Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible dllhost.exe virus


  • This topic is locked This topic is locked
21 replies to this topic

#1 royskopovf

royskopovf

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 23 March 2016 - 10:16 AM

Hello,
 
I've been battling with some malware or virus on my Toshiba laptop for about 3-4 weeks now. Usually I'm able to fix these things myself, but this time it's been particularly persistent. Initially the problem was that the computer would be unusable upon startup, nothing would open or run. I booted in safe mode and ran rkill and tdsskiller, then ran Malawarebytes countless times, which would find minor things but never anything real. The problem eventually seemed to go away after I also ran Spybot Search and Destory and a few other ant-malwares.
 
Right now, whenever I open a specific picture in my documents, the picture opens, and the whole computer starts freezing and acting buggy. When I try to close the picture, the window freezes and turns white. In task manager, when I right click on the windows picture viewer task and go to process, it goes to dllhost.exe COM surrogate. I'm pretty sure dllhost.exe is not the process for windows picture viewer. When I click go to file location, the process disappears. There is also a duplicate dllhost.exe that opens to the windows system folder.
 
I've already run  Fabar Recovery Scan Tool and i'm attaching the logs. Looking forward to hearing from you guys.
 
 
Thanks,
 
Raphael

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by royskopovf (administrator) on ROYSKOPOVF-PC (23-03-2016 10:43:37)
Running from C:\Users\royskopovf\Downloads
Loaded Profiles: UpdatusUser & royskopovf (Available Profiles: UpdatusUser & royskopovf)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
( ) C:\Windows\System32\lxeacoms.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\widimon\widimon.exe
(TOSHIBA Corporation) C:\Windows\System32\ThpSrv.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
() C:\ProgramData\KMSAuto\bin\TunMirror.exe
(AVG) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
() C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11775592 2011-01-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [lxeamon.exe] => C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe [772712 2013-01-23] ()
HKLM\...\Run: [EzPrint] => C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe [150264 2013-01-23] ()
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] => C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\MountPoints2: {0c771490-7a49-11e5-baad-eef5bfbd60eb} - F:\LaunchU3.exe -a
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWOW64\CbFsMntNtf3.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-02-24] (Google)
ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-04-09] (EldoS Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 200.1.104.36 200.1.104.35
Tcpip\..\Interfaces\{93A91276-3ED1-4B80-B333-457F9AFFD5E8}: [DhcpNameServer] 200.1.104.36 200.1.104.35
Tcpip\..\Interfaces\{E748D6D0-E11C-4F91-8360-430220AF54F1}: [DhcpNameServer] 200.1.104.36 200.1.104.35

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://mysearch.avg.com/?cid={FC423BE3-DC12-482C-9E0C-0FEDF4A96213}&mid=85eda37b92f847cc96766939b22e95c9-8b2f1abe21b4d127e5b2f3791bdd9f190bdb2548&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-10 18:14:37&v=4.2.8.608&pid=wtu&sg=&sap=hp
SearchScopes: HKLM -> DefaultScope {F07AAC44-5426-4415-A0D8-A5205C9D501B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {F07AAC44-5426-4415-A0D8-A5205C9D501B} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> DefaultScope {2EA73C8A-671D-4C42-8086-93F6CAFB6EA5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {2EA73C8A-671D-4C42-8086-93F6CAFB6EA5} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={FC423BE3-DC12-482C-9E0C-0FEDF4A96213}&mid=85eda37b92f847cc96766939b22e95c9-8b2f1abe21b4d127e5b2f3791bdd9f190bdb2548&lang=en&ds=AVG&coid=avgtbavg&cmpid=0316avz&pr=fr&d=2016-03-10 18:14:37&v=4.2.8.608&pid=wtu&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> {A3DA9BEE-CB2D-4D73-A38C-40649794EAF0} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNF
SearchScopes: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> {F07AAC44-5426-4415-A0D8-A5205C9D501B} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-11-03] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg64.dll [2014-11-03] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-02-28] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-02-28] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-11-19] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.2.8.608\AVG Web TuneUp.dll [2016-03-10] (AVG)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-11-03] (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2014-11-03] (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-02-28] (Microsoft Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-06] (Sun Microsystems, Inc.)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05] (<TOSHIBA>)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-11-03] (Google Inc.)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2014-11-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2014-11-03] (Google Inc.)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\royskopovf\AppData\Roaming\Mozilla\Firefox\Profiles\ubwc2jjw.default
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-28] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2014-11-03] ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.8\\npsitesafety.dll [No File]
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-03-15] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-28] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-26] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\royskopovf\AppData\Roaming\Mozilla\Firefox\Profiles\ubwc2jjw.default\searchplugins\avg-secure-search.xml [2016-03-10]
FF Extension: AVG Web TuneUp - C:\Users\royskopovf\AppData\Roaming\Mozilla\Firefox\Profiles\ubwc2jjw.default\Extensions\avg@toolbar.xpi [2016-03-10]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found

Chrome:
=======
CHR Profile: C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-15]
CHR Extension: (Google Docs) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-15]
CHR Extension: (Google Drive) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-15]
CHR Extension: (YouTube) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-15]
CHR Extension: (Google Sheets) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-15]
CHR Extension: (Google Docs Offline) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2016-03-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-15]
CHR Extension: (Gmail) - C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-15]
CHR HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

