Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible Key Generator Infection


  • This topic is locked This topic is locked
37 replies to this topic

#1 NancySn

NancySn

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 21 July 2016 - 06:03 PM

Hello, 

 

A few weeks ago, I saw Avira pop up with a message that a PUA/Livid had tried to open. All browsers were closed and the comp was in sleep mode at the time. After this, I noticed that google chrome would not allow me to open certain websites that I had visited before. I would get a Privacy Error stating: Your connection is not private. Attackers might be trying to steal your information. Once this started happening I ran a malwarebytes scan and an Avira scan and both turned up nothing. I noticed that my Avira and MB would not update. Eventually I was able to get MB to update but Avira would not and would give me a connection error. It also would say "Your computer is not secured, a service is not working correctly", when I tried to update. I tried uninstalling Avira and now cannot reinstall it, or any other antivirus program. I have turned off all chrome extensions that show up under the settings. Currently am running in Safe Mode with Networking as per someone helping me on here. 

 

FarBar scan:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016
Ran by snow fam (administrator) on SNOWFAM-PC (21-07-2016 19:50:58)
Running from C:\Users\snow fam\Downloads
Loaded Profiles: snow fam (Available Profiles: snow fam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[C1].txt [1475 2016-07-19] ()
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{909426C4-C803-4B4A-8303-14B139DAA5EB}: [DhcpNameServer] 24.222.0.94 24.222.0.95
 
Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-14] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avira Browser Safety) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
S2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-03-02] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-10-12] (hxxp://libusb-win32.sourceforge.net)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) [File not signed]
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-07-21 19:18 - 2016-07-21 19:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\snow fam\Downloads\cbSetup.exe
2016-07-19 22:04 - 2016-07-19 22:04 - 00001290 _____ C:\Users\snow fam\Desktop\ESET.txt
2016-07-19 17:52 - 2016-07-19 17:52 - 02870984 _____ (ESET) C:\Users\snow fam\Desktop\esetsmartinstaller_enu (2).exe
2016-07-19 17:48 - 2016-07-19 17:49 - 02870984 _____ (ESET) C:\Users\snow fam\Downloads\esetsmartinstaller_enu (1).exe
2016-07-19 17:46 - 2016-07-19 17:46 - 00000000 ____D C:\Program Files\ESET
2016-07-19 17:45 - 2016-07-19 17:45 - 03017376 _____ (ESET) C:\Users\snow fam\Downloads\eset_nod32_antivirus_live_installer.exe
2016-07-19 17:22 - 2016-07-19 17:23 - 00000000 ____D C:\AdwCleaner
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Downloads\AdwCleaner (1).exe
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Desktop\AdwCleaner (1).exe
2016-07-18 18:27 - 2016-07-18 18:27 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (2).exe
2016-07-18 18:26 - 2016-07-18 18:26 - 00024532 _____ C:\Users\snow fam\Desktop\JRT.txt
2016-07-18 18:24 - 2016-07-18 18:24 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (1).exe
2016-07-18 18:15 - 2016-07-18 18:15 - 00038834 _____ C:\Users\snow fam\Desktop\MTB.txt
2016-07-18 18:14 - 2016-07-18 18:14 - 00038834 _____ C:\Users\snow fam\Downloads\MTB.txt
2016-07-18 18:13 - 2016-07-18 18:13 - 00892416 _____ (Farbar) C:\Users\snow fam\Downloads\MiniToolBox (1).exe
2016-07-18 18:00 - 2016-07-21 19:27 - 00280844 _____ C:\Windows\ntbtlog.txt
2016-07-18 17:36 - 2016-07-18 17:40 - 00001170 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-18 17:36 - 2016-07-18 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-18 17:36 - 2016-07-18 17:36 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\snow fam\Downloads\avira_en_av_578d3ab2c8853__ws.exe
2016-07-18 17:36 - 2016-07-18 17:36 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-16 18:30 - 2016-07-16 18:30 - 00164090 _____ C:\Users\snow fam\Downloads\me... and two other people
2016-07-16 09:26 - 2016-07-16 09:27 - 00045214 _____ C:\Users\snow fam\Desktop\CHKDSKResults.txt
2016-07-16 00:14 - 2016-07-16 00:14 - 00000000 _____ C:\Users\snow fam\Desktop\sfcdetails.txt
2016-07-14 17:36 - 2016-06-25 21:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:36 - 2016-06-25 21:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 17:36 - 2016-06-25 16:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 17:36 - 2016-06-25 16:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 17:36 - 2016-06-25 16:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 17:36 - 2016-06-22 10:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 17:36 - 2016-06-11 03:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 17:36 - 2016-06-11 01:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 17:36 - 2016-06-10 18:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 18:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:36 - 2016-06-10 18:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 17:36 - 2016-06-10 18:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 17:36 - 2016-06-10 18:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 18:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 17:36 - 2016-06-10 18:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 18:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 17:36 - 2016-06-10 18:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 17:36 - 2016-06-10 18:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 17:36 - 2016-06-10 18:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 18:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:36 - 2016-06-10 18:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 17:36 - 2016-06-10 18:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 17:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:36 - 2016-06-10 17:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 17:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 17:36 - 2016-06-10 17:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 17:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 17:36 - 2016-06-10 17:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 17:36 - 2016-06-10 17:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 17:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 17:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 17:36 - 2016-06-10 17:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 17:36 - 2016-06-10 17:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 17:36 - 2016-06-10 17:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 17:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 17:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 16:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 17:36 - 2016-06-10 16:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 17:36 - 2016-06-10 16:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 17:36 - 2016-06-10 16:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 16:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 15:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 17:36 - 2016-06-10 15:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 15:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 15:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 17:36 - 2016-06-10 15:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 15:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 15:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 15:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 17:36 - 2016-06-10 15:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 17:36 - 2016-06-10 15:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 15:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 15:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 17:36 - 2016-06-10 15:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 17:36 - 2016-06-10 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 17:36 - 2016-06-10 15:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 15:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 15:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 14:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 17:36 - 2016-06-10 14:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 17:36 - 2016-06-10 14:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 14:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 17:34 - 2016-06-14 12:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 17:18 - 2016-07-14 17:18 - 00003558 _____ C:\Users\snow fam\Downloads\winsock2 (1).zip
2016-07-13 17:25 - 2016-05-04 10:19 - 00138810 _____ C:\Users\snow fam\Desktop\winsock2.reg
2016-07-13 17:23 - 2016-07-13 17:23 - 00000000 ____D C:\Users\snow fam\Downloads\winsock2
2016-07-13 17:22 - 2016-05-23 13:54 - 00069462 _____ C:\Users\snow fam\Downloads\winsock2.reg
2016-07-13 17:21 - 2016-07-13 17:21 - 00007317 _____ C:\Users\snow fam\Downloads\winsock2.zip
2016-07-10 10:09 - 2015-07-30 10:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 10:09 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 09:22 - 2016-07-21 19:51 - 00017828 _____ C:\Users\snow fam\Downloads\FRST.txt
2016-07-10 09:21 - 2016-07-10 09:21 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe
2016-07-09 20:11 - 2016-07-09 20:11 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (1).exe
2016-07-09 20:07 - 2016-07-21 19:50 - 00000000 ____D C:\FRST
2016-07-09 20:06 - 2016-07-09 20:07 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64.exe
2016-07-07 12:23 - 2016-07-18 22:26 - 00000000 ____D C:\Users\snow fam\AppData\Local\ElevatedDiagnostics
2016-07-06 14:43 - 2016-02-03 15:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-06 14:43 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-06 13:21 - 2016-03-16 15:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-06 13:21 - 2016-02-02 15:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-06 13:20 - 2016-05-12 14:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-06 13:20 - 2016-05-12 14:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-06 13:20 - 2016-05-12 14:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-06 13:20 - 2016-05-12 14:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-06 13:20 - 2016-05-12 11:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-06 13:20 - 2016-05-12 11:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 10:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-06 13:20 - 2016-05-12 10:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-06 13:20 - 2016-05-12 10:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-06 13:20 - 2016-04-14 13:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-06 13:20 - 2016-04-14 13:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-06 13:20 - 2016-04-14 12:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-06 13:20 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-06 13:20 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-06 13:20 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-06 13:20 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-06 13:20 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-06 13:20 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-06 13:20 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-06 13:20 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-06 13:20 - 2016-04-09 02:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-06 13:20 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-03-17 19:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-06 13:20 - 2016-03-17 19:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-06 13:20 - 2016-03-15 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-06 13:20 - 2016-02-09 06:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 18:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-06 13:20 - 2015-12-08 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-06 13:20 - 2015-12-08 16:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 16:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-06 13:20 - 2015-12-08 15:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-06 13:20 - 2015-12-08 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-06 13:20 - 2015-12-08 15:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-06 13:20 - 2015-11-19 11:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:19 - 2016-05-12 14:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-06 13:19 - 2016-05-12 12:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-06 13:19 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-06 13:19 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-06 13:19 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-06 13:19 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-06 12:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-06 13:19 - 2016-03-09 16:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-06 13:19 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-06 13:19 - 2016-03-09 15:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-06 13:19 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-06 13:19 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-06 13:19 - 2016-02-12 15:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-06 13:19 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-06 13:19 - 2016-01-07 14:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-06 13:19 - 2015-12-08 18:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-06 13:19 - 2015-12-08 16:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-06 13:19 - 2015-11-13 20:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-06 13:19 - 2015-11-13 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-06 13:18 - 2016-01-20 21:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-07-06 13:17 - 2016-05-18 13:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-06 13:17 - 2016-05-18 13:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-06 13:17 - 2016-05-13 19:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-06 13:17 - 2016-05-13 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-06 13:17 - 2016-05-11 14:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-06 13:17 - 2016-05-11 12:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-06 13:17 - 2016-02-09 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-06 13:17 - 2016-02-04 22:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-06 13:17 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-06 13:17 - 2016-02-03 15:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-06 11:42 - 2016-05-11 14:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 12:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 11:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-06 11:42 - 2016-03-06 15:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-06 11:42 - 2016-02-05 15:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-06 11:42 - 2016-02-05 15:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-06 11:42 - 2016-02-05 14:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-06 11:42 - 2016-01-11 16:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-06 11:42 - 2015-06-03 17:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-06 11:25 - 2016-07-06 11:25 - 00414720 _____ (Microsoft Corporation) C:\Users\snow fam\Downloads\Unconfirmed 696381.crdownload
2016-07-04 14:55 - 2016-07-04 14:55 - 00003192 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e04.hdtv.x264.lol.ettv.torrent
2016-07-02 16:40 - 2016-07-02 16:40 - 00052558 _____ C:\Users\snow fam\Downloads\[kat.cr]brazzers.big.tits.at.work.asa.akira.katsuni.london.keyes.mia.lelani.keiran.lee.office.4.play.ii.asian.sensation.mp4.torrent
2016-07-02 16:35 - 2016-07-02 16:35 - 00012522 _____ C:\Users\snow fam\Downloads\[kat.cr]wickedpictures.asa.akira.jessica.drake.katie.morgan.luna.star.teanna.trump.the.j.o.b.scene.07.new.release.june.2016.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00004732 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e03.hdtv.x264.lol.ettv.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00003866 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e02.hdtv.x264.lol.ettv.torrent
2016-07-02 16:23 - 2016-07-02 16:23 - 00003887 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e01.hdtv.x264.lol.ettv.torrent
2016-07-02 16:21 - 2016-07-02 16:21 - 00019709 _____ C:\Users\snow fam\Downloads\[kat.cr]turn.s03.complete.1080p.10bit.web.dl.6ch.x265.hevc.power.torrent
2016-07-02 15:52 - 2016-07-02 15:52 - 00062224 _____ C:\Users\snow fam\Downloads\[kat.cr]marco.polo.2014.season.2.complete.720p.webrip.hevc.x265.rmteam.720p.hevc.torrent
2016-07-01 16:38 - 2016-07-01 16:38 - 17416885 _____ C:\Users\snow fam\Downloads\IMG_2454.MOV
2016-06-26 18:39 - 2016-06-26 18:39 - 00002531 _____ C:\Users\snow fam\Downloads\[kat.cr]maria.v.snyder.night.study.soulfinders.2.torrent
2016-06-26 18:38 - 2016-06-26 18:38 - 00001432 _____ C:\Users\snow fam\Downloads\[kat.cr]kalayna.price.alex.craft.4.grave.visions.wildwielder.cpul.epub.torrent
2016-06-26 18:28 - 2016-06-26 18:28 - 00001289 _____ C:\Users\snow fam\Downloads\[kat.cr]the.girl.on.the.train.paula.hawkins.blua.epub.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-21 19:28 - 2009-07-14 02:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-21 19:28 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-19 17:50 - 2014-04-16 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-19 17:30 - 2011-08-12 03:06 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-19 17:30 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-19 17:05 - 2014-10-08 13:09 - 00151552 ___SH C:\Users\snow fam\Documents\Thumbs.db
2016-07-18 18:10 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-07-18 18:10 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-07-18 18:08 - 2013-11-20 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-18 17:53 - 2013-03-08 21:13 - 00000000 ____D C:\Windows\pss
2016-07-18 17:53 - 2011-08-11 03:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Avira
2016-07-18 17:23 - 2014-05-20 19:13 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Avira
2016-07-18 17:16 - 2013-05-08 08:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-18 17:11 - 2013-11-20 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-18 17:07 - 2013-08-12 12:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-07-18 14:29 - 2013-08-08 14:24 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-07-18 14:29 - 2013-08-08 14:24 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-07-17 20:07 - 2013-08-12 12:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-07-17 18:50 - 2012-05-16 22:01 - 03618816 ___SH C:\Users\snow fam\Downloads\Thumbs.db
2016-07-15 10:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-07-15 09:39 - 2009-07-14 01:45 - 05005384 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 23:22 - 2015-04-19 15:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 23:22 - 2010-11-21 04:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:16 - 2013-05-08 08:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 21:16 - 2012-04-18 07:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 21:16 - 2011-09-13 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 17:48 - 2013-09-29 21:05 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 17:40 - 2011-08-21 00:37 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 17:16 - 2011-09-13 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:16 - 2011-04-06 10:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 13:19 - 2014-12-29 17:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 13:18 - 2015-08-05 15:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 16:02 - 2011-08-11 03:47 - 00000000 ____D C:\Users\snow fam\AppData\LocalLow\Temp
2016-07-11 16:01 - 2011-08-11 02:38 - 00001210 _____ C:\Users\Public\Desktop\Netflix.lnk
2016-07-11 07:49 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 23:50 - 2014-05-19 20:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-10 10:00 - 2014-01-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-10 09:27 - 2011-09-12 09:30 - 00000000 ____D C:\Users\snow fam\Documents\Azureus Downloads
2016-07-07 12:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 12:02 - 2013-03-10 16:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-07 12:02 - 2011-08-11 03:49 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Azureus
2016-07-06 13:21 - 2012-10-02 18:26 - 00007593 _____ C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2016-06-26 19:26 - 2011-08-20 21:53 - 00000000 ____D C:\Users\snow fam\Calibre Library
 
