]
FF Extension: Adblock Plus - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-01-27]
FF Extension: Open With Photoshop - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{f3f219f9-cbce-467e-b8fe-6e076d29665c}.xpi [2016-01-30]
FF Extension: Adblock Edge - C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\8v8uwtbg.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2016-01-27]
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_D772DC8D6FAF43A29B25C4EBAA5AD1DE@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\FFExt\light_plugin_firefox

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka
CHR HKLM-x32\...\Chrome\Extension: [eahebamiopdhefndnmappcihfajigkka] - hxxps://chrome.google.com/webstore/detail/eahebamiopdhefndnmappcihfajigkka

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP16.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe [194000 2016-02-02] (Kaspersky Lab ZAO)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2012-01-31] (Nalpeiron Ltd.) [File not signed]
R2 OPSWATGEARSHelper; C:\Program Files (x86)\OPSWAT\GEARS Client\GearsHelper.exe [316848 2016-01-18] (OPSWAT, Inc.)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.)
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WAOnDemand; C:\Program Files (x86)\OPSWAT\OnDemand\GearsAgentService.exe [1000880 2016-01-18] (OPSWAT, Inc.)
S4 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S4 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2016-01-27] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2016-01-15] (Advanced Micro Devices)
R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [389816 2015-07-06] (Kaspersky Lab ZAO)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [478392 2015-06-22] (Kaspersky Lab ZAO)
R0 klbackupdisk; C:\Windows\System32\DRIVERS\klbackupdisk.sys [53432 2015-06-06] (Kaspersky Lab ZAO)
R1 klbackupflt; C:\Windows\System32\DRIVERS\klbackupflt.sys [70512 2015-06-27] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\system32\DRIVERS\kldisk.sys [68280 2015-06-06] (Kaspersky Lab ZAO)
S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [30328 2015-06-24] (Kaspersky Lab)
R3 klflt; C:\Windows\system32\DRIVERS\klflt.sys [181640 2016-02-02] (AO Kaspersky Lab)
R1 klhk; C:\Windows\system32\DRIVERS\klhk.sys [227512 2016-02-02] (AO Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [934272 2016-02-02] (AO Kaspersky Lab)
R1 KLIM6; C:\Windows\system32\DRIVERS\klim6.sys [39608 2015-06-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\system32\DRIVERS\klkbdflt.sys [41656 2015-06-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\system32\DRIVERS\klmouflt.sys [41656 2015-06-07] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [41352 2016-02-02] (AO Kaspersky Lab)
R1 klwfp; C:\Windows\system32\DRIVERS\klwfp.sys [87944 2016-02-02] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\system32\DRIVERS\klwtp.sys [102584 2015-06-16] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\system32\DRIVERS\kneps.sys [187056 2015-06-23] (Kaspersky Lab ZAO)
S4 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-02-15] (Malwarebytes)
S4 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S4 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2016-01-15] (Intel Corporation)
S4 MFE_RR; C:\Users\Matt\AppData\Local\Temp\mfe_rr.sys [24120 2016-02-15] (McAfee, Inc.)
R3 NPF; C:\Windows\System32\drivers\NPF.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 02:39 - 2016-02-16 02:39 - 00015038 _____ C:\Users\Matt\Desktop\FRST.txt
2016-02-16 02:38 - 2016-02-16 02:38 - 02370560 _____ (Farbar) C:\Users\Matt\Desktop\FRST64.exe
2016-02-16 02:38 - 2016-02-16 02:38 - 00000000 ____D C:\ProgramData\OPSWAT
2016-02-16 02:38 - 2016-02-16 02:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OPSWAT
2016-02-16 02:38 - 2016-02-16 02:38 - 00000000 ____D C:\Program Files (x86)\OPSWAT
2016-02-16 02:18 - 2016-02-16 02:18 - 14454784 _____ C:\Users\Matt\Downloads\OPSWAT_GEARS_CLIENT_3445-7c867995737c1853977386e89a5560c5.msi
2016-02-16 01:29 - 2016-02-16 01:29 - 00000000 ____D C:\Users\Administrator\AppData\Local\VS Revo Group
2016-02-16 01:17 - 2016-02-16 01:18 - 00000000 ____D C:\Users\Administrator\AppData\Local\WinZip
2016-02-16 01:17 - 2016-02-16 01:17 - 00002183 _____ C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2016-02-16 01:17 - 2016-02-16 01:17 - 00002177 _____ C:\Users\Public\Desktop\WinZip.lnk
2016-02-16 01:17 - 2016-02-16 01:17 - 00002177 _____ C:\ProgramData\Desktop\WinZip.lnk
2016-02-16 01:17 - 2016-02-16 01:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Nico Mak Computing
2016-02-16 01:17 - 2016-02-16 01:17 - 00000000 ____D C:\ProgramData\WinZip
2016-02-16 01:17 - 2016-02-16 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2016-02-16 01:16 - 2016-02-16 01:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\sola
2016-02-16 01:16 - 2016-02-16 01:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\Setup64881687
2016-02-16 01:16 - 2016-02-16 01:16 - 00000000 ____D C:\Program Files\WinZip
2016-02-16 01:15 - 2016-02-16 01:17 - 00231390 _____ C:\Users\Administrator\Downloads\RootkitRevealer(1).zip
2016-02-16 01:15 - 2016-02-16 01:15 - 01071264 _____ (WinZip) C:\Users\Administrator\Downloads\winzip20-new.exe
2016-02-16 01:13 - 2016-02-16 01:13 - 00231390 _____ C:\Users\Administrator\Downloads\RootkitRevealer.zip
2016-02-16 01:12 - 2016-02-16 01:12 - 00505896 _____ (F-Secure Corporation) C:\Users\Administrator\Downloads\F-SecureOnlineScanner(1).exe
2016-02-16 01:06 - 2016-02-16 01:13 - 00000000 ____D C:\ProgramData\F-Secure
2016-02-16 01:06 - 2016-02-16 01:12 - 00000000 ____D C:\Users\Administrator\AppData\Local\FSDART
2016-02-16 01:06 - 2016-02-16 01:06 - 00505896 _____ (F-Secure Corporation) C:\Users\Administrator\Downloads\F-SecureOnlineScanner.exe
2016-02-16 01:06 - 2016-02-16 01:06 - 00000000 ____D C:\Users\Administrator\AppData\Local\F-Secure
2016-02-16 00:50 - 2016-02-16 00:50 - 00002383 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-16 00:48 - 2016-02-16 00:48 - 00915128 _____ (Riverbed Technology, Inc.) C:\Users\Administrator\Downloads\WinPcap_4_1_3.exe
2016-02-16 00:47 - 2016-02-16 00:47 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Filter Forge 4
2016-02-16 00:41 - 2016-02-16 00:41 - 01636897 _____ C:\Users\Matt\Downloads\FirefoxDownloadUnblocker(3).zip
2016-02-16 00:41 - 2016-02-16 00:41 - 01636897 _____ C:\Users\Matt\Downloads\FirefoxDownloadUnblocker(2).zip
2016-02-16 00:26 - 2016-02-16 00:26 - 01636897 _____ C:\Users\Matt\Downloads\FirefoxDownloadUnblocker(1).zip
2016-02-16 00:25 - 2016-02-16 00:25 - 01636897 _____ C:\Users\Matt\Downloads\FirefoxDownloadUnblocker.zip
2016-02-16 00:24 - 2016-02-16 00:24 - 00000944 _____ C:\Users\Matt\Desktop\sleep on it.txt
2016-02-16 00:13 - 2016-02-16 00:13 - 00306589 _____ C:\Users\Matt\Downloads\AdvancedWinServiceManager(1).zip
2016-02-16 00:06 - 2016-02-16 00:06 - 00306589 _____ C:\Users\Matt\Downloads\AdvancedWinServiceManager.zip
2016-02-15 23:43 - 2016-02-15 23:44 - 00000000 ____D C:\Users\Matt\Downloads\TMRBLog
2016-02-15 23:43 - 2016-02-15 23:43 - 00000000 ____D C:\Users\Matt\Downloads\log
2016-02-15 23:33 - 2016-02-16 01:00 - 00000000 ____D C:\Program Files (x86)\WinPcap
2016-02-15 23:33 - 2016-02-15 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
2016-02-15 23:32 - 2016-02-15 23:32 - 06229392 _____ (Trend Micro, Inc. ) C:\Users\Matt\Downloads\RUBottedSetup.exe
2016-02-15 23:32 - 2016-02-15 23:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted
2016-02-15 23:32 - 2016-02-15 23:32 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2016-02-15 23:06 - 2016-02-15 23:06 - 02083564 _____ C:\Users\Matt\Downloads\SpyDLLRemover.zip