===================== Drivers (Whitelisted) ==========================

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 10:43 - 2016-03-23 10:43 - 00022126 _____ C:\Users\royskopovf\Downloads\FRST.txt
2016-03-23 10:43 - 2016-03-23 10:43 - 00000000 ____D C:\FRST
2016-03-23 10:42 - 2016-03-23 10:43 - 02374144 _____ (Farbar) C:\Users\royskopovf\Downloads\FRST64.exe
2016-03-23 10:37 - 2016-03-23 10:37 - 00000020 ___SH C:\Users\TEMP\ntuser.ini
2016-03-23 10:37 - 2016-03-23 10:37 - 00000000 _SHDL C:\Users\TEMP\My Documents
2016-03-23 10:37 - 2016-03-23 10:37 - 00000000 _SHDL C:\Users\TEMP\Documents\My Videos
2016-03-23 10:37 - 2016-03-23 10:37 - 00000000 _SHDL C:\Users\TEMP\Documents\My Pictures
2016-03-23 10:37 - 2016-03-23 10:37 - 00000000 _SHDL C:\Users\TEMP\Documents\My Music
2016-03-23 10:37 - 2016-03-23 10:37 - 00000000 ____D C:\Users\TEMP
2016-03-23 10:37 - 2016-03-15 15:37 - 00002075 _____ C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-23 10:37 - 2016-02-11 15:35 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\TuneUp Software
2016-03-23 10:37 - 2011-04-06 22:53 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Macromedia
2016-03-23 10:37 - 2010-11-21 03:16 - 00000000 ____D C:\Users\TEMP\AppData\Roaming\Media Center Programs
2016-03-23 10:35 - 2016-03-23 10:39 - 01650730 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_10.35.20_log.txt
2016-03-23 10:31 - 2016-03-23 10:32 - 00004482 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_10.31.18_log.txt
2016-03-22 23:02 - 2016-03-23 10:31 - 00606904 _____ C:\windows\ntbtlog.txt
2016-03-21 21:11 - 2016-03-21 21:11 - 00285142 _____ C:\Users\royskopovf\Downloads\Candito Linear Program (2).pdf
2016-03-21 20:50 - 2016-03-21 20:50 - 03929825 _____ C:\Users\royskopovf\Downloads\ProgrammingToWin.zip
2016-03-19 18:46 - 2016-03-19 18:48 - 00000000 ___RD C:\Users\royskopovf\Google Drive
2016-03-19 18:46 - 2016-03-19 18:46 - 00001721 _____ C:\Users\royskopovf\Desktop\Google Drive.lnk
2016-03-19 18:41 - 2016-03-19 18:41 - 00002013 _____ C:\Users\Public\Desktop\Google Slides.lnk
2016-03-19 18:41 - 2016-03-19 18:41 - 00002011 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2016-03-19 18:41 - 2016-03-19 18:41 - 00002001 _____ C:\Users\Public\Desktop\Google Docs.lnk
2016-03-19 18:41 - 2016-03-19 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-03-19 18:38 - 2016-03-19 18:38 - 00987728 _____ (Google Inc.) C:\Users\royskopovf\Downloads\googledrivesync.exe
2016-03-19 12:04 - 2016-03-19 12:04 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\Prodiance
2016-03-16 15:10 - 2016-03-17 11:46 - 00534752 _____ C:\Users\royskopovf\AppData\Local\GDIPFONTCACHEV1.DAT
2016-03-16 09:30 - 2016-03-16 09:30 - 00002762 _____ C:\windows\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2016-03-16 09:25 - 2016-03-16 09:25 - 00000000 ____D C:\Users\royskopovf\AppData\Local\GWX
2016-03-15 21:45 - 2016-03-15 21:47 - 06452752 _____ C:\windows\system32\FNTCACHE.DAT
2016-03-15 21:24 - 2016-03-15 21:24 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Avg2014
2016-03-15 20:49 - 2016-03-15 20:49 - 00002186 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014.lnk
2016-03-15 20:49 - 2016-03-15 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp 2014
2016-03-15 20:49 - 2013-10-08 13:46 - 00040248 _____ (AVG) C:\windows\system32\TURegOpt.exe
2016-03-15 20:49 - 2013-10-08 13:46 - 00029496 _____ (AVG) C:\windows\system32\authuitu.dll
2016-03-15 20:49 - 2013-10-08 13:46 - 00025400 _____ (AVG) C:\windows\SysWOW64\authuitu.dll
2016-03-15 20:44 - 2016-03-15 21:26 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2016-03-15 18:48 - 2016-03-15 19:03 - 00000000 ___SD C:\windows\system32\GWX
2016-03-15 18:48 - 2016-03-15 18:48 - 00000000 ___SD C:\windows\SysWOW64\GWX
2016-03-15 18:44 - 2016-03-15 18:44 - 00000000 ___SD C:\windows\system32\CompatTel
2016-03-15 18:44 - 2016-03-15 18:44 - 00000000 ____D C:\windows\system32\appraiser
2016-03-15 17:15 - 2015-01-08 19:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2016-03-15 17:15 - 2015-01-08 19:43 - 00419936 _____ C:\windows\system32\locale.nls
2016-03-15 17:05 - 2015-07-30 09:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-15 17:05 - 2015-07-30 09:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-15 15:54 - 2016-03-15 15:54 - 00000000 ____D C:\ProgramData\KMSAuto
2016-03-15 15:54 - 2014-08-08 12:31 - 00027136 _____ (The OpenVPN Project) C:\windows\system32\Drivers\ptun0901.sys
2016-03-15 15:50 - 2016-03-15 15:58 - 00000000 ____D C:\Users\royskopovf\AppData\Local\MSfree Inc
2016-03-15 15:37 - 2016-03-15 15:37 - 00002192 _____ C:\Users\royskopovf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-15 15:37 - 2016-03-15 15:37 - 00002075 _____ C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-15 15:37 - 2016-03-15 15:37 - 00002075 _____ C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-03-15 15:37 - 2016-03-15 15:37 - 00000000 ___RD C:\Users\royskopovf\OneDrive
2016-03-15 15:37 - 2016-03-15 15:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-03-15 15:37 - 2016-03-15 15:37 - 00000000 ____D C:\Program Files (x86)\Microsoft OneDrive
2016-03-15 15:26 - 2016-03-15 15:26 - 00002392 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk
2016-03-15 15:26 - 2016-03-15 15:26 - 00002387 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-03-15 15:25 - 2016-03-15 15:25 - 00002428 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk
2016-03-15 15:25 - 2016-03-15 15:25 - 00002386 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-03-15 15:25 - 2016-03-15 15:25 - 00002343 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-03-15 15:25 - 2016-03-15 15:25 - 00002337 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-03-15 15:25 - 2016-03-15 15:25 - 00002329 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-03-15 15:24 - 2016-03-15 15:24 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-03-15 15:24 - 2016-03-15 15:24 - 00002349 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-03-15 15:24 - 2016-03-15 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2016-03-15 15:22 - 2016-03-15 21:12 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-03-15 15:19 - 2016-03-15 21:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-03-15 15:19 - 2016-03-15 15:19 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-03-15 15:01 - 2016-03-15 15:01 - 00002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-15 15:01 - 2016-03-15 15:01 - 00002230 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-15 15:00 - 2016-03-23 10:34 - 00000902 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-15 15:00 - 2016-03-22 22:05 - 00000906 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-15 15:00 - 2016-03-15 15:00 - 00003902 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-15 15:00 - 2016-03-15 15:00 - 00003650 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-15 14:58 - 2016-03-15 14:58 - 00987728 _____ (Google Inc.) C:\Users\royskopovf\Downloads\ChromeSetup(1).exe
2016-03-15 14:43 - 2015-01-08 23:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2016-03-15 14:43 - 2015-01-08 23:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2016-03-15 14:43 - 2015-01-08 23:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2016-03-15 14:43 - 2015-01-08 22:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2016-03-15 14:34 - 2016-03-15 14:34 - 00000000 ____D C:\ProgramData\Doctor Web
2016-03-15 14:31 - 2016-02-12 14:52 - 03169792 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2016-03-15 14:31 - 2016-02-12 14:52 - 00192512 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2016-03-15 14:31 - 2016-02-12 14:52 - 00098816 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2016-03-15 14:31 - 2016-02-12 14:44 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2016-03-15 14:31 - 2016-02-12 14:39 - 00174080 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2016-03-15 14:31 - 2016-02-12 14:22 - 02610688 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2016-03-15 14:31 - 2016-02-12 14:19 - 00709120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2016-03-15 14:31 - 2016-02-12 14:18 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2016-03-15 14:31 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2016-03-15 14:31 - 2016-02-12 14:18 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2016-03-15 14:31 - 2016-02-12 14:18 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2016-03-15 14:31 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2016-03-15 14:31 - 2016-02-12 14:06 - 00573440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2016-03-15 14:31 - 2016-02-12 14:05 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2016-03-15 14:31 - 2016-02-12 14:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2016-03-15 14:31 - 2016-02-12 14:05 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2016-03-15 14:31 - 2014-12-06 00:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2016-03-15 14:31 - 2014-12-05 23:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2016-03-15 14:31 - 2014-12-05 23:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2016-03-15 14:31 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2016-03-15 14:31 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2016-03-15 14:31 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2016-03-15 14:31 - 2014-07-08 22:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2016-03-15 14:31 - 2014-07-08 22:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2016-03-15 14:31 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2016-03-15 14:31 - 2014-07-08 21:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2016-03-15 14:31 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2016-03-15 14:31 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2016-03-15 14:31 - 2014-07-08 21:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2016-03-15 14:30 - 2016-02-09 02:53 - 00387792 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2016-03-15 14:30 - 2016-02-09 02:10 - 00341200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2016-03-15 14:30 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2016-03-15 14:30 - 2016-02-08 16:51 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2016-03-15 14:30 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2016-03-15 14:30 - 2016-02-08 16:39 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2016-03-15 14:30 - 2016-02-08 16:38 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2016-03-15 14:30 - 2016-02-08 16:38 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2016-03-15 14:30 - 2016-02-08 16:37 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2016-03-15 14:30 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2016-03-15 14:30 - 2016-02-08 16:32 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2016-03-15 14:30 - 2016-02-08 16:31 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2016-03-15 14:30 - 2016-02-08 16:30 - 00476160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2016-03-15 14:30 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2016-03-15 14:30 - 2016-02-08 16:28 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2016-03-15 14:30 - 2016-02-08 16:28 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2016-03-15 14:30 - 2016-02-08 16:20 - 00416256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2016-03-15 14:30 - 2016-02-08 16:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-03-15 14:30 - 2016-02-08 16:15 - 00091136 _____ (Microsoft Corporation) C:\windows\SysWOW64\inseng.dll
2016-03-15 14:30 - 2016-02-08 16:13 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2016-03-15 14:30 - 2016-02-08 16:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2016-03-15 14:30 - 2016-02-08 16:11 - 00279040 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2016-03-15 14:30 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2016-03-15 14:30 - 2016-02-08 16:10 - 00130048 _____ (Microsoft Corporation) C:\windows\SysWOW64\occache.dll
2016-03-15 14:30 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2016-03-15 14:30 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\windows\SysWOW64\webcheck.dll
2016-03-15 14:30 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2016-03-15 14:30 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2016-03-15 14:30 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2016-03-15 14:30 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2016-03-15 14:30 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2016-03-15 14:30 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2016-03-15 14:30 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2016-03-15 14:30 - 2016-02-08 14:41 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2016-03-15 14:30 - 2016-02-08 14:41 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2016-03-15 14:30 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2016-03-15 14:30 - 2016-02-08 14:27 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2016-03-15 14:30 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2016-03-15 14:30 - 2016-02-08 14:26 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2016-03-15 14:30 - 2016-02-08 14:26 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2016-03-15 14:30 - 2016-02-08 14:26 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2016-03-15 14:30 - 2016-02-08 14:19 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2016-03-15 14:30 - 2016-02-08 14:18 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2016-03-15 14:30 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2016-03-15 14:30 - 2016-02-08 14:15 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2016-03-15 14:30 - 2016-02-08 14:14 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2016-03-15 14:30 - 2016-02-08 14:14 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2016-03-15 14:30 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2016-03-15 14:30 - 2016-02-08 14:13 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2016-03-15 14:30 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2016-03-15 14:30 - 2016-02-08 14:03 - 00489984 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2016-03-15 14:30 - 2016-02-08 13:55 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2016-03-15 14:30 - 2016-02-08 13:54 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\inseng.dll
2016-03-15 14:30 - 2016-02-08 13:52 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2016-03-15 14:30 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2016-03-15 14:30 - 2016-02-08 13:49 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2016-03-15 14:30 - 2016-02-08 13:47 - 00152064 _____ (Microsoft Corporation) C:\windows\system32\occache.dll
2016-03-15 14:30 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\windows\system32\webcheck.dll
2016-03-15 14:30 - 2016-02-08 13:35 - 00718336 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2016-03-15 14:30 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2016-03-15 14:30 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2016-03-15 14:30 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2016-03-15 14:30 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2016-03-15 14:30 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2016-03-15 14:30 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2016-03-15 14:30 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2016-03-15 14:30 - 2015-11-05 15:05 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wshrm.dll
2016-03-15 14:30 - 2015-11-05 15:02 - 00014848 _____ (Microsoft Corporation) C:\windows\SysWOW64\wshrm.dll
2016-03-15 14:30 - 2015-11-05 05:53 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rmcast.sys
2016-03-15 14:30 - 2015-02-02 23:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2016-03-15 14:30 - 2015-02-02 23:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2016-03-15 14:29 - 2016-02-05 14:54 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2016-03-15 14:29 - 2016-02-05 14:54 - 00041472 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2016-03-15 14:29 - 2016-02-05 14:53 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2016-03-15 14:29 - 2016-02-05 14:53 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2016-03-15 14:29 - 2016-02-05 14:50 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2016-03-15 14:29 - 2016-02-05 14:44 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2016-03-15 14:29 - 2016-02-05 14:42 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2016-03-15 14:29 - 2016-02-05 13:48 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2016-03-15 14:29 - 2016-02-05 13:43 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2016-03-15 14:29 - 2016-02-05 13:43 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2016-03-15 14:29 - 2015-12-08 17:52 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2016-03-15 14:29 - 2015-12-08 15:07 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2016-03-15 14:29 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapistub.dll
2016-03-15 14:29 - 2015-11-13 19:09 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\mapi32.dll
2016-03-15 14:29 - 2015-11-13 19:08 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\fixmapi.exe
2016-03-15 14:29 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapistub.dll
2016-03-15 14:29 - 2015-11-13 18:50 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mapi32.dll
2016-03-15 14:29 - 2015-11-13 18:49 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\fixmapi.exe
2016-03-15 14:29 - 2015-11-03 15:04 - 00241664 _____ (Microsoft Corporation) C:\windows\system32\els.dll
2016-03-15 14:29 - 2015-11-03 14:55 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\els.dll