==================== Files in the root of some directories =======
 
2012-02-29 21:03 - 2012-02-29 21:28 - 0000132 _____ () C:\Users\snow fam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-24 14:00 - 2013-10-16 11:41 - 0000000 _____ () C:\Users\snow fam\AppData\Roaming\bitlord_log.txt
2013-11-13 22:22 - 2013-11-13 22:22 - 0000038 ___SH () C:\Users\snow fam\AppData\Local\4c6d4c0d519c43f31ecc76.94841244
2012-03-01 17:12 - 2013-11-06 17:42 - 0001456 _____ () C:\Users\snow fam\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-09-13 19:45 - 2011-09-13 19:45 - 0004608 _____ () C:\Users\snow fam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-16 12:11 - 2013-10-16 12:11 - 0000218 _____ () C:\Users\snow fam\AppData\Local\recently-used.xbel
2012-10-02 18:26 - 2016-07-06 13:21 - 0007593 _____ () C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2011-06-02 16:09 - 2011-06-02 16:11 - 0015149 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
Some files in TEMP:
====================
C:\Users\snow fam\AppData\Local\Temp\avgnt.exe
C:\Users\snow fam\AppData\Local\Temp\libeay32.dll
C:\Users\snow fam\AppData\Local\Temp\msvcr120.dll
C:\Users\snow fam\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-17 00:13
 
==================== End of FRST.txt ============================

Attached Files


Edited by NancySn, 21 July 2016 - 07:25 PM.


BC AdBot (Login to Remove)

 


#2 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 26 July 2016 - 05:42 AM

NancySn:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  I would like to address you by your first name, if that is alright with you since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal  Instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I will need some time to review your FRST logs and consult with the Malware Response Instructor (MRI) who will be assigned to supervise this topic.  That could take a few days.  Once I have reviewed my proposed response with the assigned MRI, I will reply to you with initial instructions.
 
PLEASE DO NOT RUN ANY ADDITIONAL SCANS OR ANTI-MALWARE REMOVAL TOOLS UNTIL YOU HAVE RECEIVED A RESPONSE FROM ME.
Doing so would complicate the situation and it would cause further delays in resolving your issues.  It could also potentially result in harm to your computer because my "fix" will be based on the FRST scan logs you have already submitted.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#3 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 26 July 2016 - 03:14 PM

Ok, sounds good, thank you!



#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 28 July 2016 - 04:17 AM

NancySn:

Thank you for your patience while I analyzed your FRST logs and consulted with the Malware Response Instructor assigned to supervise me while I deal with your issues.

Before we start dealing with the problems you are experiencing, I would ask that you to take note of the following points:

  • I am a Bleeping Computer volunteer, so I ask you to be patient. I know it is frustrating when your computer is not working properly, but malware removal takes time.
  • Please also remember that I only dedicate a limited number of hours a day to helping people. We may live in different time zones, which may cause delays in responding.
  • If I have not responded to you within 48 hours, please send me a personal message. Likewise, I expect you to respond within 48 hours, and sooner is better because we can fix your computer faster.
  • If I have not heard from you in three days, I will "bump" your post. After five days of no response, I will consider that you no longer need my assistance and this thread will be closed.
  • Logs can take a while to research, so please be patient.
  • Some issues just cannot be solved so you must be prepared for this.
  • Please read and follow the instructions in the exact sequence that they are posted to avoid making a bad situation worse.
  • Please print or copy and save the instructions.
  • Back up all your data and important files on another (external) drive before starting to run malware removal tools.
  • You should try to limit your browsing with this computer until you are given the "All Clear." Some malware applications steal passwords.
  • Please do not install or uninstall any applications, unless directed. Don't run any scripts or tools on your own because unsupervised usage may cause more harm than good.
  • Please use only that tools you have been instructed to use.
  • If you are using CD/DVD emulation software, this should be uninstalled or disabled as it can interfere with the removal of some malware. It can be turned off with Defogger and then turned back on when you get the "All Clear."
  • Please copy and paste the requested log files inside your post, unless otherwise instructed.
  • There are no silly questions. Ask for clarification, if you have any questions or concerns.
  • Bleeping Computer does not support any piracy. Evidence of illegal OS, software, cracks/keygens, etc., will be revealed by scan logs, and if found, further assistance may be suspended. Uninstall such software before proceeding!
  • Any P2P software such as uTorrent, BitTorrent, Kazaa, etc. must be uninstalled or completely disabled. P2P software is a major security risk to your computer and that may have been the route the malware used to infect your computer. Do not use any P2P software until we conclude your topic.
  • Failure to follow these guidelines may result in assistance being withdrawn and your thread being closed.
  • I am volunteering my time to help you, and I will need you to help me. Together, we can, hopefully, disinfect your computer and get if functioning properly again. That is my only aim.

 

OK, let's get started ...


I see that you have Vuze installed on your computer, which is a P2P program. Unfortunately, the FRST logs also indicate the presence of "pirated" or "cracked" software, and other downloads, via .torrent, of dubious legitimacy. Bleeping Computer does not condone piracy, for a number of reasons, not the least of which is that the downloading and installation of such software is a major doorway for malware infections.

I am not saying that you are responsible for any of the items that I have mentioned; however, I will unable to assist you further unless you, or the person(s) responsible for that software, agree to remove such software from the computer, before we proceed. What you, or the person(s) decide to do after your computer is declared clean, is, of course, your, and their, decision. Obviously I would recommend that you abandon P2P and pirated software forever for your own cyberspace safety.

If you wish to proceed to clean up the computer, then please take the following steps; otherwise, please let me know and I will ask a Moderator to conclude this topic. You can always re-open the topic if the decision is made by you, or others, subsequently, to diagnose and clean up the computer.

.

:step1: Please boot Windows into Normal Mode and uninstall all pirated/cracked programs, including all cracked/pirated Adobe products, and delete all .torrent file and other P2P files. Reboot the computer back into Windows in Normal Mode after all uninstallations and file deletions are completed.

.

:step2: ckscanner.jpg Scan with CKScanner

Download CKScanner by askey127 and save it to your desktop.

  • Right-click on ckscanner.jpg icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • click Search For Files.
  • When finished, click Save List To File.
  • Remember to run this tool once only, if not asked to run it again.

Please copy and paste the content of CKFiles.txt into your next reply.

.

:step3: Please run a fresh set of FRST logs in Normal Mode (that provides more information than running in "Safe Mode with Networking"). Please ensure that "Addition.txt" is checked (it is only "checked" on the first run, by default). Also, under "Optional Scans", please "check" "Shortcuts.txt".

Please copy and paste the contents of all three FRST logs into your next reply.

.

:step4: To summarize, I would like you to please copy and paste the contents of following files into your next reply:

  • CKFiles.txt;
  • FRST.txt;
  • Addition.txt; and,
  • Shortcuts.txt.

.

Thank you and have a great day.

Regards,
-Phil

 

Member of the Unified Network of Instructors and Trusted Eliminators


#5 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 31 July 2016 - 05:19 AM

NancySn:

 

I have not heard from you in three days.  Do you still require assistance?

 

If I haven't heard from you in another two days, I will ask a Moderator to conclude your topic.  You can always reopen it upon request with a personal message to a Moderator.

 

Thank you and have a great day.

 

Regards,

-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#6 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 31 July 2016 - 01:29 PM

Hi there, I will get to work on the above, I was away for a few days. Will post the logs here once I have them. I can uninstall vuze no problem, not sure about the adobe products as my husband is using those currently, but will try my best! 



#7 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 31 July 2016 - 02:13 PM

I tried to clean out anything that I didn't have a box for! Here are the logs

 

CKSCanner (this was not working initially, kept not responding)

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\comicrack\microsoft.dynamic.dll
c:\program files (x86)\adobe\adobe flash catalyst cs5.5\plugins\com.adobe.thermo.core_1.5.0.308731\com\adobe\thermo\undo\thermoundosystem$undoabledocumentchangecracker.class
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\metadata.opf
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\step on a crack - michael bennett 1 - james patterson.epub
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\step on a crack - michael bennett 1 - james patterson.mobi
c:\users\snow fam\documents\books\ebooks\james patterson\step on a crack - james patterson.epub
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\file_id.diz
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\x-force.nfo
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\silverefexpro2-pl-ver2.000all.exe
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\torrent downloaded from demonoid.com.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\patch.bat
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\32bit\silverefexpro2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\64bit\silverefexpro2fc64.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc64.dll
hosts 127.0.0.1 activate.adobe.com
scanner sequence 3.II.11.NPABA0
 ----- EOF ----- 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016 (ATTENTION: ====> FRSTversion is 22 days old and could 
 
be outdated)
Ran by snow fam (administrator) on SNOWFAM-PC (31-07-2016 15:48:35)
Running from C:\Users\snow fam\Downloads
Loaded Profiles: snow fam (Available Profiles: snow fam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] 
 
(Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-
 
24] (Sony Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] 
 
(Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update
 
\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update
 
\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin
 
\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{909426C4-C803-4B4A-8303-14B139DAA5EB}: [DhcpNameServer] 24.222.0.94 24.222.0.95
 
Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-
 
01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows 
 
Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet 
 
Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL 
 
[2010-01-16] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player
 
\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy
 
\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office
 
\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll 
 
[2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared
 
\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office
 
\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll 
 
[2015-01-24] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} 
 
hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} 
 
hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer 
 
x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer
 
\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft 
 
Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] 
 
(DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, 
 
LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] 
 
(Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle 
 
Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( 
 
Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] 
 
(Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] 
 
(Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] 
 
(Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] 
 
(Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix
 
\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming
 
\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla
 
\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local
 
\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local
 
\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox
 
\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-14] [not 
 
signed]
 
Chrome: 
=======
CHR Profile: C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake 
 
[2015-02-05]
CHR Extension: (Google Drive) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf 
 
[2015-10-22]
CHR Extension: (YouTube) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo 
 
[2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb 
 
[2016-06-30]
CHR Extension: (Google Search) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avira Browser Safety) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions
 
\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015
 
-03-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome
 
\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not 
 
signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) 
 
[File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony 
 
Corporation) [File not signed]
S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) 
 