2016-02-15 23:06 - 2016-02-15 23:06 - 02083564 _____ C:\Users\Matt\Downloads\SpyDLLRemover(1).zip
2016-02-15 23:05 - 2016-02-15 23:43 - 00000000 ____D C:\Users\Matt\Desktop\TMRBLog
2016-02-15 23:05 - 2016-02-15 23:05 - 14880768 _____ (Trend Micro Inc.) C:\Users\Matt\Downloads\RootkitBusterV5.0-1198x64.exe
2016-02-15 23:05 - 2016-02-15 23:05 - 14880768 _____ (Trend Micro Inc.) C:\Users\Matt\Desktop\RootkitBusterV5.0-1198x64.exe
2016-02-15 23:03 - 2016-02-15 23:03 - 07269656 _____ (Bitdefender LLC) C:\Users\Matt\Downloads\BootkitRemoval_x86.exe
2016-02-15 23:02 - 2016-02-15 23:02 - 11427128 _____ (Bitdefender LLC) C:\Users\Matt\Desktop\BootkitRemoval_x64.exe
2016-02-15 21:00 - 2016-02-13 07:45 - 91881004 ____N C:\Users\Matt\Desktop\Record_0001.wav
2016-02-15 21:00 - 2016-02-13 07:45 - 34447404 ____N C:\Users\Matt\Desktop\Record_0002.wav
2016-02-15 18:26 - 2016-02-15 18:26 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\uTorrent
2016-02-15 18:25 - 2016-02-15 18:25 - 02071552 _____ (BitTorrent Inc.) C:\Users\Matt\Downloads\uTorrent.exe
2016-02-15 16:31 - 2016-02-15 16:31 - 00388608 _____ (Trend Micro Inc.) C:\Users\Matt\Desktop\HijackThis.exe
2016-02-15 11:11 - 2016-02-15 11:11 - 00016830 _____ C:\Users\Matt\Desktop\attach.txt
2016-02-15 11:08 - 2016-02-15 11:08 - 00688992 ____R (Swearware) C:\Users\Matt\Desktop\dds.com
2016-02-15 11:08 - 2016-02-15 11:08 - 00688992 _____ (Swearware) C:\Users\Matt\Downloads\dds(1).com
2016-02-15 09:55 - 2016-02-15 09:56 - 00000000 ____D C:\Users\Matt\Desktop\autoi
2016-02-15 09:55 - 2016-02-15 09:55 - 00615478 _____ C:\Users\Matt\Downloads\Autoruns.zip
2016-02-15 09:28 - 2016-02-15 09:28 - 00001018 _____ C:\Users\Matt\Desktop\Daum Potplayer-64 Bits.lnk
2016-02-15 08:26 - 2016-02-15 08:27 - 05047339 _____ C:\Users\Matt\Downloads\lightbeamData.json
2016-02-15 08:06 - 2016-02-15 08:06 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Macromedia
2016-02-15 07:35 - 2016-02-15 09:04 - 00000000 ____D C:\Users\Matt\Desktop\Backup
2016-02-15 07:35 - 2016-02-15 08:57 - 00000000 ____D C:\Users\Matt\Desktop\log
2016-02-15 07:17 - 2016-02-15 07:32 - 01107604 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_07.17.20_log.txt
2016-02-15 07:13 - 2016-02-15 07:13 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-02-15 07:10 - 2016-02-15 07:13 - 00503336 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_07.10.46_log.txt
2016-02-15 07:08 - 2016-02-15 07:08 - 04633146 _____ C:\Users\Matt\Downloads\tdsskiller.zip
2016-02-15 06:56 - 2016-02-15 11:11 - 00035322 _____ C:\Users\Matt\Desktop\dds.txt
2016-02-15 06:27 - 2016-02-15 06:27 - 00244200 _____ C:\Users\Matt\Desktop\7 Steps to Removing Spyware - Nick Laughter.pdf
2016-02-15 06:26 - 2016-02-15 06:28 - 38883750 _____ C:\Users\Matt\Desktop\[Sonia_Borg_Ph.D.]_Oral_Sex_She'll_Never_Forget_5(Book4You).pdf
2016-02-15 06:24 - 2016-02-15 06:26 - 46966245 _____ C:\Users\Matt\Desktop\Malware-_Rootkits_-_Botnets_A_Beginner&-39;s_Guide.pdf
2016-02-15 05:37 - 2016-02-15 09:28 - 00000323 _____ C:\WINDOWS\wininit.ini
2016-02-15 04:53 - 2016-02-15 04:53 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-02-15 04:25 - 2016-02-15 04:25 - 00216140 _____ C:\WINDOWS\Minidump\021516-47265-01.dmp
2016-02-15 03:48 - 2016-02-15 03:48 - 00784152 _____ (McAfee, Inc.) C:\Users\Matt\Downloads\rootkitremover.exe
2016-02-15 03:39 - 2016-02-15 06:41 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-02-15 03:36 - 2016-02-15 03:36 - 00217576 _____ (Kaspersky Lab ZAO) C:\Users\Matt\Downloads\CleanAutoRun.exe
2016-02-15 03:36 - 2016-02-15 03:36 - 00015670 _____ C:\CleanAutoRun.1.2.1.0_15.02.2016_03.36.56_log.txt
2016-02-15 03:30 - 2016-02-15 03:30 - 00000000 ____D C:\Users\Matt\AppData\Local\LockerUnlocker
2016-02-15 03:27 - 2016-02-15 03:29 - 79101960 _____ (NathanScott Apps) C:\Users\Matt\Downloads\LockerUnlocker.exe
2016-02-15 03:24 - 2016-02-15 03:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\www.shadowexplorer.com
2016-02-15 03:24 - 2016-02-15 03:24 - 00000000 ____D C:\matt
2016-02-15 03:23 - 2016-02-15 03:23 - 00969845 _____ (ShadowExplorer.com ) C:\Users\Matt\Downloads\ShadowExplorer-0.9-setup.exe
2016-02-15 03:23 - 2016-02-15 03:23 - 00137737 _____ C:\Users\Matt\Downloads\ShadowExplorer-0.9-portable.zip
2016-02-15 03:17 - 2016-02-15 03:17 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Runscanner.net
2016-02-15 03:08 - 2016-02-15 06:46 - 00000000 ____D C:\UBCD4Win1
2016-02-15 02:57 - 2016-02-15 04:44 - 00009525 _____ C:\MyNICDetails.txt
2016-02-15 02:52 - 2016-02-15 02:52 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Matt\Downloads\mbar-1.09.3.1001.exe
2016-02-15 02:38 - 2016-02-15 02:38 - 00918766 _____ C:\Users\Matt\Downloads\OTLPE.zip
2016-02-15 02:35 - 2016-02-15 02:44 - 282427301 _____ (UBCD4Win Team - Benjamin Burrows ) C:\Users\Matt\Downloads\UBCD4WinV360(1).exe
2016-02-15 02:34 - 2016-02-15 02:50 - 282427301 _____ (UBCD4Win Team - Benjamin Burrows ) C:\Users\Matt\Downloads\UBCD4WinV360.exe
2016-02-15 02:20 - 2016-02-15 02:20 - 00000425 _____ C:\Users\Matt\Downloads\peek.zip
2016-02-15 02:19 - 2016-02-15 02:19 - 00044607 _____ C:\Users\Matt\Downloads\bootkit_remover(1).zip
2016-02-15 02:15 - 2016-02-15 02:15 - 00515892 _____ C:\Users\Matt\Downloads\eeepcfr.zip
2016-02-15 02:12 - 2016-02-15 02:12 - 00688992 ____R (Swearware) C:\Users\Matt\Downloads\dds.com
2016-02-15 01:57 - 2016-02-15 01:57 - 00262132 _____ C:\WINDOWS\Minidump\021516-48734-01.dmp
2016-02-15 01:52 - 2016-02-15 01:52 - 00380416 _____ C:\Users\Matt\Downloads\kslqy334.exe
2016-02-15 01:50 - 2016-02-15 06:15 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-15 01:50 - 2016-02-15 03:35 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-15 01:50 - 2016-02-15 01:50 - 00001171 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-15 01:50 - 2016-02-15 01:50 - 00001171 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-15 01:50 - 2016-02-15 01:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-15 01:50 - 2016-02-15 01:50 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-15 01:50 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-15 01:50 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-15 01:48 - 2016-02-15 01:48 - 00010153 _____ C:\Users\Matt\Downloads\BootCheck.zip
2016-02-15 01:48 - 2016-02-15 01:48 - 00000000 ____D C:\Users\Matt\Downloads\BootCheck
2016-02-15 01:46 - 2016-02-15 01:46 - 00044607 _____ C:\Users\Matt\Downloads\bootkit_remover.zip
2016-02-15 01:43 - 2016-02-15 01:47 - 00256972 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_01.43.12_log.txt
2016-02-15 01:42 - 2016-02-15 01:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Matt\Downloads\tdsskiller.exe
2016-02-15 01:41 - 2016-02-15 01:42 - 22908888 _____ (Malwarebytes ) C:\Users\Matt\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-15 00:54 - 2016-02-15 00:55 - 00291564 _____ C:\WINDOWS\Minidump\021516-67984-01.dmp
2016-02-15 00:43 - 2016-02-15 05:25 - 524658252 _____ C:\WINDOWS\MEMORY.DMP
2016-02-15 00:43 - 2016-02-15 00:44 - 00229812 _____ C:\WINDOWS\Minidump\021516-56468-01.dmp
2016-02-14 22:04 - 2016-02-14 22:04 - 00000000 ___HD C:\$Windows.~BT
2016-02-14 22:03 - 2016-02-14 22:23 - 00000000 ___HD C:\$SysReset
2016-02-14 16:37 - 2016-02-14 16:37 - 00000000 _____ C:\Users\Matt\defogger_reenable
2016-02-14 16:33 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Administrator\Documents\AirDroid
2016-02-14 16:11 - 2016-02-14 16:11 - 00000000 ____D C:\Users\Matt\AppData\Local\Skyrim
2016-02-14 16:10 - 2016-02-14 16:10 - 00000000 ____D C:\ProgramData\Steam
2016-02-14 04:23 - 2016-02-14 04:23 - 00000000 ____D C:\Users\Administrator\AppData\Local\ElevatedDiagnostics