2016-03-15 14:29 - 2015-07-16 15:12 - 06131200 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2016-03-15 14:29 - 2015-07-16 15:12 - 00856064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2016-03-15 14:29 - 2015-07-16 15:12 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2016-03-15 14:29 - 2015-07-16 15:11 - 07077376 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2016-03-15 14:29 - 2015-07-16 15:11 - 01057792 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2016-03-15 14:29 - 2015-07-16 15:11 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2016-03-15 14:29 - 2015-07-11 09:15 - 00429568 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2016-03-15 14:29 - 2015-06-01 20:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2016-03-15 14:29 - 2015-06-01 19:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2016-03-15 14:29 - 2015-04-17 23:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2016-03-15 14:29 - 2015-04-17 22:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2016-03-15 14:29 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2016-03-15 14:29 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2016-03-15 14:29 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2016-03-15 14:29 - 2014-12-07 23:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2016-03-15 14:29 - 2014-12-07 22:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2016-03-15 14:28 - 2016-01-06 15:02 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2016-03-15 14:28 - 2016-01-06 15:02 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2016-03-15 14:28 - 2016-01-06 14:41 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2016-03-15 14:28 - 2015-11-05 15:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2016-03-15 14:28 - 2015-11-05 15:00 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2016-03-15 14:28 - 2015-08-05 13:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2016-03-15 14:28 - 2015-07-15 14:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2016-03-15 14:28 - 2015-07-15 14:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2016-03-15 14:28 - 2015-07-15 14:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2016-03-15 14:28 - 2015-05-25 14:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2016-03-15 14:28 - 2015-05-25 14:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2016-03-15 14:28 - 2015-05-25 14:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2016-03-15 14:28 - 2015-05-25 14:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2016-03-15 14:28 - 2015-05-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2016-03-15 14:28 - 2015-05-25 14:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2016-03-15 14:28 - 2015-05-25 14:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2016-03-15 14:28 - 2015-05-25 14:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2016-03-15 14:28 - 2015-05-25 14:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2016-03-15 14:28 - 2015-05-25 14:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2016-03-15 14:28 - 2015-05-25 14:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2016-03-15 14:28 - 2015-05-25 14:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2016-03-15 14:28 - 2015-04-12 23:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2016-03-15 14:27 - 2015-11-19 10:07 - 00994760 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00922432 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-15 14:27 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-15 14:27 - 2015-11-03 15:04 - 00802304 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2016-03-15 14:27 - 2015-11-03 14:56 - 00627712 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2016-03-15 14:27 - 2015-02-02 23:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2016-03-15 14:27 - 2015-02-02 23:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2016-03-15 14:27 - 2015-02-02 23:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2016-03-15 14:27 - 2015-02-02 23:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2016-03-15 14:27 - 2015-02-02 23:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2016-03-15 14:27 - 2015-02-02 23:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2016-03-15 14:27 - 2015-02-02 23:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2016-03-15 14:27 - 2015-02-02 23:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2016-03-15 14:26 - 2016-02-19 15:02 - 00038336 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2016-03-15 14:26 - 2016-02-19 14:54 - 01168896 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2016-03-15 14:26 - 2016-02-19 10:07 - 01373184 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2016-03-15 14:26 - 2016-02-11 10:07 - 00689152 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2016-03-15 14:26 - 2016-02-05 10:07 - 00696832 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2016-03-15 14:26 - 2016-02-05 10:07 - 00499200 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2016-03-15 14:26 - 2016-02-05 10:07 - 00076800 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2016-03-15 14:26 - 2016-02-04 13:52 - 03211264 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2016-03-15 14:26 - 2015-11-16 16:17 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2016-03-15 14:26 - 2015-07-14 23:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2016-03-15 14:26 - 2015-07-09 13:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2016-03-15 14:26 - 2015-07-09 13:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2016-03-15 14:26 - 2015-07-09 13:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2016-03-15 14:26 - 2015-07-09 13:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2016-03-15 14:26 - 2015-06-03 16:16 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2016-03-15 14:26 - 2014-12-18 23:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2016-03-15 14:24 - 2016-02-03 14:58 - 00862208 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2016-03-15 14:24 - 2016-02-03 14:52 - 00084992 _____ (Microsoft Corporation) C:\windows\system32\asycfilt.dll
2016-03-15 14:24 - 2016-02-03 14:49 - 00572416 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2016-03-15 14:24 - 2016-02-03 14:43 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\asycfilt.dll
2016-03-15 14:24 - 2016-02-03 14:07 - 00091648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2016-03-15 14:24 - 2016-01-11 15:11 - 01684416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2016-03-15 14:24 - 2016-01-07 13:42 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2016-03-15 14:24 - 2015-11-10 14:55 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2016-03-15 14:24 - 2015-11-10 14:55 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2016-03-15 14:24 - 2015-11-10 14:55 - 01008640 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2016-03-15 14:24 - 2015-11-10 14:39 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2016-03-15 14:24 - 2015-11-10 14:37 - 00833024 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2016-03-15 14:24 - 2015-07-01 16:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2016-03-15 14:24 - 2015-07-01 16:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2016-03-15 14:24 - 2015-07-01 16:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2016-03-15 14:24 - 2015-07-01 16:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2016-03-15 14:24 - 2015-04-24 14:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2016-03-15 14:24 - 2015-04-24 13:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2016-03-15 14:24 - 2015-02-03 23:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2016-03-15 14:24 - 2015-02-03 22:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2016-03-15 14:24 - 2015-01-28 23:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2016-03-15 14:24 - 2015-01-28 23:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2016-03-15 14:24 - 2012-02-11 02:36 - 00559104 _____ (Microsoft Corporation) C:\windows\system32\spoolsv.exe
2016-03-15 14:24 - 2012-02-11 02:36 - 00067072 _____ (Microsoft Corporation) C:\windows\splwow64.exe
2016-03-15 14:23 - 2015-04-27 15:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2016-03-15 14:23 - 2015-04-27 15:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2016-03-15 14:23 - 2015-04-27 15:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2016-03-15 14:23 - 2015-04-27 15:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2016-03-15 14:23 - 2015-04-27 15:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2016-03-15 14:23 - 2015-04-27 15:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2016-03-15 14:23 - 2015-04-27 15:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2016-03-15 14:23 - 2015-04-27 15:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2016-03-15 14:22 - 2016-02-11 14:56 - 05572032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2016-03-15 14:22 - 2016-02-11 14:56 - 00154560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2016-03-15 14:22 - 2016-02-11 14:56 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2016-03-15 14:22 - 2016-02-11 14:52 - 01733592 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00028672 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2016-03-15 14:22 - 2016-02-11 14:49 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2016-03-15 14:22 - 2016-02-11 14:48 - 01214464 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2016-03-15 14:22 - 2016-02-11 14:48 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2016-03-15 14:22 - 2016-02-11 14:48 - 00344064 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2016-03-15 14:22 - 2016-02-11 14:48 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2016-03-15 14:22 - 2016-02-11 14:48 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2016-03-15 14:22 - 2016-02-11 14:47 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2016-03-15 14:22 - 2016-02-11 14:45 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2016-03-15 14:22 - 2016-02-11 14:45 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2016-03-15 14:22 - 2016-02-11 14:45 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2016-03-15 14:22 - 2016-02-11 14:45 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2016-03-15 14:22 - 2016-02-11 14:44 - 03994560 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2016-03-15 14:22 - 2016-02-11 14:44 - 03938240 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2016-03-15 14:22 - 2016-02-11 14:44 - 01461248 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2016-03-15 14:22 - 2016-02-11 14:44 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2016-03-15 14:22 - 2016-02-11 14:44 - 00730112 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2016-03-15 14:22 - 2016-02-11 14:44 - 00422400 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2016-03-15 14:22 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2016-03-15 14:22 - 2016-02-11 14:42 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2016-03-15 14:22 - 2016-02-11 14:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 01314328 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00880128 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:41 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00275456 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2016-03-15 14:22 - 2016-02-11 14:38 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2016-03-15 14:22 - 2016-02-11 14:37 - 00251392 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2016-03-15 14:22 - 2016-02-11 14:37 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2016-03-15 14:22 - 2016-02-11 14:37 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2016-03-15 14:22 - 2016-02-11 14:35 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2016-03-15 14:22 - 2016-02-11 14:35 - 00223232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2016-03-15 14:22 - 2016-02-11 14:35 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2016-03-15 14:22 - 2016-02-11 14:34 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2016-03-15 14:22 - 2016-02-11 14:33 - 00553472 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2016-03-15 14:22 - 2016-02-11 14:31 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00642560 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 14:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 13:48 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2016-03-15 14:22 - 2016-02-11 13:43 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2016-03-15 14:22 - 2016-02-11 13:41 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2016-03-15 14:22 - 2016-02-11 13:40 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2016-03-15 14:22 - 2016-02-11 13:34 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2016-03-15 14:22 - 2016-02-11 13:34 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2016-03-15 14:22 - 2016-02-11 13:33 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2016-03-15 14:22 - 2016-02-11 13:32 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2016-03-15 14:22 - 2016-02-11 13:32 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2016-03-15 14:22 - 2016-02-11 13:32 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2016-03-15 14:22 - 2016-02-11 13:32 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2016-03-15 14:22 - 2016-02-11 13:32 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2016-03-15 14:22 - 2016-02-11 13:32 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2016-03-15 14:22 - 2016-02-11 13:31 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2016-03-15 14:22 - 2016-02-11 13:30 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 13:30 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 13:30 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-03-15 14:22 - 2016-02-11 13:30 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-03-15 14:22 - 2015-11-11 14:53 - 01735680 _____ (Microsoft Corporation) C:\windows\system32\comsvcs.dll
2016-03-15 14:22 - 2015-11-11 14:53 - 00525312 _____ (Microsoft Corporation) C:\windows\system32\catsrvut.dll
2016-03-15 14:22 - 2015-11-11 14:39 - 01242624 _____ (Microsoft Corporation) C:\windows\SysWOW64\comsvcs.dll
2016-03-15 14:22 - 2015-11-11 14:39 - 00487936 _____ (Microsoft Corporation) C:\windows\SysWOW64\catsrvut.dll
2016-03-15 14:22 - 2015-10-01 14:06 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2016-03-15 14:22 - 2015-10-01 14:04 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2016-03-15 14:22 - 2015-10-01 14:00 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2016-03-15 14:22 - 2015-10-01 14:00 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2016-03-15 14:22 - 2015-10-01 14:00 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2016-03-15 14:22 - 2015-10-01 14:00 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2016-03-15 14:22 - 2015-10-01 14:00 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2016-03-15 14:22 - 2015-10-01 13:50 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2016-03-15 14:22 - 2015-10-01 13:00 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2016-03-15 14:22 - 2015-06-03 16:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2016-03-15 14:22 - 2015-06-03 16:16 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2016-03-15 14:22 - 2015-06-03 16:16 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2016-03-15 14:21 - 2016-02-04 21:19 - 00381440 _____ (Microsoft Corporation) C:\windows\system32\mfds.dll
2016-03-15 14:21 - 2016-02-04 14:41 - 00296448 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfds.dll
2016-03-15 14:21 - 2015-12-20 14:50 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2016-03-15 14:21 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2016-03-15 14:21 - 2015-12-20 10:08 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2016-03-15 14:21 - 2015-10-13 12:41 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2016-03-15 14:21 - 2015-10-13 12:40 - 00118272 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2016-03-15 14:21 - 2015-07-30 14:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2016-03-15 14:21 - 2015-07-30 13:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2016-03-15 14:21 - 2015-06-15 17:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2016-03-15 14:21 - 2015-06-15 17:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2016-03-15 14:21 - 2015-06-15 17:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2016-03-15 14:21 - 2015-06-15 17:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2016-03-15 14:21 - 2015-06-15 17:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2016-03-15 14:21 - 2015-06-15 17:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2016-03-15 14:21 - 2015-06-15 17:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2016-03-15 14:21 - 2015-06-15 17:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2016-03-15 14:20 - 2015-10-29 13:50 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2016-03-15 14:20 - 2015-10-29 13:50 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2016-03-15 14:20 - 2015-10-29 13:50 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2016-03-15 14:20 - 2015-10-29 13:50 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2016-03-15 14:20 - 2015-10-29 13:50 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2016-03-15 14:20 - 2015-10-29 13:49 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2016-03-15 14:20 - 2015-10-29 13:49 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2016-03-15 14:20 - 2015-07-22 20:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2016-03-15 14:20 - 2015-07-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2016-03-15 14:20 - 2015-07-22 13:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2016-03-15 14:20 - 2015-07-22 12:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2016-03-15 14:20 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2016-03-15 14:20 - 2015-07-09 13:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2016-03-15 14:20 - 2015-07-09 13:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2016-03-15 14:19 - 2015-12-08 17:53 - 00509952 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2016-03-15 14:19 - 2015-12-08 15:07 - 00624640 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2016-03-15 14:19 - 2015-06-25 06:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2016-03-15 14:19 - 2015-06-25 06:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2016-03-15 14:19 - 2014-12-11 13:47 - 00087040 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2016-03-15 14:18 - 2016-02-09 05:55 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\seclogon.dll
2016-03-15 14:18 - 2015-12-08 17:54 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2016-03-15 14:18 - 2015-12-08 17:54 - 01620992 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 01568768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVENCOD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 01325056 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOE.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00902144 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00815616 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMADMOE.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00740352 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmpmde.dll
2016-03-15 14:18 - 2015-12-08 17:54 - 00739328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMSPDMOD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVXENCD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00541184 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSDECD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00358400 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVSENCD.DLL
2016-03-15 14:18 - 2015-12-08 17:54 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\VIDRESZR.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00970240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2adec.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00829952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPEG2ENC.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00609280 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFWMAAEC.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00415744 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MPG4DECD.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00241152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP43DECD.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\RESAMPLEDMO.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\qasf.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00193536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksproxy.ax
2016-03-15 14:18 - 2015-12-08 17:53 - 00153600 _____ (Microsoft Corporation) C:\windows\SysWOW64\COLORCNV.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00079872 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP3DMOD.DLL
2016-03-15 14:18 - 2015-12-08 17:53 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\devenum.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfvdsp.dll
2016-03-15 14:18 - 2015-12-08 17:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2016-03-15 14:18 - 2015-12-08 17:53 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2016-03-15 14:18 - 2015-12-08 17:53 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\ksuser.dll
2016-03-15 14:18 - 2015-12-08 17:50 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 01955328 _____ (Microsoft Corporation) C:\windows\system32\WMVENCOD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01888768 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01575424 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOE.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01573888 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 01393152 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 01307136 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2adec.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 01232896 _____ (Microsoft Corporation) C:\windows\system32\WMADMOD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\MSMPEG2ENC.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01153024 _____ (Microsoft Corporation) C:\windows\system32\WMADMOE.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 01026048 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 01010688 _____ (Microsoft Corporation) C:\windows\system32\mcmde.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00978944 _____ (Microsoft Corporation) C:\windows\system32\WMSPDMOD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\WMVSDECD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00653824 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00642048 _____ (Microsoft Corporation) C:\windows\system32\WMVXENCD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00632320 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\MFWMAAEC.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\WMVSENCD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00378880 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00292352 _____ (Microsoft Corporation) C:\windows\system32\VIDRESZR.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00254464 _____ (Microsoft Corporation) C:\windows\system32\qasf.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00225792 _____ (Microsoft Corporation) C:\windows\system32\RESAMPLEDMO.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00224768 _____ (Microsoft Corporation) C:\windows\system32\MPG4DECD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00223744 _____ (Microsoft Corporation) C:\windows\system32\MP43DECD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00189952 _____ (Microsoft Corporation) C:\windows\system32\COLORCNV.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\MP3DMOD.DLL