[File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-03-02] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-10-12] (hxxp://libusb-win32.sourceforge.net)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) [File not signed]
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-31 15:38 - 2016-07-31 15:38 - 00468480 _____ () C:\Users\snow fam\Downloads\CKScanner.exe
2016-07-31 15:38 - 2016-07-31 15:38 - 00468480 _____ () C:\Users\snow fam\Desktop\CKScanner.exe
2016-07-25 19:03 - 2016-07-25 19:03 - 00105818 _____ C:\Users\snow fam\Desktop\MSI-Health-Card-Renewal-Form.pdf
2016-07-23 11:59 - 2016-07-23 11:59 - 00000000 ____D C:\Users\snow fam\AppData\Local\{47FF3084-61E9-4C61-ADEF-F942012B1206}
2016-07-22 17:06 - 2016-07-22 17:06 - 00175142 _____ C:\Users\snow fam\Documents\OfferLetter.pdf
2016-07-21 19:52 - 2016-07-21 19:53 - 00055226 _____ C:\Users\snow fam\Downloads\Addition.txt
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-07-21 19:18 - 2016-07-21 19:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\snow fam\Downloads\cbSetup.exe
2016-07-19 17:52 - 2016-07-19 17:52 - 02870984 _____ (ESET) C:\Users\snow fam\Desktop\esetsmartinstaller_enu (2).exe
2016-07-19 17:48 - 2016-07-19 17:49 - 02870984 _____ (ESET) C:\Users\snow fam\Downloads\esetsmartinstaller_enu (1).exe
2016-07-19 17:46 - 2016-07-19 17:46 - 00000000 ____D C:\Program Files\ESET
2016-07-19 17:45 - 2016-07-19 17:45 - 03017376 _____ (ESET) C:\Users\snow fam\Downloads\eset_nod32_antivirus_live_installer.exe
2016-07-19 17:22 - 2016-07-19 17:23 - 00000000 ____D C:\AdwCleaner
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Downloads\AdwCleaner (1).exe
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Desktop\AdwCleaner (1).exe
2016-07-18 18:27 - 2016-07-18 18:27 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (2).exe
2016-07-18 18:26 - 2016-07-18 18:26 - 00024532 _____ C:\Users\snow fam\Desktop\JRT.txt
2016-07-18 18:24 - 2016-07-18 18:24 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (1).exe
2016-07-18 18:15 - 2016-07-18 18:15 - 00038834 _____ C:\Users\snow fam\Desktop\MTB.txt
2016-07-18 18:14 - 2016-07-18 18:14 - 00038834 _____ C:\Users\snow fam\Downloads\MTB.txt
2016-07-18 18:13 - 2016-07-18 18:13 - 00892416 _____ (Farbar) C:\Users\snow fam\Downloads\MiniToolBox (1).exe
2016-07-18 18:00 - 2016-07-31 15:17 - 00390116 _____ C:\Windows\ntbtlog.txt
2016-07-18 17:36 - 2016-07-18 17:40 - 00001170 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-18 17:36 - 2016-07-18 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-18 17:36 - 2016-07-18 17:36 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\snow fam\Downloads
 
\avira_en_av_578d3ab2c8853__ws.exe
2016-07-18 17:36 - 2016-07-18 17:36 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-16 18:30 - 2016-07-16 18:30 - 00164090 _____ C:\Users\snow fam\Downloads\me... and two other people
2016-07-16 00:14 - 2016-07-16 00:14 - 00000000 _____ C:\Users\snow fam\Desktop\sfcdetails.txt
2016-07-14 17:36 - 2016-06-25 21:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:36 - 2016-06-25 21:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 17:36 - 2016-06-25 16:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 17:36 - 2016-06-25 16:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 17:36 - 2016-06-25 16:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 17:36 - 2016-06-22 10:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 17:36 - 2016-06-11 03:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 17:36 - 2016-06-11 01:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 17:36 - 2016-06-10 18:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 18:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:36 - 2016-06-10 18:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 17:36 - 2016-06-10 18:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 17:36 - 2016-06-10 18:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 18:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 17:36 - 2016-06-10 18:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 18:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 17:36 - 2016-06-10 18:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 17:36 - 2016-06-10 18:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 17:36 - 2016-06-10 18:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 18:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:36 - 2016-06-10 18:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 17:36 - 2016-06-10 18:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 17:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:36 - 2016-06-10 17:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 17:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 17:36 - 2016-06-10 17:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 17:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 17:36 - 2016-06-10 17:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 17:36 - 2016-06-10 17:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 17:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 17:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 17:36 - 2016-06-10 17:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 17:36 - 2016-06-10 17:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 17:36 - 2016-06-10 17:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 17:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 17:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 16:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 17:36 - 2016-06-10 16:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 17:36 - 2016-06-10 16:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 17:36 - 2016-06-10 16:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 16:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 15:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 17:36 - 2016-06-10 15:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 15:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 15:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 17:36 - 2016-06-10 15:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 15:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 15:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 15:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 17:36 - 2016-06-10 15:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 17:36 - 2016-06-10 15:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 15:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 15:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 17:36 - 2016-06-10 15:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 17:36 - 2016-06-10 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 17:36 - 2016-06-10 15:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 15:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 15:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 14:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 17:36 - 2016-06-10 14:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 17:36 - 2016-06-10 14:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 14:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 17:34 - 2016-06-14 12:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 17:18 - 2016-07-14 17:18 - 00003558 _____ C:\Users\snow fam\Downloads\winsock2 (1).zip
2016-07-13 17:25 - 2016-05-04 10:19 - 00138810 _____ C:\Users\snow fam\Desktop\winsock2.reg
2016-07-13 17:23 - 2016-07-13 17:23 - 00000000 ____D C:\Users\snow fam\Downloads\winsock2
2016-07-13 17:22 - 2016-05-23 13:54 - 00069462 _____ C:\Users\snow fam\Downloads\winsock2.reg
2016-07-13 17:21 - 2016-07-13 17:21 - 00007317 _____ C:\Users\snow fam\Downloads\winsock2.zip
2016-07-10 10:09 - 2015-07-30 10:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 10:09 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 09:22 - 2016-07-31 15:48 - 00018972 _____ C:\Users\snow fam\Downloads\FRST.txt
2016-07-10 09:21 - 2016-07-10 09:21 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe
2016-07-09 20:11 - 2016-07-09 20:11 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (1).exe
2016-07-09 20:07 - 2016-07-31 15:48 - 00000000 ____D C:\FRST
2016-07-09 20:06 - 2016-07-09 20:07 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64.exe
2016-07-07 12:23 - 2016-07-18 22:26 - 00000000 ____D C:\Users\snow fam\AppData\Local\ElevatedDiagnostics
2016-07-06 14:43 - 2016-02-03 15:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-06 14:43 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-06 13:21 - 2016-03-16 15:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-06 13:21 - 2016-02-02 15:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-06 13:20 - 2016-05-12 14:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-06 13:20 - 2016-05-12 14:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-06 13:20 - 2016-05-12 14:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-06 13:20 - 2016-05-12 14:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-06 13:20 - 2016-05-12 11:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-06 13:20 - 2016-05-12 11:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 10:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-06 13:20 - 2016-05-12 10:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-06 13:20 - 2016-05-12 10:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-06 13:20 - 2016-04-14 13:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-06 13:20 - 2016-04-14 13:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-06 13:20 - 2016-04-14 12:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-06 13:20 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-06 13:20 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-06 13:20 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-06 13:20 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-06 13:20 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-
 
0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-
 
0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-06 13:20 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-06 13:20 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-06 13:20 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-06 13:20 - 2016-04-09 02:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-06 13:20 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-03-17 19:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-06 13:20 - 2016-03-17 19:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-06 13:20 - 2016-03-15 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-06 13:20 - 2016-02-09 06:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 18:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-06 13:20 - 2015-12-08 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-06 13:20 - 2015-12-08 16:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 16:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-06 13:20 - 2015-12-08 15:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-06 13:20 - 2015-12-08 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-06 13:20 - 2015-12-08 15:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-06 13:20 - 2015-11-19 11:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:19 - 2016-05-12 14:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-06 13:19 - 2016-05-12 12:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-06 13:19 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-06 13:19 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-06 13:19 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-06 13:19 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-06 12:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-06 13:19 - 2016-03-09 16:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-06 13:19 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-06 13:19 - 2016-03-09 15:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-06 13:19 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-06 13:19 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-06 13:19 - 2016-02-12 15:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-06 13:19 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-06 13:19 - 2016-01-07 14:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-06 13:19 - 2015-12-08 18:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-06 13:19 - 2015-12-08 16:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-06 13:19 - 2015-11-13 20:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-06 13:19 - 2015-11-13 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-06 13:18 - 2016-01-20 21:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-07-06 13:17 - 2016-05-18 13:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-06 13:17 - 2016-05-18 13:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-06 13:17 - 2016-05-13 19:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-06 13:17 - 2016-05-13 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-06 13:17 - 2016-05-11 14:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-06 13:17 - 2016-05-11 12:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-06 13:17 - 2016-02-09 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-06 13:17 - 2016-02-04 22:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-06 13:17 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-06 13:17 - 2016-02-03 15:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-06 11:42 - 2016-05-11 14:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 12:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 11:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-06 11:42 - 2016-03-06 15:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-06 11:42 - 2016-02-05 15:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-06 11:42 - 2016-02-05 15:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-06 11:42 - 2016-02-05 14:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-06 11:42 - 2016-01-11 16:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-06 11:42 - 2015-06-03 17:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-06 11:25 - 2016-07-06 11:25 - 00414720 _____ (Microsoft Corporation) C:\Users\snow fam\Downloads\Unconfirmed 696381.crdownload
2016-07-04 14:55 - 2016-07-04 14:55 - 00003192 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e04.hdtv.x264.lol.ettv.torrent
2016-07-02 16:40 - 2016-07-02 16:40 - 00052558 _____ C:\Users\snow fam\Downloads\[kat.cr]
 
brazzers.big.tits.at.work.asa.akira.katsuni.london.keyes.mia.lelani.keiran.lee.office.4.play.ii.asian.sensation.mp4.torrent
2016-07-02 16:35 - 2016-07-02 16:35 - 00012522 _____ C:\Users\snow fam\Downloads\[kat.cr]
 
wickedpictures.asa.akira.jessica.drake.katie.morgan.luna.star.teanna.trump.the.j.o.b.scene.07.new.release.june.2016.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00004732 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e03.hdtv.x264.lol.ettv.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00003866 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e02.hdtv.x264.lol.ettv.torrent
2016-07-02 16:23 - 2016-07-02 16:23 - 00003887 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e01.hdtv.x264.lol.ettv.torrent
2016-07-02 16:21 - 2016-07-02 16:21 - 00019709 _____ C:\Users\snow fam\Downloads\[kat.cr]
 
turn.s03.complete.1080p.10bit.web.dl.6ch.x265.hevc.power.torrent
2016-07-02 15:52 - 2016-07-02 15:52 - 00062224 _____ C:\Users\snow fam\Downloads\[kat.cr]
 
marco.polo.2014.season.2.complete.720p.webrip.hevc.x265.rmteam.720p.hevc.torrent
2016-07-01 16:38 - 2016-07-01 16:38 - 17416885 _____ C:\Users\snow fam\Downloads\IMG_2454.MOV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-07-31 15:49 - 2011-09-12 10:13 - 00000000 ____D C:\Users\snow fam\Documents\Nero 7 Ultra Edition Enhanced version 7-WITH keygen
2016-07-31 15:39 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115
 
-601632D005A0
2016-07-31 15:39 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115
 
-601632D005A0
2016-07-31 15:36 - 2009-07-14 02:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-31 15:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-31 15:32 - 2014-05-20 13:23 - 00000000 ____D C:\Program Files (x86)\Vuze
2016-07-31 15:31 - 2013-11-20 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-31 15:31 - 2011-08-11 03:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-07-31 15:30 - 2013-08-12 12:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-
 
1001UA.job
2016-07-31 15:30 - 2013-08-12 12:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-
 
1001Core.job
2016-07-31 15:30 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-07-31 15:14 - 2013-08-12 12:25 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-
 
4159002519-1001UA
2016-07-31 15:14 - 2013-08-12 12:25 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-
 
4159002519-1001Core
2016-07-31 14:29 - 2013-08-08 14:24 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-
 
1001UA.job
2016-07-31 14:29 - 2013-08-08 14:24 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-
 