2016-02-14 04:20 - 2016-02-14 04:20 - 00000000 ____D C:\Users\Administrator\AppData\Local\PeerDistRepub
2016-02-14 03:01 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Administrator\Desktop\bleep FINALLY
2016-02-14 03:01 - 2016-02-14 03:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-02-14 01:24 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Runscanner.net
2016-02-14 01:01 - 2016-02-16 00:50 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-02-14 00:59 - 2016-02-14 00:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\RealVNC
2016-02-13 22:45 - 2016-02-14 04:39 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-02-13 22:36 - 2016-02-13 22:36 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-02-13 22:33 - 2016-02-02 22:13 - 137663815 _____ C:\Users\Matt\Downloads\bgwb0894.wmv
2016-02-13 22:30 - 2016-02-13 22:30 - 00000000 ____D C:\Users\Matt\Documents\My Games
2016-02-13 22:13 - 2016-02-13 22:17 - 144123954 _____ C:\Users\Matt\Downloads\xhamster.com_5683454_edging_leads_to_one_of_the_biggest_cumshots_ever_720p.mp4
2016-02-13 22:04 - 2016-02-13 22:09 - 49248578 _____ C:\Users\Matt\Downloads\vl_480P_474.0k_29752291.mp4
2016-02-13 21:04 - 2016-02-13 21:04 - 00000000 ____D C:\Program Files (x86)\Bethesda Softworks
2016-02-13 13:55 - 2016-02-13 13:55 - 00000000 ____D C:\Users\Matt\AppData\Local\AWSToolkit
2016-02-13 13:55 - 2016-02-13 13:55 - 00000000 ____D C:\Program Files (x86)\ClockworkMod
2016-02-13 13:54 - 2016-02-13 13:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One Click Root
2016-02-13 13:54 - 2016-02-13 13:54 - 00000000 ____D C:\Program Files (x86)\One Click Root
2016-02-13 13:53 - 2016-02-13 13:53 - 00000000 ____D C:\Users\Matt\AppData\Roaming\One Click Root
2016-02-13 03:29 - 2016-02-13 03:29 - 00000000 ____D C:\Users\Matt\.vnc
2016-02-13 03:26 - 2016-02-13 03:26 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Yahoo
2016-02-13 03:26 - 2016-02-13 03:26 - 00000000 ____D C:\Users\Matt\AppData\Local\YSearchUtil
2016-02-13 03:24 - 2016-02-13 03:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Sun
2016-02-13 03:24 - 2016-02-13 03:24 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\Sun
2016-02-13 03:24 - 2016-02-13 03:24 - 00000000 ____D C:\Users\Matt\.oracle_jre_usage
2016-02-13 03:23 - 2016-02-15 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-02-13 03:23 - 2016-02-13 03:27 - 00000000 ____D C:\ProgramData\Oracle
2016-02-13 03:22 - 2016-02-13 03:22 - 00000000 ____D C:\Program Files (x86)\Java
2016-02-12 15:59 - 2016-02-12 16:01 - 63123798 _____ C:\Users\Matt\Downloads\xhamster.com_4534721_cassandra_sheila_fovea_christine_fetish_anal.mp4
2016-02-12 15:12 - 2016-02-15 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Data Recovery Wizard 7.5
2016-02-12 15:12 - 2016-02-12 15:12 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-02-12 15:09 - 2016-02-15 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealVNC
2016-02-12 15:09 - 2016-02-12 15:09 - 00000000 ____D C:\ProgramData\RealVNC-Service
2016-02-12 15:09 - 2016-02-12 15:09 - 00000000 ____D C:\Program Files\RealVNC
2016-02-12 15:08 - 2016-02-12 15:08 - 01339189 _____ C:\Users\Matt\Downloads\sqlite-tools-win32-x86-3100200.zip
2016-02-12 14:50 - 2016-02-14 00:59 - 00000000 ____D C:\Users\Matt\AppData\Local\RealVNC
2016-02-12 03:15 - 2016-02-12 03:15 - 00161173 _____ C:\Users\Matt\Downloads\WindowexeAllkiller.zip
2016-02-12 02:03 - 2016-02-12 02:48 - 137663891 _____ C:\Users\Matt\Downloads\bgwb0894.wmv.rar
2016-02-12 02:01 - 2016-02-12 02:07 - 586564230 _____ C:\Users\Matt\Downloads\Chanel Preston - Black Widow Chanel Preston Gets Gangbanged! SD.mp4
2016-02-12 00:08 - 2016-02-12 00:08 - 00033285 _____ C:\Users\Matt\Downloads\sharewatch10_x86.zip
2016-02-12 00:04 - 2016-02-12 00:04 - 04827577 _____ C:\Users\Matt\Downloads\warework-java-dist-cloud-android-2.1.0-bundle.zip
2016-02-11 23:48 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files\iTunes
2016-02-11 23:48 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files\iPod
2016-02-11 23:48 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-11 23:47 - 2016-02-15 04:57 - 00000000 ____D C:\Program Files\Bonjour
2016-02-11 23:47 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-11 23:47 - 2016-02-15 00:27 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-11 22:33 - 2016-02-11 22:39 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-02-11 22:33 - 2016-02-11 22:33 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-02-11 21:29 - 2016-02-11 21:31 - 00000000 ____D C:\Users\Matt\Downloads\SuperGNES (SNES Emulator) v1.5.5 + 740 roms
2016-02-11 21:20 - 2016-02-11 21:25 - 00000000 ____D C:\Users\Matt\Documents\VideoCopilot
2016-02-11 21:20 - 2016-02-11 21:20 - 00000000 ___HD C:\Users\Matt\Documents\0a197066d38648228dbf8b6d7836eeb4$dpx$.tmp
2016-02-11 21:19 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Matt\Downloads\American.Truck.Simulator-CODEX
2016-02-11 21:18 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Matt\Downloads\[R.G. Mechanics] Spintires
2016-02-11 21:17 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Matt\Downloads\Firewatch-CODEX
2016-02-11 19:56 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Matt\Downloads\The.Elder.Scrolls.V.Skyrim.Legendary.Edition.MULTi8-PROPHET
2016-02-11 08:09 - 2016-02-11 08:09 - 00508072 _____ (Kaspersky Lab) C:\Users\Matt\Downloads\ksu.exe
2016-02-11 05:04 - 2016-02-11 05:05 - 00000000 ____D C:\AdwCleaner
2016-02-11 05:04 - 2016-02-11 05:04 - 01508352 _____ C:\Users\Matt\Downloads\adwcleaner_5.033.exe
2016-02-11 04:59 - 2016-02-14 04:21 - 00043343 _____ C:\Users\Matt\Downloads\MTB.txt
2016-02-11 04:58 - 2016-02-11 04:58 - 00891392 _____ (Farbar) C:\Users\Matt\Downloads\MiniToolBox.exe
2016-02-11 00:45 - 2016-02-11 03:59 - 00003650 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-02-10 23:04 - 2016-02-14 22:23 - 00000000 _____ C:\Recovery.txt
2016-02-10 22:18 - 2016-02-16 02:39 - 00000000 ____D C:\FRST
2016-02-10 22:18 - 2016-02-15 01:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-10 22:18 - 2016-02-10 22:18 - 00000000 ____D C:\Program Files\Malwarebytes
2016-02-10 14:44 - 2016-02-10 14:44 - 00000000 ____D C:\WINDOWS\system32\%LocalAppData%
2016-02-10 02:29 - 2016-02-15 00:27 - 00000000 ____D C:\Users\Matt\Downloads\WindowexeAllkiller
2016-02-09 06:59 - 2016-02-09 06:59 - 00998865 _____ C:\Users\Matt\Downloads\71171.jpeg
2016-02-09 00:34 - 2016-02-11 00:27 - 00000000 ____D C:\WINDOWS\ADAM
2016-02-09 00:34 - 2016-02-09 00:34 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-02-04 20:44 - 2016-02-11 00:27 - 00000000 ____D C:\Users\Matt\AppData\Roaming\HTC
2016-02-04 20:44 - 2016-02-11 00:27 - 00000000 ____D C:\Users\Matt\AppData\Local\HTC MediaHub
2016-02-04 20:44 - 2016-02-04 20:44 - 00000000 ____D C:\Users\Matt\Documents\HTC
2016-02-04 20:43 - 2016-02-11 00:27 - 00000000 ____D C:\Program Files (x86)\HTC
2016-02-04 20:43 - 2016-02-04 20:43 - 00000000 ____D C:\Users\Matt\.android
2016-02-04 20:43 - 2016-02-04 20:43 - 00000000 ____D C:\ProgramData\HTC
2016-02-03 03:16 - 2016-02-11 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Element 3D MetroPack Tommy Jay
2016-02-03 02:39 - 2016-02-03 19:04 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Filter Forge 4
2016-02-03 02:37 - 2016-02-15 06:38 - 00000000 ____D C:\Program Files (x86)\Filter Forge 4
2016-02-03 02:37 - 2016-02-03 02:37 - 00001160 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 4.lnk
2016-02-03 02:37 - 2016-02-03 02:37 - 00000000 ____D C:\ProgramData\TEMP
2016-02-03 02:37 - 2016-02-03 02:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Filter Forge 4
2016-02-03 02:37 - 2006-11-10 17:41 - 01030144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbghelp-xfw.dll