2016-03-15 14:18 - 2015-12-08 15:07 - 00076288 _____ (Microsoft Corporation) C:\windows\system32\devenum.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\mfvdsp.dll
2016-03-15 14:18 - 2015-12-08 15:07 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2016-03-15 14:18 - 2015-12-08 15:07 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\ksuser.dll
2016-03-15 14:18 - 2015-12-08 15:06 - 00250880 _____ (Microsoft Corporation) C:\windows\system32\ksproxy.ax
2016-03-15 14:18 - 2015-12-08 15:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2016-03-15 14:18 - 2015-12-08 15:04 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2016-03-15 14:18 - 2015-12-08 14:54 - 00116736 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2016-03-15 14:18 - 2015-12-08 14:12 - 00230400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2016-03-15 14:18 - 2015-12-08 14:11 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2016-03-15 14:18 - 2015-02-18 03:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2016-03-15 14:18 - 2015-02-18 03:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2016-03-15 14:17 - 2016-01-16 15:01 - 02085888 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2016-03-15 14:17 - 2016-01-16 14:36 - 01413632 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2016-03-15 14:17 - 2015-08-27 14:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2016-03-15 14:17 - 2015-08-27 14:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2016-03-15 14:17 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2016-03-15 14:17 - 2015-08-27 14:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2016-03-15 14:17 - 2015-08-27 13:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2016-03-15 14:17 - 2015-08-27 13:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2016-03-15 14:17 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2016-03-15 14:17 - 2015-08-27 13:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2016-03-15 14:17 - 2015-04-10 23:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2016-03-15 14:17 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2016-03-15 14:16 - 2016-01-22 02:19 - 14179840 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2016-03-15 14:16 - 2016-01-22 02:18 - 00961024 _____ (Microsoft Corporation) C:\windows\system32\CPFilters.dll
2016-03-15 14:16 - 2016-01-22 02:18 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\EncDec.dll
2016-03-15 14:16 - 2016-01-22 02:17 - 00159744 _____ (Microsoft Corporation) C:\windows\system32\mtxoci.dll
2016-03-15 14:16 - 2016-01-22 02:04 - 00642048 _____ (Microsoft Corporation) C:\windows\SysWOW64\CPFilters.dll
2016-03-15 14:16 - 2016-01-22 02:04 - 00535040 _____ (Microsoft Corporation) C:\windows\SysWOW64\EncDec.dll
2016-03-15 14:16 - 2016-01-22 02:02 - 00176128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msorcl32.dll
2016-03-15 14:16 - 2016-01-22 02:02 - 00114176 _____ (Microsoft Corporation) C:\windows\SysWOW64\mtxoci.dll
2016-03-15 14:16 - 2015-09-23 09:15 - 00460776 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2016-03-15 14:16 - 2015-09-23 09:15 - 00299632 _____ (Microsoft Corporation) C:\windows\system32\bcryptprimitives.dll
2016-03-15 14:16 - 2015-09-23 09:09 - 00251000 _____ (Microsoft Corporation) C:\windows\SysWOW64\bcryptprimitives.dll
2016-03-15 14:16 - 2015-01-16 22:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2016-03-15 14:16 - 2015-01-16 22:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2016-03-15 14:16 - 2014-10-29 22:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2016-03-15 14:16 - 2014-10-29 21:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2016-03-15 14:16 - 2014-10-02 22:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2016-03-15 14:16 - 2014-10-02 22:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2016-03-15 14:16 - 2014-10-02 22:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2016-03-15 14:16 - 2014-10-02 22:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2016-03-15 14:16 - 2014-10-02 22:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2016-03-15 14:16 - 2014-10-02 21:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2016-03-15 14:16 - 2014-10-02 21:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2016-03-15 14:16 - 2014-10-02 21:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2016-03-15 14:16 - 2014-10-02 21:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2016-03-15 14:16 - 2014-10-02 21:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2016-03-15 14:15 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2016-03-15 14:15 - 2016-02-09 05:57 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2016-03-15 14:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2016-03-15 14:15 - 2016-02-09 05:56 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2016-03-15 14:15 - 2016-02-09 05:54 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2016-03-15 14:15 - 2016-02-09 05:51 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2016-03-15 14:15 - 2016-02-09 05:51 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2016-03-15 14:15 - 2016-02-09 05:13 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2016-03-15 14:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2016-03-15 14:15 - 2016-02-09 05:13 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2016-03-15 14:15 - 2016-01-22 02:15 - 01866752 _____ (Microsoft Corporation) C:\windows\system32\ExplorerFrame.dll
2016-03-15 14:15 - 2016-01-22 02:12 - 01940992 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2016-03-15 14:15 - 2016-01-22 02:05 - 12877824 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2016-03-15 14:15 - 2016-01-22 02:00 - 01498624 _____ (Microsoft Corporation) C:\windows\SysWOW64\ExplorerFrame.dll
2016-03-15 14:15 - 2016-01-22 01:59 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2016-03-15 14:15 - 2016-01-22 01:19 - 03231232 _____ (Microsoft Corporation) C:\windows\explorer.exe
2016-03-15 14:15 - 2016-01-22 01:12 - 02973184 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2016-03-15 14:15 - 2015-10-13 00:57 - 00950720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2016-03-15 14:15 - 2015-02-02 23:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2016-03-15 14:15 - 2015-02-02 23:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2016-03-15 14:14 - 2011-03-11 02:41 - 00410496 _____ (Intel Corporation) C:\windows\system32\Drivers\iaStorV.sys
2016-03-15 14:14 - 2011-03-11 02:41 - 00166272 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvstor.sys
2016-03-15 14:14 - 2011-03-11 02:41 - 00148352 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvraid.sys
2016-03-15 14:14 - 2011-03-11 02:41 - 00107904 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdsata.sys
2016-03-15 14:14 - 2011-03-11 02:41 - 00027008 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\amdxata.sys
2016-03-15 14:14 - 2011-03-11 02:33 - 02565632 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2016-03-15 14:14 - 2011-03-11 02:30 - 00096768 _____ (Microsoft Corporation) C:\windows\system32\fsutil.exe
2016-03-15 14:14 - 2011-03-11 01:33 - 01699328 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2016-03-15 14:14 - 2011-03-11 01:31 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\fsutil.exe
2016-03-15 13:02 - 2016-03-15 13:02 - 00001819 _____ C:\Users\royskopovf\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-15 13:02 - 2016-03-15 13:02 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\SUPERAntiSpyware.com
2016-03-15 13:02 - 2016-03-15 13:02 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-15 13:02 - 2016-03-15 13:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-15 13:02 - 2016-03-15 13:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-15 13:00 - 2016-03-15 13:23 - 450303240 _____ (Doctor Web, Ltd.) C:\Users\royskopovf\Downloads\drweb-11.0-ss-win.exe
2016-03-15 13:00 - 2016-03-15 13:01 - 25001888 _____ (SUPERAntiSpyware) C:\Users\royskopovf\Downloads\SUPERAntiSpyware(1).exe
2016-03-15 13:00 - 2016-03-15 13:00 - 25001888 _____ (SUPERAntiSpyware) C:\Users\royskopovf\Downloads\SUPERAntiSpyware.exe
2016-03-15 12:55 - 2016-03-15 13:00 - 00229026 _____ C:\TDSSKiller.3.1.0.9_15.03.2016_12.55.21_log.txt
2016-03-10 22:38 - 2009-06-10 17:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20160310-223842.backup
2016-03-10 22:13 - 2016-03-10 22:13 - 00001899 _____ C:\Users\Public\Desktop\Battery Check Utility.lnk
2016-03-10 19:47 - 2016-03-10 19:47 - 00000000 ____D C:\Users\royskopovf\Documents\ProcAlyzer Dumps
2016-03-10 18:14 - 2016-03-15 18:54 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2016-03-10 18:14 - 2016-03-10 18:15 - 00000000 ____D C:\Users\royskopovf\AppData\Local\AVG Web TuneUp
2016-03-10 18:14 - 2016-03-10 18:15 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-03-10 18:14 - 2016-03-10 18:14 - 00000000 ____D C:\ProgramData\AVG Secure Search
2016-03-10 18:14 - 2016-03-10 18:14 - 00000000 ____D C:\Program Files\Common Files\AVG Secure Search
2016-03-10 18:14 - 2016-03-10 18:14 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-03-10 18:11 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-03-10 18:05 - 2016-03-10 22:28 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-10 18:05 - 2016-03-10 18:11 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-10 18:05 - 2016-03-10 18:05 - 00001366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-03-10 18:05 - 2016-03-10 18:05 - 00001354 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-03-10 18:05 - 2016-03-10 18:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-03-10 18:05 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2016-03-10 18:03 - 2016-03-10 18:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\royskopovf\Downloads\spybot-2.4.exe
2016-03-08 20:50 - 2016-03-15 21:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-08 19:05 - 2016-03-08 19:06 - 00024688 _____ C:\windows\system32\Drivers\TrueSight.sys
2016-03-08 19:04 - 2016-03-08 19:07 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-08 19:01 - 2016-03-08 19:01 - 19476552 _____ C:\Users\royskopovf\Downloads\RogueKiller.exe
2016-03-08 19:01 - 2016-03-08 19:01 - 01524224 _____ C:\Users\royskopovf\Downloads\AdwCleaner.exe
2016-03-08 18:48 - 2016-03-10 17:55 - 00000000 ____D C:\Users\royskopovf\Desktop\HWLS
2016-03-08 18:47 - 2016-03-08 18:47 - 00025961 _____ C:\Users\royskopovf\Desktop\dds.txt
2016-03-08 18:47 - 2016-03-08 18:47 - 00016943 _____ C:\Users\royskopovf\Desktop\attach.txt
2016-03-08 18:45 - 2016-03-08 18:48 - 00438702 _____ C:\TDSSKiller.3.1.0.9_08.03.2016_18.45.18_log.txt
2016-03-08 18:41 - 2016-03-08 18:41 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\royskopovf\Downloads\tdsskiller.exe
2016-03-08 18:40 - 2016-03-08 18:40 - 00688992 ____R (Swearware) C:\Users\royskopovf\Downloads\dds.scr
2016-03-08 18:39 - 2016-03-15 20:48 - 00002320 _____ C:\Users\royskopovf\Desktop\Rkill.txt
2016-03-08 18:39 - 2016-03-15 20:41 - 00000000 ____D C:\Users\royskopovf\Desktop\rkill
2016-03-08 18:39 - 2016-03-08 18:39 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\royskopovf\Downloads\rkill.com
2016-03-08 18:35 - 2016-03-08 18:35 - 00000000 __SHD C:\Users\royskopovf\AppData\LocalLow\EmieUserList
2016-03-08 18:35 - 2016-03-08 18:35 - 00000000 __SHD C:\Users\royskopovf\AppData\LocalLow\EmieSiteList
2016-03-08 18:35 - 2016-03-08 18:35 - 00000000 __SHD C:\Users\royskopovf\AppData\LocalLow\EmieBrowserModeList
2016-03-08 18:17 - 2016-03-08 18:17 - 00000000 ____D C:\Users\royskopovf\Desktop\mbar
2016-03-08 15:29 - 2016-03-08 18:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-08 15:04 - 2016-03-22 23:04 - 00192216 _____ (Malwarebytes) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-08 15:04 - 2016-03-08 18:53 - 00109272 _____ (Malwarebytes) C:\windows\system32\Drivers\mbamchameleon.sys
2016-03-08 15:04 - 2016-03-08 15:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-08 15:04 - 2016-03-08 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-08 15:04 - 2016-03-08 15:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-08 15:04 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2016-03-08 15:04 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\windows\system32\Drivers\mbam.sys
2016-03-07 11:55 - 2016-03-07 11:55 - 00193160 _____ C:\Users\royskopovf\Desktop\GENERAL INSTRUCTUIONS YEAR 1.pdf
2016-03-06 20:30 - 2016-03-06 20:30 - 00042496 _____ C:\Users\royskopovf\Desktop\invoice-template.xls
2016-03-06 20:22 - 2016-03-06 20:22 - 00014031 _____ C:\Users\royskopovf\Desktop\Simple-Quotation-Template.xlsx
2016-03-02 10:21 - 2016-03-02 10:21 - 00269232 _____ (AVG Technologies CZ, s.r.o.) C:\windows\system32\Drivers\avgmfx64.sys
2016-03-01 16:36 - 2016-03-01 16:36 - 80403322 _____ C:\Users\royskopovf\Desktop\warby parker tryonm.psd
2016-03-01 15:34 - 2016-03-02 13:03 - 00000000 ____D C:\Users\royskopovf\Documents\Glasses
2016-02-25 17:51 - 2016-03-08 15:34 - 00000000 ____D C:\Users\royskopovf\Documents\.android
2016-02-23 09:42 - 2016-02-23 09:42 - 01414707 _____ C:\ProgramData\SPL3CA9.tmp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-23 10:35 - 2015-12-07 09:52 - 00000000 ____D C:\ProgramData\MFAData
2016-03-23 10:33 - 2009-07-14 01:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2016-03-22 22:07 - 2009-07-14 00:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-22 22:07 - 2009-07-14 00:45 - 00025120 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-22 11:39 - 2014-11-03 20:03 - 00000000 ____D C:\Users\UpdatusUser
2016-03-22 10:44 - 2014-11-03 17:35 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\BitTorrent
2016-03-21 21:23 - 2015-04-17 00:30 - 00000000 ____D C:\Users\royskopovf\Documents\Knowledge
2016-03-21 13:17 - 2014-11-04 09:01 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Adobe
2016-03-20 16:13 - 2014-11-05 01:09 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\vlc
2016-03-20 12:53 - 2009-07-14 01:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2016-03-20 12:53 - 2009-07-13 23:20 - 00000000 ____D C:\windows\inf
2016-03-19 18:46 - 2014-11-03 16:53 - 00000000 ____D C:\Users\royskopovf
2016-03-19 18:44 - 2015-09-08 15:37 - 00000000 ____D C:\Users\royskopovf\Documents\Mobo
2016-03-19 18:44 - 2015-09-08 15:37 - 00000000 ____D C:\Program Files (x86)\Mobo
2016-03-19 18:41 - 2014-11-03 20:20 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-19 18:41 - 2014-11-03 17:00 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Google
2016-03-19 10:52 - 2015-09-08 16:12 - 00000000 ____D C:\Program Files (x86)\Sony
2016-03-19 10:49 - 2014-11-03 20:14 - 00000000 ____D C:\Users\royskopovf\AppData\Local\CrashDumps
2016-03-18 12:10 - 2015-09-01 15:17 - 00000000 ____D C:\Users\royskopovf\Documents\HWLS 2015
2016-03-17 11:56 - 2014-11-26 14:20 - 00000000 ____D C:\ProgramData\Lx_cats
2016-03-17 11:38 - 2014-11-03 16:54 - 00000000 ____D C:\Users\royskopovf\AppData\Local\VirtualStore
2016-03-16 12:41 - 2014-11-03 17:58 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Apps\2.0
2016-03-16 03:28 - 2009-07-13 23:20 - 00000000 ____D C:\windows\AppCompat
2016-03-16 02:32 - 2009-07-13 23:20 - 00000000 ____D C:\windows\rescache
2016-03-15 21:26 - 2015-03-08 23:02 - 00000000 ____D C:\windows\Minidump
2016-03-15 21:26 - 2015-01-09 14:59 - 00000000 __HDC C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E}
2016-03-15 21:26 - 2015-01-09 14:51 - 00000000 __HDC C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7}
2016-03-15 21:26 - 2014-11-19 23:04 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Microsoft Help
2016-03-15 21:26 - 2014-11-12 18:07 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Downloaded Installations
2016-03-15 21:26 - 2011-04-07 15:13 - 00000000 ____D C:\windows\Panther
2016-03-15 21:22 - 2015-01-09 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2016-03-15 21:22 - 2015-01-09 14:51 - 00000000 ____D C:\Program Files\Native Instruments
2016-03-15 21:22 - 2015-01-09 14:51 - 00000000 ____D C:\Program Files\Common Files\Native Instruments
2016-03-15 21:15 - 2014-11-19 11:41 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-15 21:11 - 2016-01-03 21:15 - 00000000 ____D C:\Users\royskopovf\AppData\Local\Sony
2016-03-15 21:10 - 2011-04-06 22:53 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-15 21:07 - 2014-11-04 09:16 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-15 21:00 - 2014-11-17 18:18 - 00000000 ____D C:\Program Files (x86)\NCH Software
2016-03-15 20:59 - 2014-11-19 11:15 - 00000000 ____D C:\Program Files (x86)\iExplorer
2016-03-15 20:53 - 2015-12-07 09:49 - 00000000 ____D C:\ProgramData\Avg
2016-03-15 20:52 - 2015-12-07 09:57 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\TuneUp Software
2016-03-15 20:49 - 2015-12-07 09:58 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\AVG
2016-03-15 20:49 - 2015-12-07 09:51 - 00000000 ____D C:\Program Files (x86)\AVG
2016-03-15 18:48 - 2010-11-21 03:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-15 18:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2016-03-15 18:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\Dism
2016-03-15 18:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2016-03-15 18:48 - 2009-07-13 23:20 - 00000000 ____D C:\windows\PolicyDefinitions
2016-03-15 18:47 - 2009-07-13 23:20 - 00000000 ____D C:\windows\tracing
2016-03-15 18:40 - 2014-12-05 13:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-15 18:40 - 2014-12-05 13:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-15 17:08 - 2014-12-05 13:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-15 16:50 - 2014-11-03 21:06 - 00765732 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2016-03-15 16:11 - 2014-11-03 19:10 - 00000000 ____D C:\windows\system32\MRT
2016-03-15 16:06 - 2014-11-03 19:09 - 143659408 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2016-03-15 15:22 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-03-15 15:17 - 2014-11-19 23:04 - 00000000 ____D C:\Program Files\Microsoft Office
2016-03-15 15:16 - 2010-11-21 03:16 - 00000000 ____D C:\windows\ShellNew
2016-03-15 15:15 - 2009-07-13 23:20 - 00000000 ____D C:\Program Files\Common Files\System
2016-03-15 15:15 - 2009-07-13 22:34 - 00000387 _____ C:\windows\win.ini
2016-03-15 11:00 - 2015-12-07 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-03-10 22:13 - 2014-11-03 16:55 - 00000000 ____D C:\Users\royskopovf\AppData\Local\TOSHIBA
2016-03-10 22:13 - 2011-04-06 22:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba
2016-03-10 22:13 - 2011-04-06 22:53 - 00000000 ____D C:\Program Files\TOSHIBA
2016-03-10 22:13 - 2011-04-06 22:53 - 00000000 ____D C:\Program Files (x86)\Toshiba
2016-03-10 18:21 - 2014-11-03 19:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-03-10 18:17 - 2009-07-14 01:08 - 00032638 _____ C:\windows\Tasks\SCHEDLGU.TXT
2016-03-10 18:11 - 2015-06-29 23:17 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-08 15:34 - 2014-11-04 17:42 - 00000000 ____D C:\Users\royskopovf\AppData\Roaming\Winamp
2016-03-08 15:34 - 2009-07-13 23:20 - 00000000 ____D C:\windows\registration
2016-03-04 13:49 - 2015-09-28 13:26 - 00000000 ____D C:\Users\royskopovf\Documents\Documents II