1001Core.job
2016-07-31 14:17 - 2013-11-20 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-31 14:16 - 2013-05-08 08:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-07-30 22:12 - 2013-11-20 18:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 22:12 - 2013-11-20 18:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-22 17:01 - 2011-08-12 03:06 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-19 17:50 - 2014-04-16 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-19 17:05 - 2014-10-08 13:09 - 00151552 ___SH C:\Users\snow fam\Documents\Thumbs.db
2016-07-18 17:53 - 2013-03-08 21:13 - 00000000 ____D C:\Windows\pss
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Avira
2016-07-18 17:23 - 2014-05-20 19:13 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Avira
2016-07-17 18:50 - 2012-05-16 22:01 - 03618816 ___SH C:\Users\snow fam\Downloads\Thumbs.db
2016-07-15 10:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-07-15 09:39 - 2009-07-14 01:45 - 05005384 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 23:22 - 2015-04-19 15:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 23:22 - 2010-11-21 04:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:16 - 2013-05-08 08:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 21:16 - 2012-04-18 07:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 21:16 - 2011-09-13 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 17:48 - 2013-09-29 21:05 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 17:40 - 2011-08-21 00:37 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 17:16 - 2011-09-13 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:16 - 2011-04-06 10:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 13:19 - 2014-12-29 17:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 13:18 - 2015-08-05 15:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 16:02 - 2011-08-11 03:47 - 00000000 ____D C:\Users\snow fam\AppData\LocalLow\Temp
2016-07-11 16:01 - 2011-08-11 02:38 - 00001210 _____ C:\Users\Public\Desktop\Netflix.lnk
2016-07-11 07:49 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 23:50 - 2014-05-19 20:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-10 10:00 - 2014-01-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-10 09:27 - 2011-09-12 09:30 - 00000000 ____D C:\Users\snow fam\Documents\Books
2016-07-07 12:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 12:02 - 2013-03-10 16:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-07 12:02 - 2011-08-11 03:49 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Azureus
2016-07-06 13:21 - 2012-10-02 18:26 - 00007593 _____ C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
 
==================== Files in the root of some directories =======
 
2012-02-29 21:03 - 2012-02-29 21:28 - 0000132 _____ () C:\Users\snow fam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-24 14:00 - 2013-10-16 11:41 - 0000000 _____ () C:\Users\snow fam\AppData\Roaming\bitlord_log.txt
2013-11-13 22:22 - 2013-11-13 22:22 - 0000038 ___SH () C:\Users\snow fam\AppData\Local\4c6d4c0d519c43f31ecc76.94841244
2012-03-01 17:12 - 2013-11-06 17:42 - 0001456 _____ () C:\Users\snow fam\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-09-13 19:45 - 2011-09-13 19:45 - 0004608 _____ () C:\Users\snow fam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-16 12:11 - 2013-10-16 12:11 - 0000218 _____ () C:\Users\snow fam\AppData\Local\recently-used.xbel
2012-10-02 18:26 - 2016-07-06 13:21 - 0007593 _____ () C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2011-06-02 16:09 - 2011-06-02 16:11 - 0015149 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
Some files in TEMP:
====================
C:\Users\snow fam\AppData\Local\Temp\avgnt.exe
C:\Users\snow fam\AppData\Local\Temp\i4jdel0.exe
C:\Users\snow fam\AppData\Local\Temp\libeay32.dll
C:\Users\snow fam\AppData\Local\Temp\msvcr120.dll
C:\Users\snow fam\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-31 03:42
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by snow fam (2016-07-31 15:49:51)
Running from C:\Users\snow fam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-11 05:37:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-534614172-2324584149-4159002519-500 - Administrator - Disabled)
Guest (S-1-5-21-534614172-2324584149-4159002519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-534614172-2324584149-4159002519-1004 - Limited - Enabled)
snow fam (S-1-5-21-534614172-2324584149-4159002519-1001 - Administrator - Enabled) => C:\Users\snow fam
UpdatusUser (S-1-5-21-534614172-2324584149-4159002519-1000 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled 
 
manually.)
 
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0225.2011 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems 
 
Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game 
 
Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3007 - Acer Incorporated)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - 
 
Microsoft Corporation)
Cyberduck 4.3.1 (11008) (HKLM-x32\...\Cyberduck) (Version: 4.3.1 (11008) - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MediaEspresso (x32 Version: 1.0.1423_35858 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft 
 
Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 
 
8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft 
 
Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 
 
9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 
 
9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - 
 
Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - 
 
Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) 
 
(Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
PASS (HKLM-x32\...\com.showitfast.pass.desktop.PASS) (Version: 2.1.317 - Showitfast, Inc)
PASS (x32 Version: 2.1.317 - Showitfast, Inc) Hidden
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor 
 
Corp.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StudioCloud 3.0 (HKLM-x32\...\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1) (Version: 3.1.247 - StudioCloud 
 
International Inc.)
StudioCloud 3.0 (x32 Version: 3.1.247 - StudioCloud International Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SymMover (HKLM-x32\...\SymMover) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - 
 
Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:
 
\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:
 
\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03591A0E-80BE-4E2D-8AD1-CC962D17C577} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => 
 
C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {278811F8-3E17-472C-896B-D2365300B8E7} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe 
 
[2011-02-22] (CyberLink Corp.)
Task: {3132E278-2874-4F61-954A-5D44860131DF} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR
 
\DMREngine.exe [2011-02-22] (CyberLink)
Task: {3507A0D4-7217-404A-A15D-94570782251A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM
 
\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4FEDBE2D-DC6F-46BB-ACE1-5F2B564E09E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {50C3DBC8-102B-4D04-89B4-96F364EA9421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] 
 
(Piriform Ltd)
Task: {71CD6319-84C1-4705-88E2-5896AAC6303C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:
 
\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9A8446D9-51E1-4AC0-B4E6-1091687CB387} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => C:
 
\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FA9213E-0B71-470C-B593-0ABAAAAB19DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:
 
\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B035D5DC-F5DF-4EF6-A725-729CD5ED68B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update
 
\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BDA5CC05-0068-4BF6-8372-BAC78B69B175} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-
 
11-29] (Advanced Micro Devices, Inc.)
Task: {BF44CFB8-8CEC-4B5D-868F-29A4F4746F23} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-
 
22] (Acer Incorporated)
Task: {C5E34943-C426-40A1-B864-B67C5E1A78A6} - System32\Tasks\{D851F931-CB89-4361-BEA9-9C7F7923F46A} => pcalua.exe -a "C:\Users\snow fam
 
\Downloads\amddriverdownloader (1).exe" -d "C:\Users\snow fam\Downloads"
Task: {C6DE1D64-BA4F-47F2-B0FE-73C6177F7581} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash
 
\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {EBE1CDBC-CB46-4E4E-B375-E2EECC687D86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update
 
\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local
 
\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local
 
\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local\Google
 
\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local\Google
 
\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX Author – Create DivX Movies.lnk -> 
 
hxxp://go.divx.com/divx/windows/author/moviesfolder/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX.com.lnk -> hxxp://go.divx.com/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Enhance your video soundtracks.lnk -> hxxp://go.divx.com/divx/windows/player/dfx/en (No 
 
File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Post DivX® video to your website.lnk -> hxxp://go.divx.com/publishvideo/en (No File)
Shortcut: C:\Users\snow fam\Desktop\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow 
 
fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache
 
\6.0\60\570ed67c-309597a8.ico (No File)
Shortcut: C:\Users\snow fam\Desktop\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=desktop (No 
 
File)
Shortcut: C:\Users\snow fam\Desktop\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam
 
\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache
 
\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks
 
\4\Microsoft.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\3\Ensemble 
 
Studios on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\2\Support.lnk 
 
-> hxxp:\support.microsoft.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\1\Microsoft 
 
Games Studios - Age of Empires III - The WarChiefs on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\0\Age 
 
Community.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{BB9D051D-A3CC-422F-931A-1019449001A5}\SupportTasks\0\Support.lnk 
 
-> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{B71A3D29-03D6-48E2-909B-183371B53249}\SupportTasks\0\Support.lnk 
 
-> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\1\Support.lnk 
 
-> hxxp://support.microsoft.com/games/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\0\More Games 
 
from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{528AC45E-C2CF-43AB-AAF0-6B268211A5F2}\SupportTasks\0\Support.lnk 
 
-> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{30DB7B94-7BD4-4BE5-9D92-7BBD12C0EAE4}\SupportTasks\0\Support.lnk 
 
-> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> 
 
hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=program (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> 
 
hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache
 
\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artsy Couture ROES\Artsy Couture ROES.lnk -> 
 
hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache
 
\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-12-13 23:19 - 2009-12-09 06:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-25 11:04 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2012-10-16 06:39 - 2012-10-16 06:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-24 22:34 - 2014-10-24 22:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 22:46 - 2014-04-25 22:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-02-22 14:01 - 2011-02-22 14:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2016-07-11 08:26 - 2016-07-11 08:26 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop
 
\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2011-06-02 15:58 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7794 more sites.
 
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123simsen.com -> www.123simsen.com
 
There are 7794 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2013-03-10 16:50 - 00446050 ____R C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1 activate.adobe.com127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15308 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows
 
\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) 
 
(EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\startupfolder: C:^Users^snow fam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss
 
\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -
 
launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{480F250A-2549-4FB6-AFDE-62B9372C1175}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{C8545905-F581-46A9-BD7A-6ECA75374DBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{9D12B5B3-86BF-4DDA-B23A-8063EA66DE6F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C274BC37-A34E-4E29-80A3-75FB33AB5418}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{CD01AD17-9EB9-43E8-BA15-E5AB57EA185D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{410D6CA4-4CC6-474E-91A6-D5BF316058C7}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{89A7F38F-7CA5-43BF-B015-53B0F1A1A2D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B1720887-F31B-4C54-9C42-88972A269F9A}] => (Allow) LPort=2869
FirewallRules: [{D653AFA8-8BF0-49DC-A60C-5100DDC39C6E}] => (Allow) LPort=1900
FirewallRules: [{9C68EA82-5930-4E42-A8F6-954A5C262527}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C7C6499A-64D9-4F6C-B0FC-89EA9D9B377A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0C89DE57-5550-4B1C-B124-6E6187EA3107}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files 
 
(x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{F170B033-2654-40B1-A069-39A2D25B2E16}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files 
 
(x86)\Vuze\Azureus.exe
FirewallRules: [{EF40C1BC-67BC-4966-ACC4-382DA7BD1D29}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABC3C73D-A4C4-41A0-B4EA-ED4592ABFB4B}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{901E1E50-1005-49E1-A3E5-353334FA8197}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{A08CADB3-585F-48AA-80A9-385331A3E826}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{41B29039-C639-4918-BF55-0B3623E19226}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program 
 
files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{04264626-CB06-40BC-BEBF-76AAE468856A}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program 
 
files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CFD514E2-6A6C-4895-AB13-4657DE6F8391}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program 
 
files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{57968F6A-3B01-4909-A816-4CBB5B9B2CD5}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program 
 
files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CF12C40B-0357-4103-8A09-54456DD7CE37}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program 
 
files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{C1C81BE5-5CD1-4167-A1B1-814BA030E625}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program 
 
files (x86)\calibre2\calibre.exe
FirewallRules: [TCP Query User{7F7D1390-F795-4200-A3C9-90CF0774FC8F}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files
 
\comicrack\comicrack.exe
FirewallRules: [UDP Query User{46D1718B-2865-47CE-B90C-56D9DD8365BF}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files
 
\comicrack\comicrack.exe
FirewallRules: [{897A5437-88F2-4854-A016-B801CE1C8347}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6400BFD5-9E68-4238-A1AB-386975C8492A}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4F554961-F4D9-4B3C-9CB1-C3F94A97A049}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) 
 
C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBDC4FDE-CB16-4E5E-A5DF-843A9DA3A5D2}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) 
 
C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{55B263F5-8BDA-48FF-A5D6-C82D140BF20A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program 
 
files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{43B74EC2-1AE6-4B32-A5BF-BC86E215CF5A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program 
 
files (x86)\java\jre7\bin\java.exe
FirewallRules: [{5129C332-F64A-4AD9-A250-2B83EAC77632}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin
 
\googletalkplugin.exe
FirewallRules: [{0AD663AC-B7E3-4274-B345-FDF5A7552055}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin
 
\googletalkplugin.exe
FirewallRules: [{7B0466E3-81DE-410E-952D-D0D29D3EBB5E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{20B2F66F-312C-424B-9AAE-E4BD4782C2F7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{83FA84BE-AA41-4C8D-9FC5-EC0429854EA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35A3B467-213B-4D3F-AEFD-4220B3141FF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56D24518-5669-4476-8915-5764FFB14137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D40D1F6E-C4DA-4F12-A27D-12E1BC90AD94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B69A346-A8F5-42F6-A4EF-BEA77BA1D119}] => (Allow) C:\Users\snow fam\AppData\Local\Facebook\Video\Skype
 
\FacebookVideoCalling.exe
FirewallRules: [{3D9BF6B6-24A7-4FF7-B99A-C4A8086F1F5E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{176075E2-E714-43F3-9AF3-5C0937669E77}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C84F6C73-FD9A-457C-959A-26EDEEF703EA}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{14CF0514-29EF-4113-86E3-A585C352654F}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program 
 
files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{DE61115F-B178-4629-BA8F-53391667FE23}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program 
 
files (x86)\calibre2\calibre.exe
FirewallRules: [{2C968BFB-2964-4795-BA9E-DB95C518D0A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B65B6898-66AC-43D1-9D50-F2B724FE81BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{38FE6007-81C5-46CD-881A-277C078B5F9F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{57F5339A-B1E7-48E7-B281-EA49704120C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A4CDDEDC-6F29-4357-A966-95B006B9C2CA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{95E5B012-6418-4D32-920C-D5B53C68B5D6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CFB48788-6B0A-4082-8941-49D401933526}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0310F9BC-4996-4F7F-A354-207952992D65}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B063F8BC-608E-4890-9A41-EDA437F9AF83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/31/2016 03:50:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about 
 
the problem is available, check the problem history in the Action Center control panel.
 