2016-02-03 02:36 - 2016-02-03 03:42 - 3808460559 _____ C:\Users\Matt\Downloads\CS6-CS5 Mega Plug-Ins Bundle JAY.dmg
2016-02-03 02:34 - 2016-02-03 02:35 - 00000000 ____D C:\Users\Matt\Downloads\Filter Forge 4.008 Adobe Photoshop Plug-in
2016-02-02 16:53 - 2016-02-15 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Adobe Photoshop CC 14.0
2016-02-02 04:50 - 2013-05-06 08:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\klfphc.dll
2016-02-02 04:49 - 2016-02-16 02:03 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2016-02-02 04:49 - 2016-02-15 05:09 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2016-02-02 04:49 - 2016-02-02 04:55 - 00934272 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klif.sys
2016-02-02 04:49 - 2016-02-02 04:55 - 00181640 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klflt.sys
2016-02-02 04:49 - 2016-02-02 04:54 - 00227512 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klhk.sys
2016-02-01 19:35 - 2016-02-01 19:35 - 00001584 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe Media Encoder.lnk
2016-02-01 19:34 - 2016-02-01 19:34 - 00001696 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe After Effects CS6.lnk
2016-02-01 19:34 - 2016-02-01 19:34 - 00001557 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Photoshop.lnk
2016-02-01 16:03 - 2016-02-11 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Pro_Shaders_PC_Installer
2016-02-01 15:37 - 2016-02-11 00:29 - 00000000 ____D C:\Users\Matt\Downloads\E3D
2016-02-01 15:37 - 2016-02-01 16:26 - 00000000 ____D C:\Users\Matt\Downloads\Video Copilot Motion Pules + Shockwave HD - Mr Walker
2016-02-01 15:36 - 2016-02-01 15:46 - 00000000 ____D C:\Users\Matt\Downloads\Video Copilot - Optical Flares (Complete Package)
2016-02-01 15:33 - 2016-02-01 15:33 - 00025902 _____ C:\Users\Matt\Downloads\graymachine_Presets_01.zip
2016-02-01 15:32 - 2016-02-11 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Presets
2016-02-01 06:48 - 2016-02-01 06:50 - 00000000 ____D C:\Users\Matt\Downloads\Crtvmrkt -  Font Collection #5 D8 - 20 fonts (shailab)
2016-02-01 06:17 - 2016-02-01 06:17 - 00000000 ____D C:\Users\Matt\Downloads\Adobe.Pro.Fonts.FONT-TYPO
2016-01-31 14:57 - 2016-01-31 14:57 - 00002647 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Simple System Tweaker.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00002607 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Technicians Toolbox.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00002170 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AirDroid.lnk
2016-01-31 14:57 - 2016-01-31 14:57 - 00001378 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FWsim Pro.lnk
2016-01-31 14:55 - 2016-01-31 14:55 - 65470464 _____ C:\WINDOWS\system32\config\software.new
2016-01-31 14:55 - 2016-01-31 14:55 - 17104896 _____ C:\WINDOWS\system32\config\system.new
2016-01-31 14:55 - 2016-01-31 14:55 - 00294912 _____ C:\WINDOWS\system32\config\default.new
2016-01-31 14:55 - 2016-01-31 14:55 - 00065536 _____ C:\WINDOWS\system32\config\sam.new
2016-01-31 14:55 - 2016-01-31 14:55 - 00024576 _____ C:\WINDOWS\system32\config\security.new
2016-01-31 14:35 - 2016-01-31 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-01-31 14:35 - 2016-01-31 14:35 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-01-31 14:34 - 2016-01-31 14:36 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-01-31 14:34 - 2016-01-31 14:34 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-31 14:34 - 2016-01-31 14:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-01-31 14:33 - 2016-02-15 00:33 - 00000000 ____D C:\Users\Administrator
2016-01-31 14:33 - 2016-01-31 14:33 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-31 14:33 - 2016-01-31 14:33 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-31 14:33 - 2016-01-31 14:33 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-31 14:33 - 2016-01-31 14:33 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-31 14:33 - 2016-01-31 14:33 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-31 14:33 - 2016-01-29 07:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-31 13:37 - 2016-02-15 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Applications
2016-01-31 13:26 - 2016-02-15 02:03 - 00000000 ____D C:\Users\Matt\Downloads\System Tweaks
2016-01-31 13:24 - 2016-02-15 00:29 - 00000000 ____D C:\Users\Matt\Downloads\Android
2016-01-31 01:04 - 2016-02-16 02:00 - 00000706 _____ C:\WINDOWS\Tasks\Tweaking.com - Remote Desktop IP Monitor & Blocker.job
2016-01-31 01:04 - 2016-02-15 10:10 - 00003026 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Remote Desktop IP Monitor & Blocker
2016-01-31 00:07 - 2016-01-31 00:07 - 00016380 _____ C:\WINDOWS\Tweaking.com - Technicians Toolbox Setup Log.txt
2016-01-31 00:05 - 2014-09-06 14:26 - 00009216 _____ C:\WINDOWS\system32\cpn64.dll
2016-01-31 00:05 - 2014-09-06 14:26 - 00007168 _____ C:\WINDOWS\SysWOW64\cpn32.dll
2016-01-30 20:02 - 2016-01-30 20:02 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-01-30 18:02 - 2016-01-30 18:07 - 00008714 __RSH C:\ProgramData\ntuser.pol
2016-01-30 17:38 - 2016-02-15 00:29 - 00000000 ____D C:\Users\Public\Documents\AirDroid
2016-01-30 17:38 - 2016-02-15 00:29 - 00000000 ____D C:\Users\Matt\Documents\AirDroid
2016-01-30 17:38 - 2016-02-15 00:29 - 00000000 ____D C:\ProgramData\Documents\AirDroid
2016-01-30 17:34 - 2016-01-30 17:38 - 00000000 ____D C:\Program Files (x86)\AirDroid
2016-01-30 17:34 - 2016-01-30 17:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AirDroid
2016-01-30 13:18 - 2016-02-15 10:10 - 00002364 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2016-01-30 13:18 - 2016-01-30 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-01-30 13:17 - 2016-01-30 13:17 - 00000000 ____D C:\Program Files\Realtek
2016-01-30 13:17 - 2015-06-18 18:45 - 04496600 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-01-30 13:17 - 2015-06-17 14:45 - 03234520 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-01-30 13:17 - 2015-05-26 11:59 - 00166616 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-01-30 13:17 - 2015-05-18 14:47 - 02702040 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-01-30 13:17 - 2015-05-15 19:27 - 02918104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-01-30 13:17 - 2014-11-11 13:44 - 00631000 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-01-30 13:17 - 2014-08-14 19:16 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-01-30 13:17 - 2013-04-23 14:54 - 00154184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2016-01-30 13:17 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-01-30 13:17 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-01-30 13:17 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-01-30 13:17 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-01-30 13:17 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-01-30 13:17 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-01-30 13:17 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-01-30 13:17 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-01-30 13:17 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-01-30 13:17 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-01-30 13:16 - 2015-06-18 17:59 - 02862488 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-01-30 13:16 - 2015-06-17 19:47 - 02930904 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-01-30 13:16 - 2015-06-15 17:39 - 01748184 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-01-30 13:16 - 2015-05-25 15:18 - 03195416 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-01-30 13:16 - 2015-05-15 16:32 - 01316056 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-01-30 13:16 - 2015-05-11 18:53 - 12996528 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-01-30 13:16 - 2015-05-11 18:53 - 11899824 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll
2016-01-30 13:16 - 2015-05-11 13:08 - 01374640 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-01-30 13:16 - 2015-05-11 13:08 - 01192368 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-01-30 13:16 - 2015-05-11 13:08 - 01145264 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-01-30 13:16 - 2015-05-11 13:08 - 00980400 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-01-30 13:16 - 2015-05-05 14:01 - 01948928 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2016-01-30 13:16 - 2015-05-05 14:01 - 01716480 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2016-01-30 13:16 - 2015-01-19 18:10 - 72113152 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2016-01-30 13:16 - 2014-04-10 12:19 - 03691608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2016-01-30 13:16 - 2014-04-10 12:19 - 02041432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-01-30 13:16 - 2014-01-08 15:25 - 00397592 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2016-01-30 13:16 - 2013-08-14 15:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-01-30 13:16 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-01-30 13:16 - 2013-07-22 15:36 - 00194816 _____ (Waves Audio) C:\WINDOWS\system32\MaxxAudioVienna264.dll
2016-01-30 13:16 - 2013-01-11 16:27 - 00628504 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2016-01-30 13:16 - 2013-01-11 16:27 - 00563992 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2016-01-30 13:16 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-01-30 13:16 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-01-30 13:16 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-01-30 13:16 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-01-30 13:16 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-01-30 13:16 - 2012-06-08 16:21 - 00897152 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2016-01-30 13:16 - 2012-06-08 16:21 - 00753280 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2016-01-30 13:16 - 2011-12-16 14:57 - 00065112 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2016-01-30 13:16 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-01-30 13:16 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-01-30 13:16 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-01-30 13:16 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-01-30 13:16 - 2009-11-18 07:13 - 00060504 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2016-01-30 13:15 - 2014-09-24 11:31 - 07087448 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-01-30 13:15 - 2014-09-24 11:31 - 01939800 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-01-30 13:15 - 2014-09-24 11:31 - 00315736 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-01-30 13:15 - 2014-09-24 11:31 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-01-30 13:15 - 2014-06-09 10:59 - 00560328 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-01-30 13:15 - 2013-10-11 12:47 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-01-30 13:15 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-01-30 13:15 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-01-30 13:11 - 2015-05-27 17:38 - 02825944 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-01-30 13:08 - 2016-01-30 13:08 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-30 13:07 - 2016-01-30 13:18 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-01-30 05:58 - 2016-02-15 05:25 - 00000000 ____D C:\WINDOWS\Minidump
2016-01-30 00:47 - 2016-01-30 00:47 - 00000000 ____D C:\NewsFeed
2016-01-29 13:11 - 2016-01-29 13:11 - 00000000 ____D C:\Users\Matt\AppData\Local\Devolutions
2016-01-29 13:10 - 2016-01-29 13:10 - 00000000 ____D C:\Program Files (x86)\Devolutions
2016-01-29 13:09 - 2016-01-29 13:09 - 00000000 ____D C:\ProgramData\PC1Data
2016-01-29 12:16 - 2016-01-29 12:16 - 00001222 _____ C:\ProgramData\Microsoft\Windows\Start Menu\BS.Player PRO.lnk
2016-01-29 12:15 - 2016-01-31 17:40 - 00000000 ____D C:\Users\Matt\AppData\Roaming\BSplayer PRO
2016-01-29 12:08 - 2016-01-29 12:08 - 00000000 ____D C:\Users\Matt\AppData\Local\Comms
2016-01-29 11:58 - 2016-02-16 02:07 - 00003804 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-01-29 11:58 - 2016-02-15 07:14 - 00000000 ____D C:\WINDOWS\KMSServerService
2016-01-29 11:58 - 2016-01-29 21:37 - 00000000 ____D C:\WINDOWS\AutoKMS
2016-01-29 11:57 - 2016-01-29 11:57 - 00004608 _____ C:\WINDOWS\SECOH-QAD.exe
2016-01-29 11:57 - 2016-01-29 11:57 - 00003584 _____ C:\WINDOWS\SECOH-QAD.dll
2016-01-29 11:51 - 2016-01-29 11:51 - 00000000 ____D C:\Users\Matt\AppData\Local\ActiveSync
2016-01-29 11:49 - 2016-01-29 11:49 - 00000020 ___SH C:\Users\Matt\ntuser.ini
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default\My Documents
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-01-29 07:57 - 2016-01-29 07:57 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-01-29 07:54 - 2016-01-29 07:54 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-01-29 07:53 - 2016-02-16 02:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-29 07:42 - 2016-01-29 07:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-01-29 07:42 - 2016-01-29 07:42 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-01-29 07:42 - 2016-01-29 07:42 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-01-29 07:39 - 2016-01-29 07:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-01-29 07:37 - 2016-02-15 06:38 - 00000000 ____D C:\Users\Matt
2016-01-29 07:37 - 2016-01-29 07:37 - 00000000 _SHDL C:\Users\Matt\My Documents
2016-01-29 07:37 - 2016-01-29 07:37 - 00000000 _SHDL C:\Users\Matt\Documents\My Videos
2016-01-29 07:37 - 2016-01-29 07:37 - 00000000 _SHDL C:\Users\Matt\Documents\My Pictures
2016-01-29 07:37 - 2016-01-29 07:37 - 00000000 _SHDL C:\Users\Matt\Documents\My Music
2016-01-29 07:34 - 2016-02-11 01:02 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-01-29 07:33 - 2016-01-29 07:40 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-29 07:33 - 2016-01-29 07:33 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-01-29 07:33 - 2016-01-29 07:33 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-01-29 07:32 - 2016-02-10 23:12 - 00000000 ____D C:\Program Files\AMD
2016-01-29 07:32 - 2016-01-30 13:18 - 00849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2016-01-29 07:32 - 2016-01-30 13:18 - 00192907 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2016-01-29 07:32 - 2016-01-30 13:18 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2016-01-29 07:32 - 2016-01-30 13:18 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2016-01-29 07:32 - 2016-01-30 13:17 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-29 07:32 - 2016-01-29 07:32 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-01-29 07:32 - 2016-01-29 07:32 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-01-29 07:32 - 2016-01-29 07:32 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-01-29 07:32 - 2016-01-29 07:32 - 00000000 _____ C:\ProgramData\DP45977C.lfl
2016-01-29 07:31 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-01-29 07:28 - 2016-02-02 13:24 - 05023120 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-29 07:27 - 2016-01-29 12:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-01-29 07:24 - 2016-01-29 07:24 - 00000000 ____D C:\Windows.old