==================== Files in the root of some directories =======

2015-01-11 15:51 - 2015-01-11 16:05 - 0000132 _____ () C:\Users\royskopovf\AppData\Roaming\Adobe PNG Format CC Prefs
2014-11-03 18:10 - 2014-11-03 18:10 - 0000017 _____ () C:\Users\royskopovf\AppData\Local\resmon.resmoncfg
2015-02-19 14:24 - 2015-02-19 14:21 - 6921257 _____ () C:\Users\royskopovf\AppData\Local\temporaryImage.jpg
2015-02-19 14:24 - 2015-02-19 14:28 - 0161593 _____ () C:\Users\royskopovf\AppData\Local\temporaryImageNew.jpg
2014-11-03 17:15 - 2014-11-03 17:15 - 2158047 _____ () C:\ProgramData\1415048995.bdinstall.bin
2015-12-07 09:47 - 2015-12-07 09:47 - 0262772 _____ () C:\ProgramData\1449495949.bdinstall.bin
2015-01-28 11:27 - 2015-01-28 11:27 - 0000000 _____ () C:\ProgramData\cmn_upld.log
2014-11-26 14:21 - 2014-11-26 14:21 - 0000252 _____ () C:\ProgramData\FastPics.log
2014-11-28 08:50 - 2016-03-19 13:22 - 0053844 _____ () C:\ProgramData\lxea.log
2014-12-04 23:49 - 2014-12-04 23:49 - 0000248 _____ () C:\ProgramData\lxeaDiagnostics.log
2014-11-26 14:39 - 2015-01-28 11:27 - 0008370 _____ () C:\ProgramData\lxeaJSW.log
2014-11-26 14:18 - 2016-03-23 10:35 - 0050512 _____ () C:\ProgramData\lxeascan.log
2015-01-28 11:27 - 2015-01-28 11:27 - 0000000 _____ () C:\ProgramData\LxWbGwLog.log
2015-10-30 14:55 - 2015-10-30 14:55 - 16614433 _____ () C:\ProgramData\SPL269E.tmp
2016-02-23 09:42 - 2016-02-23 09:42 - 1414707 _____ () C:\ProgramData\SPL3CA9.tmp
2016-02-10 15:09 - 2016-02-10 15:09 - 3654180 _____ () C:\ProgramData\SPL4106.tmp
2016-02-10 15:12 - 2016-02-10 15:12 - 3654180 _____ () C:\ProgramData\SPL72EF.tmp
2015-11-24 09:59 - 2015-11-24 09:59 - 5432309 _____ () C:\ProgramData\SPL7FEB.tmp
2015-11-11 10:21 - 2015-11-11 10:21 - 1867889 _____ () C:\ProgramData\SPL8C14.tmp
2014-11-26 14:46 - 2014-11-26 14:46 - 0029884 _____ () C:\ProgramData\SPLCA35.tmp
2015-08-28 11:35 - 2015-08-28 11:35 - 0109742 _____ () C:\ProgramData\SPLE74F.tmp
2015-04-21 01:21 - 2015-04-21 01:21 - 0204156 _____ () C:\ProgramData\SPLFA26.tmp
2014-11-26 14:17 - 2014-11-26 14:17 - 0000000 _____ () C:\ProgramData\UpdaterLog.txt

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-20 12:46

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by royskopovf (2016-03-23 10:45:03)
Running from C:\Users\royskopovf\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2014-11-03 20:53:10)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3676230593-1286861617-2207823701-500 - Administrator - Disabled)
Guest (S-1-5-21-3676230593-1286861617-2207823701-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3676230593-1286861617-2207823701-1003 - Limited - Enabled)
royskopovf (S-1-5-21-3676230593-1286861617-2207823701-1001 - Administrator - Enabled) => C:\Users\royskopovf
UpdatusUser (S-1-5-21-3676230593-1286861617-2207823701-1000 - Limited - Enabled) => C:\Users\TEMP