Process ID: c50
 
Start Time: 01d1eb5c5c6b4c67
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Desktop\CKScanner.exe
 
Report Id: aadb1256-574f-11e6-9de1-e069959f48cb
 
Error: (07/31/2016 03:47:09 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/31/2016 03:46:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests
 
\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS
 
\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-
 
controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (07/31/2016 03:45:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about 
 
the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 1378
 
Start Time: 01d1eb5b135c2a91
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Desktop\CKScanner.exe
 
Report Id: f30ef8f2-574e-11e6-9de1-e069959f48cb
 
Error: (07/31/2016 03:33:23 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (07/31/2016 03:32:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (07/31/2016 03:32:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (07/31/2016 03:32:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (07/31/2016 03:32:34 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (07/31/2016 03:31:25 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
 
System errors:
=============
Error: (07/31/2016 03:33:12 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (07/31/2016 03:18:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/31/2016 03:18:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/31/2016 03:18:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/31/2016 03:18:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/31/2016 03:17:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the 
 
following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the 
 
following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the 
 
following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the 
 
following error: 
%%1068 = The dependency service or group failed to start.
 
 
 
CodeIntegrity:
===================================
  Date: 2016-05-01 11:54:24.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:54:24.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:50.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:50.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:42.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:42.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:14.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:14.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 20:08:42.355
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 20:08:42.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys 
 
because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed 
 
incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 25%
Total physical RAM: 16366.47 MB
Available physical RAM: 12273.98 MB
Total Virtual: 32731.13 MB
Available Virtual: 29130.34 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:1381.17 GB) (Free:668.62 GB) NTFS
Drive d: (CABINET_DVD) (CDROM) (Total:2.23 GB) (Free:0 GB) UDF
Drive j: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1069.1 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 90596A54)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1381.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D26C69D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
Users shortcut scan result (x64) Version: 09-07-2016
Ran by snow fam (2016-07-31 15:58:25)
Running from C:\Users\snow fam\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
 
 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk -> C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-
 
AC0F074E4100}\SC_Reader.ico (Flexera Software LLC)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk -> C:\Program Files (x86)\Adobe Download 
 
Assistant\Adobe Download Assistant.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk -> C:\Program Files (x86)\Adobe\Adobe Help\Adobe Help.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Lightroom 5.3 64-bit.lnk -> C:\Program Files\Adobe\Adobe 
 
Photoshop Lightroom 5.3\lightroom.exe (Adobe Systems)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-
 
544026FBEA83}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application
 
\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk -> C:\Windows\ehome\ehshell.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPublisher.lnk -> C:\Program Files (x86)\MyPublisher\MyPublisher
 
\MyPublisher40.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PASS.lnk -> C:\Program Files (x86)\PASS\PASS.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StudioCloud 3.0.lnk -> J:\StudioCloud 3.0\StudioCloud 3.0.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk -> C:\Windows
 
\System32\WindowsAnytimeUpgradeUI.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk -> C:\Program Files\DVD Maker\DVDMaker.exe (Microsoft 
 
Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft 
 
Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk -> C:\Program Files (x86)\Windows Live\Mail\wlmail.exe 
 
(Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk -> C:\Program Files (x86)\Windows Live\Messenger
 
\msnmsgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk -> C:\Program Files (x86)\Windows Live\Photo 
 
Gallery\MovieMaker.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk -> C:\Program Files (x86)\Windows Live\Photo 
 
Gallery\WLXPhotoGallery.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk -> C:\Program Files\WinRAR\Rar.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk -> C:\Program Files\WinRAR\WinRAR.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk -> C:\Program Files\WinRAR\WinRAR.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Mesh.lnk -> C:\Program Files (x86)\Windows Live
 
\Mesh\WLSync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live\Windows Live Writer.lnk -> C:\Program Files (x86)\Windows Live
 
\Writer\WindowsLiveWriter.exe (Microsoft Corp.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files (x86)\VideoLAN\VLC
 
\Documentation.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files (x86)\VideoLAN\VLC\NEWS.txt 
 
()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files (x86)\VideoLAN\VLC
 
\VideoLAN Website.url ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
 
()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\File Shredder.lnk -> C:\Program Files (x86)\Spybot 
 
- Search & Destroy\SDShred.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Spybot - Search & Destroy.lnk -> C:\Program Files 
 
(x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Tutorial.lnk -> C:\Program Files (x86)\Spybot - 
 
Search & Destroy\Help\English.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Uninstall Spybot-S&D.lnk -> C:\Program Files 
 
(x86)\Spybot - Search & Destroy\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy\Update Spybot-S&D.lnk -> C:\Program Files 
 
(x86)\Spybot - Search & Destroy\SDUpdate.exe (Safer Networking Limited)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk -> C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype 
 
Technologies S.A.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk -> C:\Windows\Installer
 
\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reader for PC\Reader for PC.lnk -> C:\Program Files (x86)\Sony
 
\ReaderDesktop\Reader.exe (Sony Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\About QuickTime.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-
 
AD23-AAD87C5FD44C}\RichText.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk -> C:\Windows\Installer\{FF59BD75-466A-4D5A-
 
AD23-AAD87C5FD44C}\QTPlayer.ico ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoInPress\BookDesigner\BookDesigner.lnk -> C:\Program Files 
 
(x86)\PhotoInPress\BookDesigner\BookDesigner.exe (No File)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoInPress\BookDesigner\Uninstall.lnk -> C:\Program Files 


#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 31 July 2016 - 03:34 PM

NancySn:

 

Thank you for the logs.  Thank you for uninstalling Vuze.  Regrettably, the logs still show that there are "cracked/pirated" Adobe products on the computer.  As I explained previously, Bleeping Computer does not condone the use of pirated or cracked software, not only just for legal reasons, but because using P2P programs and cracked/pirated software is like rolling out a red carpet for malware infections.  It is not a question of IF a computer is going to be infected; it is only a question of WHEN and with WHAT it will be infected.

 

I would really like to be able to assist you, but I cannot do so when the logs show the presence of "cracked/pirated" software.

 

There are other website Forums where they simply close your topic if they detect illicit software.  Here at Bleeping Computer, some take a more nuanced approach.  As long as I don't see cracked/pirated software in your logs, then I can help you.  What you do after I have helped you, is your business.

 

This is your computer, so it is your decision.  If you want my assistance, then the cracked/pirated software has got to go for the duration of the time that I am helping you.

 

If you decide that you want assistance, then you will have to uninstall the "pirated/cracked" software and run CKScanner again, and provide yet another set of FRST logs, including the Addition.txt file.

 

The decision is yours.  Please let me know what you decide.  If you don't want my assistance, I will ask a Moderator to conclude your topic. If you change your mind at a future date, you can uninstall the "cracked/pirated" software and then reopen your topic by sending a Moderator a personal message.

 

Thank you and have a great day.

 

Regards,

-Phil


Edited by garioch7, 31 July 2016 - 03:35 PM.

Member of the Unified Network of Instructors and Trusted Eliminators


#9 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 31 July 2016 - 04:06 PM

Can you tell me which Adobe products are cracked/pirated? I will uninstall them! 



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 01 August 2016 - 01:01 PM

NancySn:
 
Thank you for your post.  The two cracked/pirated Adobe programs are:
 
 

Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)

 
 
:step1: Please uninstall those programs, using the Control Panel, Add/Remove Programs; or, press the Windows logo + "R" key to launch the "Run" command and type in appwiz.cpl, and press <Enter>.
Locate each program separately and click on "Uninstall".  Agree to the prompts to uninstall each program, and reboot between uninstalls.  There may be remnants of the "cracks" left behind after the uninstalls. I will remove the remnants with FRST in a later step.
 
.

:step2: You have at least one entry in your hosts file which is being used to facilitate the pirating of the Adobe product(s).  Your hosts file is rather large (over 15,000 lines) which you probably downloaded from somewhere.  I am going to reset your hosts file back to default, which will require you to download again the custom hosts file that you had, if you wish to continue using it.  For more information on hosts files, please see this link.
 
Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the folder: C:\Users\snow fam\Downloads.

NOTE: It's important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.

CreateRestorePoint:

Hosts:

 
Then please reboot your computer and re-run CKScanner in Normal Boot Mode.  Copy and paste the CKScanner log into your next reply.
 
Next, please re-run FRST in Normal Boot Mode.  Ensure that "Addition.txt" is checked.  Please copy and paste the contents of both "FRST.txt" and "Addition.txt" into your next reply.
 
 
Thank you and have a great day.
 
Regards,
-Phil

 


Member of the Unified Network of Instructors and Trusted Eliminators


#11 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 August 2016 - 03:07 PM

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by snow fam (2016-08-01 17:04:31) Run:2
Running from C:\Users\snow fam\Downloads
Loaded Profiles: snow fam (Available Profiles: snow fam)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
 
Hosts:
*****************
 
Restore point was successfully created.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
==== End of Fixlog 17:07:09 ====


#12 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 August 2016 - 03:38 PM

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\comicrack\microsoft.dynamic.dll
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\metadata.opf
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\step on a crack - michael bennett 1 - james patterson.epub
c:\users\snow fam\documents\books\calibre library\james patterson\step on a crack - michael bennett 1 (1054)\step on a crack - michael bennett 1 - james patterson.mobi
c:\users\snow fam\documents\books\ebooks\james patterson\step on a crack - james patterson.epub
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\file_id.diz
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\x-force.nfo
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\silverefexpro2-pl-ver2.000all.exe
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\torrent downloaded from demonoid.com.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\patch.bat
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\32bit\silverefexpro2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\64bit\silverefexpro2fc64.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc64.dll
scanner sequence 3.IG.11.HWBBAA
 ----- EOF ----- 


#13 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 August 2016 - 03:43 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 09-07-2016 (ATTENTION: ====> FRSTversion is 23 days old and could be outdated)
Ran by snow fam (administrator) on SNOWFAM-PC (01-08-2016 17:39:17)
Running from C:\Users\snow fam\Downloads
Loaded Profiles: snow fam (Available Profiles: snow fam)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\cnext.exe
() C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\cnext.exe [4866760 2015-11-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [BambooCore] => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [Reader Application Helper] => C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ReaderAppHelper.exe [899400 2014-10-24] (Sony Corporation)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-10-01] (Raptr, Inc)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [67840 2016-07-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Facebook Update] => "C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Run: [Google Update] => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-28] (Google Inc.)
HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [2013-05-24] (Dropbox, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 24.222.0.94 24.222.0.95
Tcpip\..\Interfaces\{909426C4-C803-4B4A-8303-14B139DAA5EB}: [DhcpNameServer] 24.222.0.94 24.222.0.95
 
Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12] (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll [2009-01-26] (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-01-16] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
DPF: HKLM {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://javadl-esd.oracle.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {BEA7310D-06C4-4339-A784-DC3804819809} hxxp://www.walmartphotocentre.ca/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-01-31] (Skype Technologies S.A.)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-07-12] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-07-12] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll [2011-12-13] (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2011-06-20] (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop -> C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll [2014-10-24] (Sony Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-30] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @citrixonline.com/appdetectorplugin -> C:\Users\snow fam\AppData\Local\Citrix\Plugins\94\npappdetector.dll [2013-02-21] (Citrix Online)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @talk.google.com/O1DPlugin -> C:\Users\snow fam\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=3 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin HKU\S-1-5-21-534614172-2324584149-4159002519-1001: @tools.google.com/Google Update;version=9 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-31] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\snow fam\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &video& - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-02-14] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-05]
CHR Extension: (Google Drive) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Adblock Plus) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Google Search) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Avira Browser Safety) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-07-14]
CHR Extension: (Google Docs Offline) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\snow fam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-28]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [309384 2016-07-11] (Avira Operations GmbH & Co. KG)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) [File not signed]
S4 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [66560 2011-09-22] (Nalpeiron Ltd.) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S3 Sony SCSI Helper Service; C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe [73728 2014-04-25] (Sony Corporation) [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 libusb0; C:\Windows\System32\drivers\libusb0.sys [29184 2012-03-02] (hxxp://libusb-win32.sourceforge.net)
S3 libusb0; C:\Windows\SysWOW64\drivers\libusb0.sys [21504 2010-10-12] (hxxp://libusb-win32.sourceforge.net)
S3 Linksys_adapter_H; C:\Windows\System32\DRIVERS\AE2500w764.sys [1254464 2011-03-28] (Broadcom Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) [File not signed]
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64896 2016-03-10] (Malwarebytes Corporation) [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2015-11-05] (Apple, Inc.) [File not signed]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-01 17:04 - 2016-08-01 17:07 - 00000539 _____ C:\Users\snow fam\Downloads\Fixlog.txt
2016-07-31 18:58 - 2016-07-31 18:58 - 00002422 _____ C:\Users\snow fam\Desktop\PopPreset.lrtemplate
2016-07-31 16:08 - 2016-08-01 17:37 - 00002056 _____ C:\Users\snow fam\Desktop\ckfiles.txt
2016-07-31 15:59 - 2016-07-31 16:12 - 00060641 _____ C:\Users\snow fam\Desktop\Addition.txt
2016-07-31 15:59 - 2016-07-31 15:59 - 00088511 _____ C:\Users\snow fam\Desktop\FRST.txt
2016-07-31 15:58 - 2016-07-31 15:58 - 00192347 _____ C:\Users\snow fam\Downloads\Shortcut.txt
2016-07-31 15:58 - 2016-07-31 15:58 - 00192347 _____ C:\Users\snow fam\Desktop\Shortcut.txt
2016-07-31 15:38 - 2016-07-31 15:38 - 00468480 _____ () C:\Users\snow fam\Downloads\CKScanner.exe
2016-07-31 15:38 - 2016-07-31 15:38 - 00468480 _____ () C:\Users\snow fam\Desktop\CKScanner.exe
2016-07-25 19:03 - 2016-07-25 19:03 - 00105818 _____ C:\Users\snow fam\Desktop\MSI-Health-Card-Renewal-Form.pdf
2016-07-23 11:59 - 2016-07-23 11:59 - 00000000 ____D C:\Users\snow fam\AppData\Local\{47FF3084-61E9-4C61-ADEF-F942012B1206}
2016-07-22 17:06 - 2016-07-22 17:06 - 00175142 _____ C:\Users\snow fam\Documents\OfferLetter.pdf
2016-07-21 19:52 - 2016-07-31 15:59 - 00060641 _____ C:\Users\snow fam\Downloads\Addition.txt
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-07-21 19:19 - 2016-07-21 19:19 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-07-21 19:18 - 2016-07-21 19:18 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\snow fam\Downloads\cbSetup.exe
2016-07-19 17:52 - 2016-07-19 17:52 - 02870984 _____ (ESET) C:\Users\snow fam\Desktop\esetsmartinstaller_enu (2).exe
2016-07-19 17:48 - 2016-07-19 17:49 - 02870984 _____ (ESET) C:\Users\snow fam\Downloads\esetsmartinstaller_enu (1).exe
2016-07-19 17:46 - 2016-07-19 17:46 - 00000000 ____D C:\Program Files\ESET
2016-07-19 17:45 - 2016-07-19 17:45 - 03017376 _____ (ESET) C:\Users\snow fam\Downloads\eset_nod32_antivirus_live_installer.exe
2016-07-19 17:22 - 2016-07-19 17:23 - 00000000 ____D C:\AdwCleaner
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Downloads\AdwCleaner (1).exe
2016-07-19 17:21 - 2016-07-19 17:21 - 03712064 _____ C:\Users\snow fam\Desktop\AdwCleaner (1).exe
2016-07-18 18:27 - 2016-07-18 18:27 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (2).exe
2016-07-18 18:26 - 2016-07-18 18:26 - 00024532 _____ C:\Users\snow fam\Desktop\JRT.txt
2016-07-18 18:24 - 2016-07-18 18:24 - 01610560 _____ (Malwarebytes) C:\Users\snow fam\Downloads\JRT (1).exe
2016-07-18 18:15 - 2016-07-18 18:15 - 00038834 _____ C:\Users\snow fam\Desktop\MTB.txt
2016-07-18 18:14 - 2016-07-18 18:14 - 00038834 _____ C:\Users\snow fam\Downloads\MTB.txt
2016-07-18 18:13 - 2016-07-18 18:13 - 00892416 _____ (Farbar) C:\Users\snow fam\Downloads\MiniToolBox (1).exe
2016-07-18 18:00 - 2016-07-31 15:17 - 00390116 _____ C:\Windows\ntbtlog.txt
2016-07-18 17:36 - 2016-07-18 17:40 - 00001170 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2016-07-18 17:36 - 2016-07-18 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-07-18 17:36 - 2016-07-18 17:36 - 04702544 _____ (Avira Operations GmbH & Co. KG) C:\Users\snow fam\Downloads\avira_en_av_578d3ab2c8853__ws.exe
2016-07-18 17:36 - 2016-07-18 17:36 - 00000000 ____D C:\Program Files (x86)\Avira
2016-07-16 18:30 - 2016-07-16 18:30 - 00164090 _____ C:\Users\snow fam\Downloads\me... and two other people
2016-07-16 00:14 - 2016-07-16 00:14 - 00000000 _____ C:\Users\snow fam\Desktop\sfcdetails.txt
2016-07-14 17:36 - 2016-06-25 21:35 - 00041704 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-07-14 17:36 - 2016-06-25 21:27 - 01208320 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00970240 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00344576 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\inetpp.dll
2016-07-14 17:36 - 2016-06-25 21:27 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\inetppui.dll
2016-07-14 17:36 - 2016-06-25 16:54 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00297472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.dll
2016-07-14 17:36 - 2016-06-25 16:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\ntprint.exe
2016-07-14 17:36 - 2016-06-25 16:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wpnpinst.exe
2016-07-14 17:36 - 2016-06-25 16:41 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntprint.exe
2016-07-14 17:36 - 2016-06-22 10:06 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00544256 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00294912 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-07-14 17:36 - 2016-06-17 15:24 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-07-14 17:36 - 2016-06-11 03:57 - 00394448 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-07-14 17:36 - 2016-06-11 01:48 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-07-14 17:36 - 2016-06-10 18:38 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 18:38 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-07-14 17:36 - 2016-06-10 18:20 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-07-14 17:36 - 2016-06-10 18:19 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-07-14 17:36 - 2016-06-10 18:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-07-14 17:36 - 2016-06-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 18:17 - 02895360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-07-14 17:36 - 2016-06-10 18:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 18:08 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-07-14 17:36 - 2016-06-10 18:05 - 25814016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-07-14 17:36 - 2016-06-10 18:04 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-07-14 17:36 - 2016-06-10 18:03 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 18:03 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-07-14 17:36 - 2016-06-10 18:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-07-14 17:36 - 2016-06-10 18:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 17:53 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-07-14 17:36 - 2016-06-10 17:50 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 17:49 - 06047744 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-07-14 17:36 - 2016-06-10 17:40 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 17:38 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-07-14 17:36 - 2016-06-10 17:35 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-07-14 17:36 - 2016-06-10 17:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 17:31 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 17:28 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-07-14 17:36 - 2016-06-10 17:15 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-07-14 17:36 - 2016-06-10 17:13 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-07-14 17:36 - 2016-06-10 17:12 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 17:11 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 17:10 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 16:45 - 15409664 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-07-14 17:36 - 2016-06-10 16:44 - 02869248 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-07-14 17:36 - 2016-06-10 16:30 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-07-14 17:36 - 2016-06-10 16:21 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 16:09 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-07-14 17:36 - 2016-06-10 15:54 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00497664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-07-14 17:36 - 2016-06-10 15:53 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-07-14 17:36 - 2016-06-10 15:53 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-07-14 17:36 - 2016-06-10 15:52 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-07-14 17:36 - 2016-06-10 15:47 - 02287104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-07-14 17:36 - 2016-06-10 15:46 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-07-14 17:36 - 2016-06-10 15:45 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 20348928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-07-14 17:36 - 2016-06-10 15:42 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-07-14 17:36 - 2016-06-10 15:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-07-14 17:36 - 2016-06-10 15:32 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-07-14 17:36 - 2016-06-10 15:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-07-14 17:36 - 2016-06-10 15:26 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-07-14 17:36 - 2016-06-10 15:24 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-07-14 17:36 - 2016-06-10 15:23 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-07-14 17:36 - 2016-06-10 15:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-07-14 17:36 - 2016-06-10 15:19 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-07-14 17:36 - 2016-06-10 15:14 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-07-14 17:36 - 2016-06-10 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-07-14 17:36 - 2016-06-10 15:10 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-07-14 17:36 - 2016-06-10 15:09 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-07-14 17:36 - 2016-06-10 15:09 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-07-14 17:36 - 2016-06-10 14:58 - 13806080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-07-14 17:36 - 2016-06-10 14:45 - 02392576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-07-14 17:36 - 2016-06-10 14:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-07-14 17:36 - 2016-06-10 14:41 - 01315840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-07-14 17:34 - 2016-06-14 12:03 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-07-14 17:18 - 2016-07-14 17:18 - 00003558 _____ C:\Users\snow fam\Downloads\winsock2 (1).zip
2016-07-13 17:25 - 2016-05-04 10:19 - 00138810 _____ C:\Users\snow fam\Desktop\winsock2.reg
2016-07-13 17:23 - 2016-07-13 17:23 - 00000000 ____D C:\Users\snow fam\Downloads\winsock2
2016-07-13 17:22 - 2016-05-23 13:54 - 00069462 _____ C:\Users\snow fam\Downloads\winsock2.reg
2016-07-13 17:21 - 2016-07-13 17:21 - 00007317 _____ C:\Users\snow fam\Downloads\winsock2.zip
2016-07-10 10:09 - 2015-07-30 10:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 10:09 - 2015-07-30 10:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-07-10 09:22 - 2016-08-01 17:39 - 00018908 _____ C:\Users\snow fam\Downloads\FRST.txt
2016-07-10 09:21 - 2016-07-10 09:21 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (2).exe
2016-07-09 20:11 - 2016-07-09 20:11 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64 (1).exe
2016-07-09 20:07 - 2016-08-01 17:39 - 00000000 ____D C:\FRST
2016-07-09 20:06 - 2016-07-09 20:07 - 02390016 _____ (Farbar) C:\Users\snow fam\Downloads\FRST64.exe
2016-07-07 12:23 - 2016-07-18 22:26 - 00000000 ____D C:\Users\snow fam\AppData\Local\ElevatedDiagnostics
2016-07-06 14:43 - 2016-02-03 15:58 - 00862208 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:52 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-07-06 14:43 - 2016-02-03 15:49 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-07-06 14:43 - 2016-02-03 15:43 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-07-06 13:21 - 2016-03-16 15:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-07-06 13:21 - 2016-03-16 15:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-07-06 13:21 - 2016-02-02 15:57 - 00511488 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:18 - 00723968 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-07-06 13:21 - 2016-01-22 03:04 - 00535040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-07-06 13:20 - 2016-05-12 14:20 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-07-06 13:20 - 2016-05-12 14:20 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-07-06 13:20 - 2016-05-12 14:15 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\winipsec.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 14:15 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00794624 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\IPSECSVC.DLL
2016-07-06 13:20 - 2016-05-12 14:14 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\polstore.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-07-06 13:20 - 2016-05-12 14:14 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\polstore.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winipsec.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FwRemoteSvr.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-07-06 13:20 - 2016-05-12 12:18 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-07-06 13:20 - 2016-05-12 12:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:58 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-07-06 13:20 - 2016-05-12 11:58 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-07-06 13:20 - 2016-05-12 11:57 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-07-06 13:20 - 2016-05-12 11:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-07-06 13:20 - 2016-05-12 11:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-07-06 13:20 - 2016-05-12 10:05 - 00459640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-07-06 13:20 - 2016-05-12 10:05 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-07-06 13:20 - 2016-05-12 10:04 - 00249352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-07-06 13:20 - 2016-04-14 13:46 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-07-06 13:20 - 2016-04-14 13:42 - 03243520 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-07-06 13:20 - 2016-04-14 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-07-06 13:20 - 2016-04-14 12:33 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-07-06 13:20 - 2016-04-14 12:19 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-07-06 13:20 - 2016-04-14 12:11 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-07-06 13:20 - 2016-04-14 10:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-07-06 13:20 - 2016-04-14 10:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-07-06 13:20 - 2016-04-09 04:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-07-06 13:20 - 2016-04-09 04:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 04:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-07-06 13:20 - 2016-04-09 03:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-07-06 13:20 - 2016-04-09 03:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 14186496 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 12881408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 03:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:53 - 03231232 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-07-06 13:20 - 2016-04-09 02:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-07-06 13:20 - 2016-04-09 02:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-07-06 13:20 - 2016-04-09 02:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-07-06 13:20 - 2016-04-09 02:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-07-06 13:20 - 2016-04-09 02:44 - 02973184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-07-06 13:20 - 2016-04-09 02:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-07-06 13:20 - 2016-04-09 02:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-07-06 13:20 - 2016-04-09 02:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-07-06 13:20 - 2016-04-09 02:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-07-06 13:20 - 2016-04-09 02:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-07-06 13:20 - 2016-03-17 19:56 - 02084864 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-07-06 13:20 - 2016-03-17 19:28 - 01414144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00760320 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-07-06 13:20 - 2016-03-15 21:16 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-07-06 13:20 - 2016-03-15 20:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 14634496 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:57 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-07-06 13:20 - 2016-02-09 06:54 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:51 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-07-06 13:20 - 2016-02-09 06:51 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-07-06 13:20 - 2016-02-09 06:13 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00740352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 18:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 18:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00829952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 18:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 18:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 18:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 18:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-07-06 13:20 - 2015-12-08 18:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01160192 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 01026048 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 01010688 _____ (Microsoft Corporation) C:\Windows\system32\mcmde.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-07-06 13:20 - 2015-12-08 16:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-07-06 13:20 - 2015-12-08 16:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-07-06 13:20 - 2015-12-08 16:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-07-06 13:20 - 2015-12-08 16:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-07-06 13:20 - 2015-12-08 16:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-07-06 13:20 - 2015-12-08 16:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-07-06 13:20 - 2015-12-08 15:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-07-06 13:20 - 2015-12-08 15:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-07-06 13:20 - 2015-12-08 15:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-07-06 13:20 - 2015-11-19 11:07 - 00994760 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:07 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00922432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-07-06 13:20 - 2015-11-19 11:06 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-07-06 13:19 - 2016-05-12 14:15 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-07-06 13:19 - 2016-05-12 12:18 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-07-06 13:19 - 2016-04-09 04:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-07-06 13:19 - 2016-04-09 04:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-07-06 13:19 - 2016-04-09 03:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-07-06 13:19 - 2016-04-09 01:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-09 00:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2016-07-06 13:19 - 2016-04-06 12:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-07-06 13:19 - 2016-03-09 16:00 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2016-07-06 13:19 - 2016-03-09 15:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2016-07-06 13:19 - 2016-03-09 15:40 - 00316416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2016-07-06 13:19 - 2016-03-09 15:34 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 03169792 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:52 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-07-06 13:19 - 2016-02-12 15:39 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-07-06 13:19 - 2016-02-12 15:22 - 02610688 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-07-06 13:19 - 2016-02-12 15:19 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-07-06 13:19 - 2016-02-12 15:18 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-07-06 13:19 - 2016-02-12 15:06 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-07-06 13:19 - 2016-02-12 15:05 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-07-06 13:19 - 2016-02-12 15:05 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-07-06 13:19 - 2016-01-07 14:42 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-07-06 13:19 - 2015-12-08 18:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-07-06 13:19 - 2015-12-08 16:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-07-06 13:19 - 2015-11-13 20:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-07-06 13:19 - 2015-11-13 20:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-07-06 13:19 - 2015-11-13 19:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-07-06 13:19 - 2015-11-13 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-07-06 13:18 - 2016-01-20 21:51 - 00073664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-07-06 13:17 - 2016-05-18 13:10 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-07-06 13:17 - 2016-05-18 13:09 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-07-06 13:17 - 2016-05-13 19:15 - 00382184 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2016-07-06 13:17 - 2016-05-13 19:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:54 - 00308456 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-07-06 13:17 - 2016-05-13 18:50 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2016-07-06 13:17 - 2016-05-13 18:49 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2016-07-06 13:17 - 2016-05-13 18:27 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-07-06 13:17 - 2016-05-11 14:02 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2016-07-06 13:17 - 2016-05-11 12:19 - 00363520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2016-07-06 13:17 - 2016-02-09 06:55 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\seclogon.dll
2016-07-06 13:17 - 2016-02-04 22:19 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-07-06 13:17 - 2016-02-04 15:41 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-07-06 13:17 - 2016-02-03 15:07 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2016-07-06 11:42 - 2016-05-11 14:02 - 00444928 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2016-07-06 11:42 - 2016-05-11 14:02 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00351744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2016-07-06 11:42 - 2016-05-11 12:19 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ws2_32.dll
2016-07-06 11:42 - 2016-05-11 12:11 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 12:01 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netbtugc.exe
2016-07-06 11:42 - 2016-05-11 11:58 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netbt.sys
2016-07-06 11:42 - 2016-03-06 15:53 - 01885696 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 01240576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-07-06 11:42 - 2016-03-06 15:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2016-07-06 11:42 - 2016-02-05 15:56 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\tbs.dll
2016-07-06 11:42 - 2016-02-05 15:54 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-07-06 11:42 - 2016-02-05 14:33 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tbs.dll
2016-07-06 11:42 - 2016-01-11 16:11 - 01684416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-07-06 11:42 - 2015-06-03 17:21 - 00451080 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-07-06 11:25 - 2016-07-06 11:25 - 00414720 _____ (Microsoft Corporation) C:\Users\snow fam\Downloads\Unconfirmed 696381.crdownload
2016-07-04 14:55 - 2016-07-04 14:55 - 00003192 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e04.hdtv.x264.lol.ettv.torrent
2016-07-02 16:40 - 2016-07-02 16:40 - 00052558 _____ C:\Users\snow fam\Downloads\[kat.cr]brazzers.big.tits.at.work.asa.akira.katsuni.london.keyes.mia.lelani.keiran.lee.office.4.play.ii.asian.sensation.mp4.torrent
2016-07-02 16:35 - 2016-07-02 16:35 - 00012522 _____ C:\Users\snow fam\Downloads\[kat.cr]wickedpictures.asa.akira.jessica.drake.katie.morgan.luna.star.teanna.trump.the.j.o.b.scene.07.new.release.june.2016.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00004732 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e03.hdtv.x264.lol.ettv.torrent
2016-07-02 16:24 - 2016-07-02 16:24 - 00003866 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e02.hdtv.x264.lol.ettv.torrent
2016-07-02 16:23 - 2016-07-02 16:23 - 00003887 _____ C:\Users\snow fam\Downloads\[kat.cr]the.last.ship.s03e01.hdtv.x264.lol.ettv.torrent
2016-07-02 16:21 - 2016-07-02 16:21 - 00019709 _____ C:\Users\snow fam\Downloads\[kat.cr]turn.s03.complete.1080p.10bit.web.dl.6ch.x265.hevc.power.torrent
2016-07-02 15:52 - 2016-07-02 15:52 - 00062224 _____ C:\Users\snow fam\Downloads\[kat.cr]marco.polo.2014.season.2.complete.720p.webrip.hevc.x265.rmteam.720p.hevc.torrent
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-01 17:29 - 2013-08-08 14:24 - 00000940 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-08-01 17:19 - 2013-08-12 12:25 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job
2016-08-01 17:18 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-08-01 17:18 - 2009-07-14 01:45 - 00017296 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-08-01 17:17 - 2013-11-20 18:20 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-01 17:16 - 2013-05-08 08:21 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-08-01 17:09 - 2013-11-20 18:20 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-01 17:09 - 2011-08-11 03:41 - 00000000 ____D C:\ProgramData\clear.fi
2016-08-01 17:09 - 2009-07-14 02:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-08-01 16:57 - 2011-08-14 00:00 - 00000000 ____D C:\Program Files\Common Files\Adobe
2016-08-01 16:57 - 2011-04-06 10:22 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-08-01 16:56 - 2011-04-06 10:22 - 00000000 ____D C:\ProgramData\Adobe
2016-08-01 16:55 - 2011-08-11 02:37 - 00000000 ____D C:\Users\snow fam
2016-08-01 16:54 - 2011-08-11 02:37 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Adobe
2016-08-01 15:19 - 2013-08-12 12:25 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-08-01 14:29 - 2013-08-08 14:24 - 00000918 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job
2016-07-31 16:02 - 2012-07-12 18:37 - 00000000 ____D C:\Program Files\ComicRack
2016-07-31 16:02 - 2011-09-12 09:30 - 00000000 ____D C:\Users\snow fam\Documents\Books
2016-07-31 15:36 - 2009-07-14 02:13 - 00782470 _____ C:\Windows\system32\PerfStringBackup.INI
2016-07-31 15:36 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\inf
2016-07-31 15:32 - 2014-05-20 13:23 - 00000000 ____D C:\Program Files (x86)\Vuze
2016-07-31 15:14 - 2013-08-12 12:25 - 00003900 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA
2016-07-31 15:14 - 2013-08-12 12:25 - 00003504 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core
2016-07-30 22:12 - 2013-11-20 18:20 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-30 22:12 - 2013-11-20 18:20 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-22 17:01 - 2011-08-12 03:06 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs
2016-07-19 17:50 - 2014-04-16 21:28 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-07-19 17:05 - 2014-10-08 13:09 - 00151552 ___SH C:\Users\snow fam\Documents\Thumbs.db
2016-07-18 17:53 - 2013-03-08 21:13 - 00000000 ____D C:\Windows\pss
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Package Cache
2016-07-18 17:36 - 2014-05-20 19:08 - 00000000 ____D C:\ProgramData\Avira
2016-07-18 17:23 - 2014-05-20 19:13 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Avira
2016-07-17 18:50 - 2012-05-16 22:01 - 03618816 ___SH C:\Users\snow fam\Downloads\Thumbs.db
2016-07-15 10:52 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\rescache
2016-07-15 09:39 - 2009-07-14 01:45 - 05005384 _____ C:\Windows\system32\FNTCACHE.DAT
2016-07-14 23:22 - 2015-04-19 15:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-07-14 23:22 - 2010-11-21 04:17 - 00000000 ____D C:\Program Files\Windows Journal
2016-07-14 21:16 - 2013-05-08 08:21 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-07-14 21:16 - 2012-04-18 07:53 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-07-14 21:16 - 2011-09-13 15:34 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-07-14 17:48 - 2013-09-29 21:05 - 00000000 ____D C:\Windows\system32\MRT
2016-07-14 17:40 - 2011-08-21 00:37 - 144749672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-07-12 17:16 - 2011-09-13 15:34 - 00000000 ____D C:\Windows\system32\Macromed
2016-07-12 17:16 - 2011-04-06 10:23 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-07-12 13:19 - 2014-12-29 17:42 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-07-12 13:18 - 2015-08-05 15:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-07-11 16:02 - 2011-08-11 03:47 - 00000000 ____D C:\Users\snow fam\AppData\LocalLow\Temp
2016-07-11 16:01 - 2011-08-11 02:38 - 00001210 _____ C:\Users\Public\Desktop\Netflix.lnk
2016-07-11 07:49 - 2009-07-14 01:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-07-11 07:43 - 2014-01-02 22:43 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-07-10 23:50 - 2014-05-19 20:59 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-07-10 10:00 - 2014-01-02 22:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-07-07 12:24 - 2009-07-14 00:20 - 00000000 ____D C:\Windows\system32\NDF
2016-07-07 12:02 - 2013-03-10 16:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-07-07 12:02 - 2011-08-11 03:49 - 00000000 ____D C:\Users\snow fam\AppData\Roaming\Azureus
2016-07-06 13:21 - 2012-10-02 18:26 - 00007593 _____ C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
 