2016-01-29 07:23 - 2016-01-29 07:23 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-01-29 07:23 - 2016-01-29 07:23 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-01-29 07:23 - 2016-01-29 07:23 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-29 07:23 - 2016-01-29 07:23 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-29 07:23 - 2016-01-29 07:23 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-29 07:23 - 2016-01-29 07:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ZWWAHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-01-29 07:23 - 2016-01-29 07:23 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-01-29 07:23 - 2016-01-29 07:23 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-29 07:23 - 2016-01-29 07:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-29 07:23 - 2016-01-29 07:23 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-29 07:23 - 2016-01-29 07:23 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-29 07:23 - 2016-01-29 07:23 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-29 07:23 - 2016-01-29 07:23 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-01-29 07:23 - 2016-01-29 07:23 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-01-29 07:23 - 2016-01-29 07:23 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-01-29 07:23 - 2016-01-29 07:23 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-01-29 07:19 - 2016-01-29 07:19 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-01-29 07:16 - 2016-01-29 07:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-01-29 07:16 - 2016-01-29 07:16 - 00000000 ____D C:\Program Files\MSBuild
2016-01-29 07:16 - 2016-01-29 07:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-01-29 07:16 - 2016-01-29 07:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-01-29 07:15 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-01-29 07:15 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-01-29 07:15 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-01-29 07:14 - 2016-01-29 07:14 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-01-29 07:14 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-01-29 07:14 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-01-29 07:14 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-01-29 07:05 - 2016-01-29 07:05 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2016-01-29 07:00 - 2016-01-29 07:56 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-01-29 07:00 - 2016-01-29 07:56 - 00009528 _____ C:\WINDOWS\diagerr.xml
2016-01-28 01:04 - 2016-01-28 01:04 - 00000000 ____D C:\Users\Matt\Downloads\Adobe Photoshop CS6 Bible - (Malestrom)
2016-01-27 15:12 - 2016-02-10 23:11 - 00000000 ____D C:\Program Files (x86)\AMD
2016-01-27 14:57 - 2016-01-31 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-27 14:57 - 2016-01-31 11:47 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-01-27 14:57 - 2016-01-27 14:57 - 00022338 _____ C:\WINDOWS\Tweaking.com - Simple System Tweaker Setup Log.txt
2016-01-27 14:57 - 2016-01-27 14:57 - 00000000 ____D C:\RegBackup
2016-01-27 14:54 - 2016-02-15 10:10 - 00003824 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-01-27 14:54 - 2016-02-15 05:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CSIS Heimdal
2016-01-27 14:53 - 2016-01-29 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-01-27 14:53 - 2016-01-27 14:53 - 00000000 ____D C:\Users\Matt\AppData\Roaming\library_dir
2016-01-27 14:52 - 2016-01-29 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-01-27 14:52 - 2016-01-27 14:52 - 00000000 ____D C:\ProgramData\CSIS
2016-01-27 12:19 - 2016-01-27 12:19 - 04318760 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-01-27 12:01 - 2009-06-07 16:25 - 00077824 _____ C:\WINDOWS\SysWOW64\xvid.ax
2016-01-27 12:01 - 2009-06-07 16:24 - 00180224 _____ C:\WINDOWS\SysWOW64\xvidvfw.dll
2016-01-27 12:01 - 2009-06-07 16:16 - 00819200 _____ C:\WINDOWS\SysWOW64\xvidcore.dll
2016-01-26 14:19 - 2016-01-29 20:12 - 00000000 ____D C:\Users\Matt\Documents\FW-Sim
2016-01-26 14:19 - 2016-01-26 14:19 - 00000000 ____D C:\ProgramData\IsolatedStorage
2016-01-26 14:16 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-01-26 14:16 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-01-26 14:16 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-01-26 14:16 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-01-26 14:16 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-01-26 14:16 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-01-26 14:16 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-01-26 14:16 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-01-26 14:16 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-01-26 14:15 - 2016-02-15 00:29 - 00000000 ____D C:\Program Files (x86)\FWsim Pro
2016-01-26 14:15 - 2016-01-29 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FWsim Pro
2016-01-26 14:15 - 2016-01-26 14:15 - 00000000 ____D C:\Users\Public\Documents\FW-Sim
2016-01-26 14:15 - 2016-01-26 14:15 - 00000000 ____D C:\ProgramData\Documents\FW-Sim
2016-01-23 23:37 - 2016-01-23 23:37 - 00001679 _____ C:\Users\Matt\Downloads\videohive_Pieces - Shortcut.lnk
2016-01-23 13:49 - 2016-01-23 14:01 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Imagenomic
2016-01-23 13:46 - 2016-02-15 05:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Imagenomic
2016-01-23 13:46 - 2016-02-15 05:38 - 00000000 ____D C:\Program Files (x86)\Imagenomic
2016-01-23 13:44 - 2016-01-31 14:03 - 00000000 ____D C:\Users\Matt\Downloads\ZZZ999-- AE Stuff
2016-01-22 20:36 - 2016-01-29 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2016-01-22 20:36 - 2016-01-22 20:36 - 00000000 ____D C:\Users\Matt\AppData\Local\VS Revo Group
2016-01-22 20:36 - 2016-01-22 20:36 - 00000000 ____D C:\ProgramData\VS Revo Group
2016-01-22 20:36 - 2016-01-22 20:36 - 00000000 ____D C:\Program Files\VS Revo Group
2016-01-22 20:36 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2016-01-22 18:29 - 2016-02-16 02:05 - 00453134 _____ C:\WINDOWS\ntbtlog.txt
2016-01-22 18:28 - 2016-02-11 00:29 - 00000000 ____D C:\WINDOWS\pss
2016-01-22 16:58 - 2016-01-22 03:12 - 00702459 _____ C:\Users\King Daddy Dickhead\Desktop\gabe.aep
2016-01-22 16:51 - 2016-01-22 16:51 - 00000000 ____D C:\Users\Matt\Mozilla
2016-01-22 08:43 - 2016-01-22 08:43 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Publish Providers
2016-01-22 08:37 - 2016-01-22 08:40 - 00000000 ____D C:\Users\Matt\AppData\Local\Sony
2016-01-22 08:37 - 2016-01-22 08:37 - 00000000 ____D C:\ProgramData\Sony
2016-01-22 08:37 - 2016-01-22 08:37 - 00000000 ____D C:\Program Files (x86)\Sony
2016-01-20 13:15 - 2016-02-07 01:42 - 00000132 _____ C:\Users\Matt\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-01-20 12:22 - 2016-01-20 12:22 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-01-20 11:25 - 2016-01-20 11:25 - 00000000 ____D C:\Users\Matt\AppData\LocalLow\Adobe
2016-01-20 11:21 - 2016-01-20 11:21 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2016-01-20 11:19 - 2016-01-20 11:19 - 00001426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2016-01-19 16:46 - 2016-01-19 16:50 - 00000000 ____D C:\ProgramData\.pixartokens
2016-01-19 16:46 - 2016-01-19 16:46 - 00000000 ____D C:\Users\Matt\rms
2016-01-19 16:46 - 2016-01-19 16:46 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Pixar
2016-01-19 15:46 - 2016-01-19 15:46 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2016-01-19 11:17 - 2016-01-19 11:20 - 00000000 ____D C:\Rem-VBSqt
2016-01-18 20:28 - 2016-01-29 11:55 - 00000000 ___RD C:\Users\Matt\OneDrive
2016-01-18 15:47 - 2016-01-18 15:47 - 00000000 ____D C:\Users\Matt\AppData\Local\Publishers
2016-01-17 18:40 - 2016-01-22 13:09 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Sony
2016-01-17 18:12 - 2016-01-31 13:33 - 00000000 ____D C:\Users\Matt\Downloads\Background Music