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.2.152.32 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.6 64-bit (HKLM\...\{D19E99C2-6D9D-4075-B446-B4387EAF70A5}) (Version: 5.6.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.15) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.15 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{C5815ACF-FD34-4553-8A22-C7411B7E662B}) (Version: 4.1.1 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{CBF12D2F-CF64-4CB7-858B-2C1F21068E5F}) (Version: 4.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AVG (HKLM\...\AvgZen) (Version: 1.41.1.56922 - AVG Technologies)
AVG (Version: 16.51.7497 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4545 - AVG Technologies) Hidden
AVG PC TuneUp 2014 (en-GB) (x32 Version: 14.0.1001.204 - AVG) Hidden
AVG PC TuneUp 2014 (HKLM-x32\...\AVG PC TuneUp) (Version: 14.0.1001.204 - AVG)
AVG PC TuneUp 2014 (x32 Version: 14.0.1001.204 - AVG) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.51.7497 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.8.608 - AVG Technologies)
AVG Zen (Version: 1.41.29 - AVG Technologies) Hidden
BitTorrent (HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\BitTorrent) (Version: 7.9.5.41713 - BitTorrent Inc.)
BlackBerry Desktop Software 4.5 (HKLM-x32\...\BlackBerry_{2D963679-1FC7-4E13-9A81-343F6F49BCC4}) (Version: 4.5.0.13 - Research In Motion Ltd.)
BlackBerry Desktop Software 4.5 (x32 Version: 4.5.0.13 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CPUID CPU-Z 1.71 (HKLM\...\CPUID CPU-Z_is1) (Version: - )
CyberLink PowerDirector 12 (Version: 12.0.2109.0 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.7.0.31 - DivX, LLC)
ENE CIR Receiver Driver (HKLM\...\2C293EC1A06665BB961CBA4EC7AFF4BF2BEAD042) (Version: 2.7.4.1 - ENE)
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
f.lux (HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\Flux) (Version: - )
FilmConvert Pro 2.1 AE (HKLM\...\{CC62E726-2E52-4E16-9AF5-8991119A3667}) (Version: 2.12 - Rubber Monkey Software)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Drive (HKLM-x32\...\{895D0391-459F-4D45-B8DD-13F0DE70C66E}) (Version: 1.28.1549.1322 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoPro Hero3 Camera Pack (HKLM-x32\...\{3DF21A51-BAEA-4F04-9342-74400718A2F5}) (Version: 1.00.0000 - Rubber Monkey Software)
GoPro Studio 2.5.2 (HKLM-x32\...\GoPro Studio) (Version: 2.5.2 - GoPro, Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{1927E640-A2C6-4BA7-8F43-FFD2AE3DFCF3}) (Version: 14.0.2000 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel® Wireless Display (HKLM-x32\...\{626663EE-B9E6-4982-995F-02C31E84F8FC}) (Version: 2.0.29.0 - Intel Corporation)
Java™ 6 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216020FF}) (Version: 6.0.200 - Sun Microsystems, Inc.)
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.57.2 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Lexmark S300-S400 Series (HKLM\...\Lexmark S300-S400 Series) (Version: - Lexmark International, Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Media Go Network Downloader (HKLM-x32\...\{C52148B9-19E0-433A-9422-3451B1BEE20F}) (Version: 1.6.01.0 - Sony)
Media Go Video Playback Engine 2.20.103.05220 (HKLM-x32\...\{17BC85C9-EA45-84A7-F4DB-C0D63BBE98DE}) (Version: 2.20.103.05220 - Sony)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.6568.2036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\OneDriveSetup.exe) (Version: 17.3.4604.0120 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 43.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.1 (x86 en-US)) (Version: 43.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.1.5828 - Mozilla)
MultiBackground (HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\14e316675dbb2d4e) (Version: 0.1.1.2 - MultiBackground - Diamag.Net)
NewBlue Video Essentials for PowerDirector (HKLM\...\NewBlue Video Essentials for Cyberlink) (Version: 3.0 - NewBlue)
NVIDIA 3D Vision Controller Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 267.44 - NVIDIA Corporation)
NVIDIA Graphics Driver 267.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.44 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
proDAD ProDRENALIN 1.0 (64bit) (HKLM\...\proDAD-ProDRENALIN-1.0) (Version: 1.0.22.1 - proDAD GmbH)
RE:Vision Effects Twixtor AE (HKLM\...\Twixtor AE 6.1.0_is1) (Version: 6.1.0 - Team V.R)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6305 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
Switch Sound File Converter (HKLM-x32\...\Switch) (Version: 4.65 - NCH Software)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.7 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.24.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}) (Version: 1.63.1.34C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.1.12 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.8 - TOSHIBA Corporation)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.6.1 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.5.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.1.52 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.6.08-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBA Wireless Display Monitor (HKLM-x32\...\{617773AE-ADBA-4479-BB04-65FE7758B35C}) (Version: 1.0.1 - TOSHIBA CORPORATION)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Utility Common Driver (x32 Version: 1.0.52.2C - TOSHIBA) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
Windows Driver Package - Google, Inc. (WinUSB) AndroidUsbDeviceClass (08/28/2014 11.0.0000.00000) (HKLM\...\092555911492C6959D2596D612F52DCA71881CA2) (Version: 08/28/2014 11.0.0000.00000 - Google, Inc.)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012 - GoPro)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 5.20 beta 3 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.3 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {238CC21C-C7EF-4F98-B94D-B3959939467E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-03-02] (Microsoft Corporation)
Task: {26838323-8389-4999-ABB1-B377261774F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {6DDEC552-54F0-416F-BE13-02FF543A15CC} - System32\Tasks\AdobeAAMUpdater-1.0-royskopovf-PC-royskopovf => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {8671F309-0BF3-4927-B573-9F02EEA5613C} - System32\Tasks\TOSHIBA Wireless Display Monitor => C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe [2010-12-25] (TOSHIBA CORPORATION)
Task: {B584E29B-3D1C-4EC3-9E21-0BBDD1145BA7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {B897CD51-A552-4BDE-B3B3-BB26A3546C43} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe [2013-10-08] (AVG)
Task: {C37752C1-ECBA-470A-BC9E-7E800545A14B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-15] (Google Inc.)
Task: {C71F3B33-7C69-4D92-90F7-25851F7C64EF} - System32\Tasks\Bitdefender Update Product Data_A17FD818A96743FAB28AC221BEB4B2C8 => C:\Program Files\Bitdefender\Bitdefender 2015\bdproductdata.exe
Task: {F25882EB-8302-4332-8244-0E3E3777789E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-03-02] (Microsoft Corporation)
Task: {F68F68AE-62A1-4043-BB52-4BB3B87360BC} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FD9A7427-1D20-4EAE-8F59-F0E992B02FA4} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-03-10 18:14 - 2016-03-10 18:13 - 01216584 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2011-01-05 16:53 - 2011-01-05 16:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-11-26 14:19 - 2009-11-04 08:17 - 00189440 _____ () C:\windows\system32\spool\PRTPROCS\x64\lxeadrpp.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-11-20 14:57 - 2015-11-20 14:57 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-03-15 15:19 - 2016-02-28 02:20 - 00173248 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-03-15 20:54 - 2016-02-28 06:22 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2013-10-08 13:47 - 2013-10-08 13:47 - 00757048 _____ () C:\Program Files (x86)\AVG\AVG PC TuneUp\avgrepliba.dll
2016-03-15 15:54 - 2015-01-29 06:14 - 00010752 _____ () C:\ProgramData\KMSAuto\bin\TunMirror.exe
2016-03-10 18:14 - 2016-03-10 18:13 - 00192584 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\loggingserver.exe
2011-04-04 23:18 - 2011-04-04 23:18 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-11-26 14:17 - 2013-01-23 13:43 - 00772712 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeamon.exe
2014-11-26 14:17 - 2013-01-23 13:43 - 00150264 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\ezprint.exe
2010-12-08 19:42 - 2010-12-08 19:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2016-03-10 18:05 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-03-10 18:05 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-03-10 18:05 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-03-10 18:05 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-03-10 18:05 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-03-10 18:14 - 2016-03-10 18:13 - 00533576 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.2.8\log4cplusU.dll
2014-11-26 14:17 - 2010-04-01 12:23 - 00389120 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeascw.dll
2014-11-26 14:17 - 2009-05-27 07:16 - 00192512 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeadatr.dll
2014-11-26 14:17 - 2010-04-01 12:24 - 01159168 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaDRS.dll
2014-11-26 14:17 - 2009-03-10 00:43 - 00155648 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeacaps.dll
2014-11-26 14:17 - 2009-02-20 03:48 - 00381440 _____ () C:\windows\system32\lxeasm.dll
2014-11-26 14:17 - 2009-02-20 03:48 - 00023552 _____ () C:\windows\system32\lxeasmr.dll
2014-11-26 14:17 - 2010-04-05 05:56 - 00716954 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epwizard.DLL
2014-11-26 14:17 - 2010-04-05 05:55 - 00159890 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\customui.dll
2014-11-26 14:17 - 2010-04-05 05:54 - 00123033 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Eputil.DLL
2014-11-26 14:17 - 2010-04-05 05:54 - 00143502 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Imagutil.DLL
2014-11-26 14:17 - 2010-04-05 05:55 - 00061604 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\Epfunct.DLL
2014-11-26 14:17 - 2010-04-05 05:56 - 02203803 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPWizRes.dll
2014-11-26 14:17 - 2010-04-05 05:56 - 00045221 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\epstring.dll
2014-11-26 14:17 - 2010-04-05 05:56 - 00094359 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\EPOEMDll.dll
2014-11-26 14:17 - 2009-04-07 14:25 - 00409600 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\iptk.dll
2014-11-26 14:17 - 2009-03-02 09:25 - 00151552 _____ () C:\Program Files (x86)\Lexmark S300-S400 Series\lxeaptp.dll
2015-12-07 09:51 - 2015-12-07 09:50 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2016-03-15 20:53 - 2016-02-28 06:04 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-03-15 15:01 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-15 15:01 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-15 19:44 - 2016-03-08 12:16 - 17541312 _____ () C:\Users\royskopovf\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll
2013-12-12 22:47 - 2013-12-12 22:47 - 00333824 _____ () C:\Program Files (x86)\Winamp\Plugins\freeform\wacs\freetype\freetype.wac

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:054203E4 [302]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\37789752.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\37789752.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.

IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\123simsen.com -> www.123simsen.com

There are 7873 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-03-10 22:38 - 00451027 ___RA C:\windows\system32\Drivers\etc\hosts

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com

There are 15473 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\royskopovf\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 200.1.104.36 - 200.1.104.35
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{96247CC5-0180-4F04-8AE1-824E548E2FDF}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{BF529BB5-7AAA-434D-A712-5D3A59CC4F2E}] => (Allow) LPort=2869
FirewallRules: [{C7CA1415-4D87-41BC-A543-082151FEB4FA}] => (Allow) LPort=1900
FirewallRules: [{085A606D-2493-4E5D-A2DB-7B941DD0E38C}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FBD9E162-AD74-4FF8-A548-BDA8BA6C5B23}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{1A7B9CD2-F82A-4631-A1A6-C8652044DF91}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{B9C8CB9F-08C4-41BD-9D42-65BFAC31211A}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{C4EB7136-5749-4045-8421-7795E4A7A7EE}] => (Allow) C:\Program Files (x86)\Intel Corporation\Intel Wireless Display\WiDiApp.exe
FirewallRules: [{FABECE2B-E7F1-4C39-9092-35D912F5CB82}] => (Allow) C:\Users\royskopovf\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{4792F6EC-E075-4F22-9A32-F0CDA11CF1F5}] => (Allow) C:\Users\royskopovf\AppData\Roaming\BitTorrent\BitTorrent.exe
FirewallRules: [{CB66A073-142A-4E32-94F7-B7FC001AACB1}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{07F6EB00-3752-4FB7-BAFE-26A99C32737F}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{8CDF29EF-56B5-477C-8D30-872921C75605}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{DE52CAF9-332C-4CDB-97F7-6FB0EA91C876}] => (Allow) C:\windows\system32\lxeacoms.exe
FirewallRules: [{8B8A235C-C2A7-4C0B-9C32-BB9DEB128177}] => (Allow) C:\windows\system32\LXEAcoms.exe
FirewallRules: [{32E79BCA-A976-43D2-BE2F-547B0740F38C}] => (Allow) C:\windows\system32\LXEAcoms.exe
FirewallRules: [{D066892C-5C77-41C7-B663-759881234ECE}] => (Allow) C:\windows\system32\LXEAcoms.exe
FirewallRules: [{887B5C79-77B1-4A59-906E-9458177A7C2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{04DAD6BC-3CED-489E-B664-0584997D06D2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F3C7E3A4-21C6-4434-AEBA-FB91F1CEB539}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{7C41B33D-2200-4E6B-B82B-839CE21AE9F9}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{D0D8D6AA-0607-4032-93C8-F68B3D1D440C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0B6B25AC-AC17-4018-B3E9-85A4DB6BE782}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{0E4B8D35-ABFC-43B5-8224-B55615F09FAF}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{39B1C975-90B9-492C-85DA-3820C3AD79E0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{0CE2C9C8-8E6E-466A-BBF0-57769F2E01A3}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [UDP Query User{0765753C-0CA1-4890-A271-CC4602F26565}C:\program files (x86)\java\jre6\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre6\bin\javaw.exe
FirewallRules: [{790FF0C4-3EC4-4509-91A2-16AEF7E21431}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{53226437-9F71-4E11-BBA3-A18D2A8F9842}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{443D829D-704A-4544-A338-25B12C59ADAF}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{44D79ABF-4027-43C5-8121-D5F1239C8F2E}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{75CF4E82-2633-4D57-8BEA-E7C63BD52555}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{45967918-01A1-44AE-9B17-B9B6EDA66A2D}] => (Allow) C:\Users\royskopovf\AppData\Local\Microsoft\OneDrive\OneDrive.exe
FirewallRules: [{33B9BBB6-8453-48CD-B226-05F076E7CA9D}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{10C7B2E4-3107-4EAF-989D-7F59B2027BF0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{6F409436-A8AB-4DC8-8769-3EFA79F4FDE6}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