==================== Files in the root of some directories =======
 
2012-02-29 21:03 - 2012-02-29 21:28 - 0000132 _____ () C:\Users\snow fam\AppData\Roaming\Adobe PNG Format CS5 Prefs
2013-04-24 14:00 - 2013-10-16 11:41 - 0000000 _____ () C:\Users\snow fam\AppData\Roaming\bitlord_log.txt
2013-11-13 22:22 - 2013-11-13 22:22 - 0000038 ___SH () C:\Users\snow fam\AppData\Local\4c6d4c0d519c43f31ecc76.94841244
2012-03-01 17:12 - 2013-11-06 17:42 - 0001456 _____ () C:\Users\snow fam\AppData\Local\Adobe Save for Web 12.0 Prefs
2011-09-13 19:45 - 2011-09-13 19:45 - 0004608 _____ () C:\Users\snow fam\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-16 12:11 - 2013-10-16 12:11 - 0000218 _____ () C:\Users\snow fam\AppData\Local\recently-used.xbel
2012-10-02 18:26 - 2016-07-06 13:21 - 0007593 _____ () C:\Users\snow fam\AppData\Local\Resmon.ResmonCfg
2011-06-02 16:09 - 2011-06-02 16:11 - 0015149 _____ () C:\ProgramData\ArcadeDeluxe5.log
 