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-16 01:59 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-16 01:59 - 2015-10-29 22:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-02-16 01:59 - 2015-09-21 04:21 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-16 00:54 - 2016-01-15 03:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-16 00:48 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-16 00:33 - 2016-01-15 16:30 - 00000000 ____D C:\Users\Matt\AppData\Roaming\uTorrent
2016-02-15 18:26 - 2016-01-15 16:31 - 00002679 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2016-02-15 16:31 - 2016-01-15 12:47 - 00000000 ____D C:\Users\Matt\AppData\Local\VirtualStore
2016-02-15 11:58 - 2016-01-15 01:55 - 00000000 ____D C:\Users\Matt\AppData\Local\ElevatedDiagnostics
2016-02-15 08:10 - 2016-01-16 13:49 - 00000000 ____D C:\ProgramData\Apple Computer
2016-02-15 07:35 - 2015-09-21 20:58 - 00415952 _____ (hxxp://windowexeallkiller.com) C:\Users\Matt\Desktop\WindowexeAllkiller.exe
2016-02-15 07:23 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-15 06:40 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-15 05:20 - 2016-01-16 14:34 - 00000000 ____D C:\Program Files\Nik Software
2016-02-15 05:15 - 2016-01-16 01:13 - 00000000 ____D C:\Program Files\WinRAR
2016-02-15 05:02 - 2016-01-15 23:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-15 04:59 - 2016-01-16 13:48 - 00000000 ____D C:\ProgramData\Apple
2016-02-15 02:19 - 2015-09-21 04:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-15 02:16 - 2015-09-21 04:31 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-15 00:33 - 2015-10-30 01:07 - 00000000 __SHD C:\WINDOWS\BitLockerDiscoveryVolumeContents
2016-02-15 00:33 - 2015-10-30 01:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-15 00:33 - 2015-10-30 01:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 __RSD C:\WINDOWS\Media
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\IME
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\addins
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-15 00:33 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-15 00:33 - 2015-10-29 22:31 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-15 00:33 - 2015-10-29 22:31 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-15 00:33 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\servicing
2016-02-15 00:29 - 2016-01-16 14:24 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIST
2016-02-15 00:18 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-15 00:17 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\registration
2016-02-11 23:49 - 2016-01-16 13:50 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Apple Computer
2016-02-11 23:49 - 2016-01-16 13:50 - 00000000 ____D C:\Users\Matt\AppData\Local\Apple Computer
2016-02-11 00:29 - 2016-01-16 04:47 - 00000000 ____D C:\Users\Matt\Documents\Windows 10 Support Forum - BleepingComputer.com_files
2016-02-11 00:29 - 2016-01-16 01:05 - 00000000 ____D C:\Users\Matt\Downloads\Old Firefox Data
2016-02-11 00:29 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\PLA
2016-02-11 00:29 - 2015-09-21 04:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-03 00:02 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-02 04:55 - 2015-06-26 23:58 - 00087944 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\klwfp.sys
2016-02-02 04:55 - 2015-06-08 19:43 - 00041352 _____ (AO Kaspersky Lab) C:\WINDOWS\system32\Drivers\klpd.sys
2016-02-02 04:50 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-02 04:49 - 2015-07-10 01:05 - 00000000 ____D C:\Users\Default.migrated
2016-01-31 15:00 - 2015-10-29 22:28 - 65536000 _____ C:\WINDOWS\system32\config\software.old
2016-01-31 15:00 - 2015-10-29 22:28 - 17301504 _____ C:\WINDOWS\system32\config\system.old
2016-01-31 15:00 - 2015-10-29 22:28 - 00524288 _____ C:\WINDOWS\system32\config\default.old
2016-01-31 15:00 - 2015-10-29 22:28 - 00040960 _____ C:\WINDOWS\system32\config\security.old
2016-01-31 01:04 - 2015-10-29 22:28 - 32505856 _____ C:\WINDOWS\system32\config\components.old
2016-01-30 18:20 - 2016-01-15 01:46 - 00000000 ____D C:\Users\Matt\AppData\Local\Packages
2016-01-30 18:01 - 2015-07-10 03:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-01-30 13:14 - 2016-01-16 14:15 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-30 04:52 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-01-29 11:55 - 2016-01-15 01:49 - 00002360 _____ C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-29 07:59 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-29 07:57 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-01-29 07:51 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-01-29 07:43 - 2016-01-16 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-01-29 07:43 - 2016-01-16 05:14 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\nomacs - Image Lounge
2016-01-29 07:43 - 2016-01-15 23:45 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-01-29 07:40 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-01-29 07:40 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-29 07:40 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-01-29 07:39 - 2016-01-16 01:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Daum
2016-01-29 07:39 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-01-29 07:33 - 2016-01-15 03:07 - 00000000 ____D C:\AMD
2016-01-29 07:28 - 2015-10-30 01:14 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-01-29 07:27 - 2015-10-29 23:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-01-29 07:24 - 2015-10-29 22:28 - 00065536 _____ C:\WINDOWS\system32\config\sam.old
2016-01-29 07:03 - 2016-01-15 01:34 - 00008192 __RSH C:\BOOTSECT.BAK
2016-01-27 14:52 - 2016-01-15 23:55 - 00000000 ____D C:\Users\Matt\AppData\Local\AMD
2016-01-24 22:59 - 2016-01-16 05:38 - 00001888 _____ C:\Users\Matt\Downloads\videohive_TypoGraphy HD - Shortcut.lnk
2016-01-23 12:30 - 2016-01-15 20:01 - 00000000 ____D C:\Users\Matt\AppData\Roaming\Adobe
2016-01-22 18:36 - 2016-01-16 05:59 - 00001933 _____ C:\Users\Matt\Downloads\videohive_Top Of The Town V2 - Shortcut.lnk
2016-01-20 13:02 - 2016-01-15 23:34 - 00000000 ____D C:\Users\Matt\AppData\Local\Adobe
2016-01-20 11:24 - 2016-01-16 08:00 - 00000000 ____D C:\Users\Matt\Documents\Adobe
2016-01-20 11:22 - 2016-01-16 10:33 - 00000000 ____D C:\Program Files\Adobe
2016-01-20 11:21 - 2016-01-16 10:32 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-01-20 11:19 - 2016-01-15 23:34 - 00000000 ____D C:\ProgramData\Adobe
2016-01-18 09:12 - 2016-01-16 02:40 - 00000000 ____D C:\Users\Matt\Downloads\Video Hive
2016-01-17 18:45 - 2016-01-16 06:00 - 00001843 _____ C:\Users\Matt\Downloads\videohive_Urbanica - Shortcut.lnk
2016-01-17 18:44 - 2016-01-16 05:45 - 00001852 _____ C:\Users\Matt\Downloads\videohive_Subscribe - Shortcut.lnk