16-03-2016 23:03:18 Windows Update
19-03-2016 10:51:21 Removed Media Go
22-03-2016 10:45:07 Windows Update

==================== Faulty Device Manager Devices =============

Name: Synaptics PS/2 Port TouchPad
Description: Synaptics PS/2 Port TouchPad
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Synaptics
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2016 10:37:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1511) (User: royskopovf-PC)
Description: Windows cannot find the local profile and is logging you on with a temporary profile. Changes you make to this profile will be lost when you log off.

Error: (03/23/2016 10:37:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1515) (User: royskopovf-PC)
Description: Windows has backed up this user profile. Windows will automatically try to use the backup profile the next time this user logs on.

Error: (03/23/2016 10:37:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1502) (User: royskopovf-PC)
Description: Windows cannot load the locally stored profile. Possible causes of this error include insufficient security rights or a corrupt local profile.

DETAIL - The process cannot access the file because it is being used by another process.

Error: (03/23/2016 10:37:17 AM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

DETAIL - The process cannot access the file because it is being used by another process.
for C:\Users\UpdatusUser\ntuser.dat

Error: (03/23/2016 10:35:14 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/23/2016 10:29:17 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2016 11:03:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2016 10:54:19 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-04-14T19:58:19Z. Error Code: 0x80041321.

Error: (03/22/2016 08:29:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/22/2016 12:02:19 PM) (Source: Office Software Protection Platform Service) (EventID: 16385) (User: )
Description: Failed to schedule Software Protection service for re-start at 2016-04-14T19:58:19Z. Error Code: 0x80041321.


System errors:
=============
Error: (03/23/2016 10:35:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (03/23/2016 10:34:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The lxeaCATSCustConnectService service failed to start due to the following error:
%%1053

Error: (03/23/2016 10:34:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the lxeaCATSCustConnectService service to connect.

Error: (03/23/2016 10:30:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:43 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:27 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/23/2016 10:30:13 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:
%%1068


CodeIntegrity:
===================================
Date: 2015-05-17 23:05:40.313
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\nvoptimusmft.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™ i5-2410M CPU @ 2.30GHz
Percentage of memory in use: 44%
Total physical RAM: 6051.77 MB
Available physical RAM: 3350.09 MB
Total Virtual: 12101.74 MB
Available Virtual: 9200.48 MB

==================== Drives ================================

Drive c: (TI106151W0F) (Fixed) (Total:256 GB) (Free:147.2 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Disk Drive) (Fixed) (Total:427.05 GB) (Free:90.26 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 698.6 GB) (Disk ID: EE7821DC)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=256 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=427.1 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 23 March 2016 - 08:35 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 23 March 2016 - 08:48 PM

Greetings Raphael and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\MountPoints2: {0c771490-7a49-11e5-baad-eef5bfbd60eb} - F:\LaunchU3.exe -a
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> {F07AAC44-5426-4415-A0D8-A5205C9D501B} URL =
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
2016-03-15 20:44 - 2016-03-15 21:26 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2016-02-23 09:42 - 2016-02-23 09:42 - 01414707 _____ C:\ProgramData\SPL3CA9.tmp
2015-10-30 14:55 - 2015-10-30 14:55 - 16614433 _____ () C:\ProgramData\SPL269E.tmp
2016-02-23 09:42 - 2016-02-23 09:42 - 1414707 _____ () C:\ProgramData\SPL3CA9.tmp
2016-02-10 15:09 - 2016-02-10 15:09 - 3654180 _____ () C:\ProgramData\SPL4106.tmp
2016-02-10 15:12 - 2016-02-10 15:12 - 3654180 _____ () C:\ProgramData\SPL72EF.tmp
2015-11-24 09:59 - 2015-11-24 09:59 - 5432309 _____ () C:\ProgramData\SPL7FEB.tmp
2015-11-11 10:21 - 2015-11-11 10:21 - 1867889 _____ () C:\ProgramData\SPL8C14.tmp
2014-11-26 14:46 - 2014-11-26 14:46 - 0029884 _____ () C:\ProgramData\SPLCA35.tmp
2015-08-28 11:35 - 2015-08-28 11:35 - 0109742 _____ () C:\ProgramData\SPLE74F.tmp
2015-04-21 01:21 - 2015-04-21 01:21 - 0204156 _____ () C:\ProgramData\SPLFA26.tmp
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed youi will see Pending. Please check elements you don't want to remove above the progress bar
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner.txt
===================================================

Junkware Removal Tool

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • AdwCleaner log
  • Junkware log
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 24 March 2016 - 10:06 AM

Hello Oh My,

 

Thanks for the quick response! I've ran all the tools and pasted the logs / attached the system summary. 

 

Computer behaviour:

 

The number of processes in task manager seems to have been greatly reduced. However, the same thing happens when I open the picture as before. 

 

Thanks,

 

Raphael

 

 

 

 

FIXLOG.TXT

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by royskopovf (2016-03-24 10:33:28) Run:1
Running from C:\Users\royskopovf\Desktop
Loaded Profiles: royskopovf (Available Profiles: UpdatusUser & royskopovf)
Boot Mode: Safe Mode (with Networking)
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\...\MountPoints2: {0c771490-7a49-11e5-baad-eef5bfbd60eb} - F:\LaunchU3.exe -a
GroupPolicyScripts: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3676230593-1286861617-2207823701-1001 -> {F07AAC44-5426-4415-A0D8-A5205C9D501B} URL =
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff => not found
2016-03-15 20:44 - 2016-03-15 21:26 - 00000000 __SHD C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2016-02-23 09:42 - 2016-02-23 09:42 - 01414707 _____ C:\ProgramData\SPL3CA9.tmp
2015-10-30 14:55 - 2015-10-30 14:55 - 16614433 _____ () C:\ProgramData\SPL269E.tmp
2016-02-23 09:42 - 2016-02-23 09:42 - 1414707 _____ () C:\ProgramData\SPL3CA9.tmp
2016-02-10 15:09 - 2016-02-10 15:09 - 3654180 _____ () C:\ProgramData\SPL4106.tmp
2016-02-10 15:12 - 2016-02-10 15:12 - 3654180 _____ () C:\ProgramData\SPL72EF.tmp
2015-11-24 09:59 - 2015-11-24 09:59 - 5432309 _____ () C:\ProgramData\SPL7FEB.tmp
2015-11-11 10:21 - 2015-11-11 10:21 - 1867889 _____ () C:\ProgramData\SPL8C14.tmp
2014-11-26 14:46 - 2014-11-26 14:46 - 0029884 _____ () C:\ProgramData\SPLCA35.tmp
2015-08-28 11:35 - 2015-08-28 11:35 - 0109742 _____ () C:\ProgramData\SPLE74F.tmp
2015-04-21 01:21 - 2015-04-21 01:21 - 0204156 _____ () C:\ProgramData\SPLFA26.tmp
*****************
 
Error: Restore point can only be created in normal mode.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c771490-7a49-11e5-baad-eef5bfbd60eb}" => key removed successfully
HKCR\CLSID\{0c771490-7a49-11e5-baad-eef5bfbd60eb} => key not found. 
C:\windows\system32\GroupPolicy\Machine => moved successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => value restored successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
"HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{F07AAC44-5426-4415-A0D8-A5205C9D501B}" => key removed successfully
HKCR\CLSID\{F07AAC44-5426-4415-A0D8-A5205C9D501B} => key not found. 
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\bdwteff@bitdefender.com => value removed successfully
C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} => moved successfully
C:\ProgramData\SPL3CA9.tmp => moved successfully
C:\ProgramData\SPL269E.tmp => moved successfully
"C:\ProgramData\SPL3CA9.tmp" => not found.
C:\ProgramData\SPL4106.tmp => moved successfully
C:\ProgramData\SPL72EF.tmp => moved successfully
C:\ProgramData\SPL7FEB.tmp => moved successfully
C:\ProgramData\SPL8C14.tmp => moved successfully
C:\ProgramData\SPLCA35.tmp => moved successfully
C:\ProgramData\SPLE74F.tmp => moved successfully
C:\ProgramData\SPLFA26.tmp => moved successfully
 
 
The system needed a reboot.
 
==== End of Fixlog 10:33:28 ====
_________________________________________________________________________________________________________________
 
ADWCLEANER[C1].TXT
 
# AdwCleaner v5.105 - Logfile created 24/03/2016 at 10:40:50
# Updated 21/03/2016 by Xplode
# Database : 2016-03-24.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : royskopovf - ROYSKOPOVF-PC
# Running from : C:\Users\royskopovf\Downloads\AdwCleaner (1).exe
# Option : Clean
 
***** [ Services ] *****
 
[-] Service Deleted : WtuSystemSupport
[-] Service Deleted : vToolbarUpdater40.2.8
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files (x86)\avg web tuneup
[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\ProgramData\avg web tuneup
[-] Folder Deleted : C:\Users\royskopovf\AppData\Local\avg web tuneup
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\royskopovf\AppData\Roaming\Mozilla\Firefox\Profiles\ubwc2jjw.default\extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\royskopovf\AppData\Roaming\Mozilla\Firefox\Profiles\ubwc2jjw.default\searchplugins\avg-secure-search.xml
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.GenericWnd.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.NativeApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
[-] Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\WEBAPP
[-] Key Deleted : HKCU\Software\AVG Web TuneUp
[-] Key Deleted : HKLM\SOFTWARE\AVG Web TuneUp
[-] Key Deleted : HKLM\SOFTWARE\AVG Tuneup
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp
[-] Key Deleted : [x64] HKLM\SOFTWARE\AVG Web TuneUp
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Data Restored : HKU\S-1-5-21-3676230593-1286861617-2207823701-1001\Software\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\mysearch.avg.com
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [4746 bytes] - [24/03/2016 10:40:50]
C:\AdwCleaner\AdwCleaner[S1].txt - [5436 bytes] - [24/03/2016 10:38:51]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [4892 bytes] ##########
 
_________________________________________________________________________________________________________________
 
JRT.TXT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 7 Home Premium x64 
Ran by royskopovf (Administrator) on 24/03/2016 at 10:49:52.41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 22 
 
Failed to delete: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF9C9U91 (Temporary Internet Files Folder) 
Failed to delete: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXWRB05U (Temporary Internet Files Folder) 
Successfully deleted: C:\ProgramData\1415048995.bdinstall.bin (File) 
Successfully deleted: C:\ProgramData\1449495949.bdinstall.bin (File) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\{224FA1B0-FC7F-488E-B3CF-67F3D4B5A36A} (Empty Folder)
Successfully deleted: C:\Users\royskopovf\AppData\Local\{5AC793A6-0858-489C-B0EF-BE65947D6976} (Empty Folder)
Successfully deleted: C:\Users\royskopovf\AppData\Local\{F1CE946B-1EC1-4056-B573-EA7F27FD6633} (Empty Folder)
Successfully deleted: C:\windows\system32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 (Task)
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45VVB8NN (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL26RJKA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\royskopovf\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\45VVB8NN (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BL26RJKA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EF9C9U91 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LIXMVQOA (Temporary Internet Files Folder) 
Successfully deleted: C:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OXWRB05U (Temporary Internet Files Folder) 
 
 
 
Registry: 2 
 
Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} (Registry Key)
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/03/2016 at 10:53:58.95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 

Attached Files



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 24 March 2016 - 03:53 PM

Greetings Raphael,

Please do this.