==================== Files in the root of some directories =======

2016-01-20 13:15 - 2016-02-07 01:42 - 0000132 _____ () C:\Users\Matt\AppData\Roaming\Adobe PNG Format CS6 Prefs
2016-02-16 02:38 - 2016-02-16 02:38 - 0000232 _____ () C:\Users\Matt\AppData\Local\infection.log
2016-01-29 07:32 - 2016-01-29 07:32 - 0000000 _____ () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\BRSEIK.exe
C:\Users\Administrator\AppData\Local\Temp\EBOXTUPR.exe
C:\Users\Administrator\AppData\Local\Temp\KS.exe
C:\Users\Administrator\AppData\Local\Temp\QJFAJJ.exe
C:\Users\Administrator\AppData\Local\Temp\RSKSN.exe
C:\Users\Administrator\AppData\Local\Temp\WHTFYJI.exe
C:\Users\Matt\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {688deb70-c69c-11e5-a5fc-956529658890}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {24755bfd-bb6b-11e5-886f-a433cd26ae91}
device                  ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{24755bfe-bb6b-11e5-886f-a433cd26ae91}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[C:]\Recovery\WindowsRE\Winre.wim,{24755bfe-bb6b-11e5-886f-a433cd26ae91}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \WINDOWS\system32\winload.exe
description             Windows 10
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {b78c7c40-c69c-11e5-a5fc-956529658890}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
osdevice                partition=C:
systemroot              \WINDOWS
resumeobject            {688deb70-c69c-11e5-a5fc-956529658890}
nx                      OptIn
bootmenupolicy          Standard
vga                     Yes
quietboot               Yes
bootlog                 Yes
sos                     Yes

Windows Boot Loader
-------------------
identifier              {b78c7c40-c69c-11e5-a5fc-956529658890}
device                  ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b78c7c41-c69c-11e5-a5fc-956529658890}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
locale                  en-US
inherit                 {bootloadersettings}
displaymessage          Recovery
osdevice                ramdisk=[\Device\HarddiskVolume3]\Recovery\WindowsRE\Winre.wim,{b78c7c41-c69c-11e5-a5fc-956529658890}
systemroot              \windows
nx                      OptIn
safeboot                Minimal
bootmenupolicy          Standard
winpe                   Yes

Windows Setup
-------------
identifier              {cbd971bf-b7b8-4885-951a-fa03044f5d71}
device                  ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{94eb97e4-c699-11e5-9bdc-142d271cc588}
path                    \windows\system32\winload.exe
description             Windows Rollback
locale                  en-US
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{94eb97e4-c699-11e5-9bdc-142d271cc588}
systemroot              \windows
nx                      OptIn
bootmenupolicy          Standard
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {24755bfb-bb6b-11e5-886f-a433cd26ae91}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {24755bfd-bb6b-11e5-886f-a433cd26ae91}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Resume from Hibernate
---------------------
identifier              {688deb70-c69c-11e5-a5fc-956529658890}
device                  partition=C:
path                    \WINDOWS\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
recoverysequence        {b78c7c40-c69c-11e5-a5fc-956529658890}
recoveryenabled         Yes
allowedinmemorysettings 0x15000075
filedevice              partition=C:
filepath                \hiberfil.sys
bootmenupolicy          Standard
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 No

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {24755bfe-bb6b-11e5-886f-a433cd26ae91}
description             Windows Recovery
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi

Device options
--------------
identifier              {94eb97e4-c699-11e5-9bdc-142d271cc588}
description             Windows Setup
ramdisksdidevice        partition=C:
ramdisksdipath          \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options
--------------
identifier              {b78c7c41-c69c-11e5-a5fc-956529658890}
description             Windows Recovery
ramdisksdidevice        partition=\Device\HarddiskVolume3
ramdisksdipath          \Recovery\WindowsRE\boot.sdi



LastRegBack: 2016-02-15 01:06

==================== End of FRST.txt ============================



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,730 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 PM

Posted 20 February 2016 - 02:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/605537 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 24 February 2016 - 02:53 AM

Hello dirtypiratehooker.

 

I am Marie Curie and will gladly help you with any malware-related problems.

Please familiarize yourself with the following ground rules before you start.
 

  • Read my instructions thoroughly, carry out each step in the given order.
  • Do not make any changes to your system, or run any tools other than those I provided. Do not delete, fix, uninstall, or install anything unless I tell you to.
  • If you are unsure about anything or if you encounter any problems, please stop and inform me about it.
  • Stick with me until I tell you that your computer is clean. Absence of symptoms does not mean that your computer is free of malware.
  • Back up important files before we start.


--------------------------------------------------------------
 

STEP 1
XrDFflh.png CKScanner

  • Please download CKScanner and save the file to your Desktop.
  • Right-Click CKScanner.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Please run this programme only once.
  • A log (CKFiles.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.
     

STEP 2
DmqaAZx.png MGADiag
  • Please download MGADiag and save the file to your Desktop.
  • Right-Click MGADiag.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Click continue.png.
  • Click copy.png.
  • Press the Windows Key pdKOQKY.png + r on your keyboard at the same time. Type Notepad and click OK.
  • Click Edit followed by Paste in Notepad.
  • Copy the contents of the log and paste in your next reply.
     

======================================================

STEP 3
pfNZP4A.png Logs
In your next reply please include the following logs. Please be sure to copy and paste the requested logs, as well as provide information on any questions I may have asked.
  • CKFiles.txt
  • MGADiag log



#5 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 28 February 2016 - 03:16 AM

Hello dirtypiratehooker.
 
I have not heard back from you in 4 days.

  • Do you still require help?
  • If you require additional time to complete my instructions, please let me know.
  • If after 48 hours you have not replied to this thread it will have to be closed.


#6 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:24 PM

Posted 02 March 2016 - 01:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users