===================================================

Using Low Resolution Video From Advanced Startup Options Screen - Windows 7/Vista

--------------------
  • Restart your computer
  • Press F8 until you are presented with the Advanced Startup Options menu
  • Using the down arrow select Enable low resolution video and press Enter
  • Check your photos
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#5 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 24 March 2016 - 08:31 PM

Oh My,

 

I tried it, there was no change in the behavior of the picture. To clarify, I have two photos in the general My Documents folder, both of which when opened cause the computer to temporarily freeze up like I described. This doesn't happen with any other image files on my computer. 

 

Raphael



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 24 March 2016 - 09:28 PM

Oh, I thought it was all photos. Please zip and upload the files here.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#7 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 26 March 2016 - 01:28 PM

Ok, so I tried to zip the pictures but here's what happened:

 

1st attempt -  went into my documents, highlighted both pictures, the window froze up and I couldn't close the process in explorer.  

 

2nd attempt - after restarting, I made a zip folder on the desktop, opened it, and clicked add - navigated to my documents, highlighted the pictures, clicked OK - nothing happens. 

 

3rd attempt - made a zip folder in my documents, highlighted one picture, tried to drag it onto the zip folder, window froze. 



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 26 March 2016 - 02:58 PM

Try to upload one of the files without zipping it.


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#9 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 26 March 2016 - 03:27 PM

After some trial and error, and the browser freezing up I managed to get it uploaded. 



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 26 March 2016 - 03:54 PM

I received the file, thank you. I can open it just fine.

Does your computer freeze without a browser being open?

Please do this.

===================================================

Modifying Default File Association

-------------------
  • Click Start, then Default Programs
  • Click Associate a file type or protocol with a program
  • Scroll down to .jpg and left click on the entry
  • Click Change program...
  • If available select Paint the click OK
  • If Paint is not available and there is another program listed select that
  • Attempt to open the 2 files you are currently unable to open
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Freezing other than browsers?
  • Can you open your pictures?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#11 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 26 March 2016 - 04:36 PM

1. Closed all programs - all browsers - tried opening picture, same thing, computer froze up, had to restart

2. Restarted, computer buggy again, clicked start menu, opened up but froze, computer froze

3. Restarted in safe mode, start > default programs> nothing happens

4. Instead i right clicked on a jpg file on my desktop > open with > choose default program > paint

5. Navigated to my documents, the my documents window froze then unfroze after a little while > opened picture in paint > took long to open, and was buggy but opened and closed without freezing totally.



#12 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 26 March 2016 - 04:53 PM

Ok the computer is totally frozen on startup now, as in I can move the mouse, the start menu will open and hang, and task manager doesn't open at all.

#13 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 26 March 2016 - 05:56 PM

I ran Rkill to at least get the computer usable again because I need it to do work. Here's the log:

 

RogueKiller V12.0.3.0 (x64) [Mar 21 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Safe mode with network support
User : royskopovf [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller64.exe
Mode : Scan -- Date : 03/26/2016 18:38:21

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 3 ¤¤¤
[Suspicious.Path|VT.Trojan.Win32.Generic!BT] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\TunMirror ("C:\ProgramData\KMSAuto\bin\TunMirror.exe") -> Found
[Suspicious.Path|VT.Trojan.Win32.Generic!BT] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TunMirror ("C:\ProgramData\KMSAuto\bin\TunMirror.exe") -> Found
[Suspicious.Path|VT.Trojan.Win32.Generic!BT] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\TunMirror ("C:\ProgramData\KMSAuto\bin\TunMirror.exe") -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 2 ¤¤¤
[PUP][Folder] C:\ProgramData\{0E511DF6-1923-4AF4-9BFD-A9426C94FCD7} -> Found
[PUP][Folder] C:\ProgramData\{E6BAC835-2683-4B88-A967-6EF6093B576E} -> Found

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000035f]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 +++++
--- User ---
[MBR] 9e302350660431042c0e1550ce1a55bb
[BSP] 49308e146b0f8fc9896831fa5c095149 : HP|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 3074048 | Size: 262144 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 539944960 | Size: 437300 MB
3 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 1435535360 | Size: 14459 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,394 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:16 AM

Posted 26 March 2016 - 07:31 PM

The Registry entries detected by Rkill are related to an unauthorized Microsoft Office program. It indicates you do not have a valid Product Key. Please uninstall Microsoft Office Professional Plus 2016 if you don't have a legal copy.

It is very possible what we are fighting is a hardware issue. I am going to provide 2 sets of instructions to test your hard drive. If the first one won't work try the second one.

===================================================

GSmartControl for Windows

-------------------
  • Download GSmartControl for Windows and save it to your desktop
  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply
===================================================

Seagate Seatools for DOS

----------
  • Please download SeaTools for DOS and create a bootable CD as instructed here and save it to your desktop
  • NOTE: If you have any difficulty booting up with this version, please use one of the legacy versions of SeaTools for DOS
  • If you do not have ISO burning software on your computer download and install Active@ ISO Burner then create a bootable disk with the downloaded file
  • Boot your computer using the CD you just created. If necessary see here for instructions about how to boot to CD
  • After the program loads click I Accept
  • Left Click on your hard drive listed under Drive List (if you have a Seagate hard drive take special note of the caution below)
  • Click Basic Tests, then select Long Test
  • Allow the process to run, which may take up to 3 hours, and report the findings in your reply
  • If the results indicate your hard drive failed the test and you have a Seagate hard drive installed DO NOT follow up on the suggestion to allow the program to attempt to resolve the issue. Doing so may cause permanent loss of data
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Drive test results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#15 royskopovf

royskopovf
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:16 AM

Posted 27 March 2016 - 10:01 AM

I didn't have any CD's available to make a boot CD, but I did make 3 bootable seatools flash drives, however, I couldn't get my computer to boot from any of them. 
 
So Installed Seatools for windows and did the long scan, which delivered a "fail". I couldn't find a log file to post.
 
 
Gsmart log:
 
smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-win7(64)-sp1] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Device Model:     Hitachi HTS547575A9E384
Serial Number:    110624J2740054C3251E
LU WWN Device Id: 5 000cca 63fc1653b
Firmware Version: JE4OA60B
User Capacity:    750,156,374,016 bytes [750 GB]
Sector Sizes:     512 bytes logical, 4096 bytes physical
Device is:        Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 6
Local Time is:    Sat Mar 26 22:37:25 2016 SAWST
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (   45) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: ( 196) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   062    Pre-fail  Always       -       0
  2 Throughput_Performance  0x0005   100   100   040    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0007   202   202   033    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0012   098   098   000    Old_age   Always       -       4044
  5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       94
  7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   040    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0012   074   074   000    Old_age   Always       -       11809
 10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   098   098   000    Old_age   Always       -       4043
191 G-Sense_Error_Rate      0x000a   100   100   000    Old_age   Always       -       1
192 Power-Off_Retract_Count 0x0032   099   099   000    Old_age   Always       -       4294902021
193 Load_Cycle_Count        0x0012   077   077   000    Old_age   Always       -       230234
194 Temperature_Celsius     0x0002   181   181   000    Old_age   Always       -       33 (Min/Max 16/53)
196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       111
197 Current_Pending_Sector  0x0022   001   001   000    Old_age   Always       -       4816
198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       5
223 Load_Retry_Count        0x000a   100   100   000    Old_age   Always       -       0
 
SMART Error Log Version: 1
ATA Error Count: 20462 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 20462 occurred at disk power-on lifetime: 11806 hours (491 days + 22 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 68 b8 42 07 0a  Error: UNC at LBA = 0x0a0742b8 = 168247992
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 80 38 a0 42 07 40 00      01:36:45.091  READ FPDMA QUEUED
  60 08 30 e0 4b 31 40 00      01:36:45.084  READ FPDMA QUEUED
  60 05 28 7f ae 94 40 00      01:36:45.070  READ FPDMA QUEUED
  60 80 20 98 8b d7 40 00      01:36:45.051  READ FPDMA QUEUED
  60 80 18 40 70 76 40 00      01:36:45.051  READ FPDMA QUEUED
 
Error 20461 occurred at disk power-on lifetime: 11806 hours (491 days + 22 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 68 b8 42 07 0a  Error: UNC at LBA = 0x0a0742b8 = 168247992
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 80 d8 a0 42 07 40 00      01:36:41.803  READ FPDMA QUEUED
  60 20 d0 88 e3 d7 40 00      01:36:41.777  READ FPDMA QUEUED
  60 80 c8 40 6f 76 40 00      01:36:41.767  READ FPDMA QUEUED
  61 58 c0 60 67 ae 40 00      01:36:41.765  WRITE FPDMA QUEUED
  60 80 b8 c0 6e 76 40 00      01:36:41.749  READ FPDMA QUEUED
 
Error 20460 occurred at disk power-on lifetime: 11806 hours (491 days + 22 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 68 b8 42 07 0a  Error: UNC at LBA = 0x0a0742b8 = 168247992
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 80 88 a0 42 07 40 00      01:36:38.525  READ FPDMA QUEUED
  60 80 80 50 89 d7 40 00      01:36:38.506  READ FPDMA QUEUED
  60 80 78 40 6e 76 40 00      01:36:38.505  READ FPDMA QUEUED
  61 20 70 80 19 d4 40 00      01:36:38.504  WRITE FPDMA QUEUED
  60 80 68 c0 6d 76 40 00      01:36:38.468  READ FPDMA QUEUED
 
Error 20459 occurred at disk power-on lifetime: 11806 hours (491 days + 22 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 68 b8 42 07 0a  Error: UNC at LBA = 0x0a0742b8 = 168247992
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 80 38 a0 42 07 40 00      01:36:35.213  READ FPDMA QUEUED
  60 80 30 c0 9c d7 40 00      01:36:35.201  READ FPDMA QUEUED
  60 80 28 40 6d 76 40 00      01:36:35.200  READ FPDMA QUEUED
  61 60 20 20 3c 95 40 00      01:36:35.200  WRITE FPDMA QUEUED
  60 00 18 40 6c 76 40 00      01:36:35.173  READ FPDMA QUEUED
 
Error 20458 occurred at disk power-on lifetime: 11806 hours (491 days + 22 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  40 51 60 b8 42 07 0a  Error: UNC at LBA = 0x0a0742b8 = 168247992
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 80 f0 98 42 07 40 00      01:36:31.913  READ FPDMA QUEUED
  60 28 e8 90 95 d7 40 00      01:36:31.895  READ FPDMA QUEUED
  60 80 e0 c0 6b 76 40 00      01:36:31.880  READ FPDMA QUEUED
  60 60 d8 60 67 ae 40 00      01:36:31.868  READ FPDMA QUEUED
  61 08 d0 28 93 af 40 00      01:36:31.867  WRITE FPDMA QUEUED
 
SMART Self-test log structure revision number 1
Num  Test_Description    Status                  Remaining  LifeTime(hours)  LBA_of_first_error
# 1  Short offline       Completed without error       00%     11809         -
# 2  Short offline       Completed without error       00%     11807         -
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users