Some files in TEMP:
====================
C:\Users\snow fam\AppData\Local\Temp\avgnt.exe
C:\Users\snow fam\AppData\Local\Temp\libeay32.dll
C:\Users\snow fam\AppData\Local\Temp\msvcr120.dll
C:\Users\snow fam\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-07-31 03:42
 
==================== End of FRST.txt ============================


#14 NancySn

NancySn
  • Topic Starter

  • Members
  • 59 posts
  • OFFLINE
  •  
  • Local time:10:01 AM

Posted 01 August 2016 - 03:44 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by snow fam (2016-08-01 17:40:41)
Running from C:\Users\snow fam\Downloads
Windows 7 Home Premium Service Pack 1 (X64) (2011-08-11 05:37:53)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-534614172-2324584149-4159002519-500 - Administrator - Disabled)
Guest (S-1-5-21-534614172-2324584149-4159002519-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-534614172-2324584149-4159002519-1004 - Limited - Enabled)
snow fam (S-1-5-21-534614172-2324584149-4159002519-1001 - Administrator - Enabled) => C:\Users\snow fam
UpdatusUser (S-1-5-21-534614172-2324584149-4159002519-1000 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0225.2011 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20050 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 22.0.0.210 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.3.633 - Adobe Systems, Inc.)
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: 1.14.0.43019 - Amazon)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 5.00 - Advanced Micro Devices, Inc.)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden
Bamboo Dock (HKLM-x32\...\Bamboo Dock) (Version: 4.1 - Wacom Co., Ltd.)
Bamboo Dock (x32 Version: 4.1.0 - Wacom Europe GmbH) Hidden
Bamboo Tablets Tutorial (x32 Version: 3.0.20 - Wacom) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
calibre (HKLM-x32\...\{0CF3C0FA-02EA-4E15-9495-1C441C0377B3}) (Version: 2.18.0 - Kovid Goyal)
CameraHelperMsi (x32 Version: 13.30.1395.0 - Logitech) Hidden
Catalyst Control Center Next Localization BR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2015.1129.1552.28517 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.27 - Piriform)
clear.fi (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 1.0.1422.15 - CyberLink Corp.)
clear.fi (x32 Version: 1.0.1422.15 - CyberLink Corp.) Hidden
clear.fi (x32 Version: 9.0.7418 - CyberLink Corp.) Hidden
clear.fi Client (HKLM-x32\...\{43AAE145-83CF-4C96-9A5E-756CEFCE879F}) (Version: 1.00.3007 - Acer Incorporated)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
ComicRack v0.9.155 (HKLM\...\ComicRack) (Version: v0.9.155 - cYo Soft)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Cyberduck 4.3.1 (11008) (HKLM-x32\...\Cyberduck) (Version: 4.3.1 (11008) - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
Dropbox (HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Acer Incorporated)
Imagenomic Portraiture 2.3 Plug-in (build 2308) (HKLM\...\ImagenomicPortraiturePlugin) (Version:  - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Logitech Vid HD (HKLM-x32\...\Logitech Vid) (Version: 7.2 (7248) - Logitech Inc..)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
MediaEspresso (x32 Version: 1.0.1423_35858 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Camera Codec Pack (HKLM\...\{9DCA0803-0890-4631-94BA-17DE31C49C40}) (Version: 16.4.1734.1104 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{F2508213-9989-4E85-A078-72BE483917EF}) (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPublisher (HKLM-x32\...\MyPublisher) (Version:  - MyPublisher, Inc.)
MyWinLocker (Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker 4 (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.11 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 4.0.14.11 - Egis Technology Inc.) Hidden
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
newsXpresso (HKLM-x32\...\InstallShield_{613C0AC5-3A67-4B94-8B13-9176AD83F5BF}) (Version: 1.0.0.40 - esobi Inc.)
newsXpresso (x32 Version: 1.0.0.40 - esobi Inc.) Hidden
PASS (HKLM-x32\...\com.showitfast.pass.desktop.PASS) (Version: 2.1.317 - Showitfast, Inc)
PASS (x32 Version: 2.1.317 - Showitfast, Inc) Hidden
QuickTime 7 (HKLM-x32\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Reader for PC (HKLM-x32\...\{D279DFB7-97A3-439D-8BE9-95D8AFA68562}) (Version: 2.4.01.10241 - Sony Corporation)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6257 - Realtek Semiconductor Corp.)
Shredder (Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.7 - Egis Technology Inc.) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.6.11664 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
StudioCloud 3.0 (HKLM-x32\...\com.StudioCloud.Desktop.3.F2DAE273367737D97F8409B8C86CCCEDC39FC38E.1) (Version: 3.1.247 - StudioCloud International Inc.)
StudioCloud 3.0 (x32 Version: 3.1.247 - StudioCloud International Inc.) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SymMover (HKLM-x32\...\SymMover) (Version:  - )
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{59B55F04-DE14-4BB8-92FF-C4A22EF2E5F4}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.31.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\snow fam\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll (Dropbox, Inc.)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {03591A0E-80BE-4E2D-8AD1-CC962D17C577} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {278811F8-3E17-472C-896B-D2365300B8E7} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-02-22] (CyberLink Corp.)
Task: {3132E278-2874-4F61-954A-5D44860131DF} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-02-22] (CyberLink)
Task: {3507A0D4-7217-404A-A15D-94570782251A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {4FEDBE2D-DC6F-46BB-ACE1-5F2B564E09E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {50C3DBC8-102B-4D04-89B4-96F364EA9421} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-01-23] (Piriform Ltd)
Task: {71CD6319-84C1-4705-88E2-5896AAC6303C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: {9A8446D9-51E1-4AC0-B4E6-1091687CB387} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {9FA9213E-0B71-470C-B593-0ABAAAAB19DC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {B035D5DC-F5DF-4EF6-A725-729CD5ED68B1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {BDA5CC05-0068-4BF6-8372-BAC78B69B175} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2015-11-29] (Advanced Micro Devices, Inc.)
Task: {BF44CFB8-8CEC-4B5D-868F-29A4F4746F23} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-02-22] (Acer Incorporated)
Task: {C5E34943-C426-40A1-B864-B67C5E1A78A6} - System32\Tasks\{D851F931-CB89-4361-BEA9-9C7F7923F46A} => pcalua.exe -a "C:\Users\snow fam\Downloads\amddriverdownloader (1).exe" -d "C:\Users\snow fam\Downloads"
Task: {C6DE1D64-BA4F-47F2-B0FE-73C6177F7581} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-14] (Adobe Systems Incorporated)
Task: {EBE1CDBC-CB46-4E4E-B375-E2EECC687D86} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001Core.job => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534614172-2324584149-4159002519-1001UA.job => C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX Author – Create DivX Movies.lnk -> hxxp://go.divx.com/divx/windows/author/moviesfolder/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX.com.lnk -> hxxp://go.divx.com/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Enhance your video soundtracks.lnk -> hxxp://go.divx.com/divx/windows/player/dfx/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Post DivX® video to your website.lnk -> hxxp://go.divx.com/publishvideo/en (No File)
Shortcut: C:\Users\snow fam\Desktop\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
Shortcut: C:\Users\snow fam\Desktop\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=desktop (No File)
Shortcut: C:\Users\snow fam\Desktop\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\4\Microsoft.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\3\Ensemble Studios on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\2\Support.lnk -> hxxp:\support.microsoft.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\1\Microsoft Games Studios - Age of Empires III - The WarChiefs on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\0\Age Community.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{BB9D051D-A3CC-422F-931A-1019449001A5}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{B71A3D29-03D6-48E2-909B-183371B53249}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{528AC45E-C2CF-43AB-AAF0-6B268211A5F2}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{30DB7B94-7BD4-4BE5-9D92-7BBD12C0EAE4}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=program (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artsy Couture ROES\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
 
==================== Loaded Modules (Whitelisted) ==============
 
2009-12-13 23:19 - 2009-12-09 06:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2009-01-21 20:45 - 2009-01-21 20:45 - 01401856 _____ () C:\Program Files (x86)\EgisTec MyWinLocker\x64\LIBEAY32.dll
2011-10-25 11:04 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files\WinRAR\rarext.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2012-10-16 06:39 - 2012-10-16 06:39 - 00646744 _____ () C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
2014-10-11 14:06 - 2014-10-11 14:06 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-24 22:34 - 2014-10-24 22:34 - 00880640 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\fsk.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00040264 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMediaPlayers.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00239944 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\Fskin.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00026952 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskinLocalize.dll
2014-04-25 22:46 - 2014-04-25 22:46 - 00798720 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskSecurity.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00125256 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskDocumentViewer.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00016200 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskPower.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00024904 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskNetInterface.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00017224 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskMobileMediaDevice.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00015176 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\FskTimeHardware.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00034632 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ticket.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00018760 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookDeviceNotifier.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00092488 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\ebookUsb.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00149832 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\readerAppHelper.dll
2014-10-24 22:35 - 2014-10-24 22:35 - 00178504 _____ () C:\Program Files (x86)\Sony\ReaderDesktop\appHelper\USBDetector.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:34 - 2010-01-21 01:34 - 08793952 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-02-22 14:01 - 2011-02-22 14:01 - 00206216 _____ () C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
2016-07-11 08:26 - 2016-07-11 08:26 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f1b815cf32572cea383bc47659c174fa\IsdiInterop.ni.dll
2011-06-02 15:58 - 2010-11-06 03:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll
2016-06-19 17:12 - 2016-06-15 06:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7794 more sites.
 
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-534614172-2324584149-4159002519-1001\...\123simsen.com -> www.123simsen.com
 
There are 7794 more sites.
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 23:34 - 2016-08-01 17:07 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-534614172-2324584149-4159002519-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 24.222.0.94 - 24.222.0.95
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: EgisTec Ticket Service => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: Live Updater Service => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: nlsX86cc => 2
MSCONFIG\Services: Skype C2C Service => 2
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: SwitchBoard => 3
MSCONFIG\Services: TouchServicePen => 2
MSCONFIG\startupfolder: C:^Users^snow fam^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
MSCONFIG\startupreg: BambooCore => C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\snow fam\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Vid => "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
MSCONFIG\startupreg: LWS => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MSCONFIG\startupreg: WD Drive Unlocker => C:\Program Files (x86)\Western Digital\WD Apps\WDDriveAutoUnlock.exe
MSCONFIG\startupreg: WD Quick View => C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{480F250A-2549-4FB6-AFDE-62B9372C1175}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe
FirewallRules: [{C8545905-F581-46A9-BD7A-6ECA75374DBE}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
FirewallRules: [{9D12B5B3-86BF-4DDA-B23A-8063EA66DE6F}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\CLML\CLMLSvc.exe
FirewallRules: [{C274BC37-A34E-4E29-80A3-75FB33AB5418}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{CD01AD17-9EB9-43E8-BA15-E5AB57EA185D}] => (Allow) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{410D6CA4-4CC6-474E-91A6-D5BF316058C7}] => (Block) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe
FirewallRules: [{89A7F38F-7CA5-43BF-B015-53B0F1A1A2D5}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{B1720887-F31B-4C54-9C42-88972A269F9A}] => (Allow) LPort=2869
FirewallRules: [{D653AFA8-8BF0-49DC-A60C-5100DDC39C6E}] => (Allow) LPort=1900
FirewallRules: [{9C68EA82-5930-4E42-A8F6-954A5C262527}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{C7C6499A-64D9-4F6C-B0FC-89EA9D9B377A}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [TCP Query User{0C89DE57-5550-4B1C-B124-6E6187EA3107}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{F170B033-2654-40B1-A069-39A2D25B2E16}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{EF40C1BC-67BC-4966-ACC4-382DA7BD1D29}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{ABC3C73D-A4C4-41A0-B4EA-ED4592ABFB4B}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{901E1E50-1005-49E1-A3E5-353334FA8197}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Flash Builder 4.5\FlashBuilder.exe
FirewallRules: [{A08CADB3-585F-48AA-80A9-385331A3E826}] => (Allow) LPort=7935
FirewallRules: [TCP Query User{41B29039-C639-4918-BF55-0B3623E19226}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{04264626-CB06-40BC-BEBF-76AAE468856A}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CFD514E2-6A6C-4895-AB13-4657DE6F8391}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [UDP Query User{57968F6A-3B01-4909-A816-4CBB5B9B2CD5}C:\program files (x86)\logitech\vid hd\vid.exe] => (Allow) C:\program files (x86)\logitech\vid hd\vid.exe
FirewallRules: [TCP Query User{CF12C40B-0357-4103-8A09-54456DD7CE37}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{C1C81BE5-5CD1-4167-A1B1-814BA030E625}C:\program files (x86)\calibre2\calibre.exe] => (Block) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [TCP Query User{7F7D1390-F795-4200-A3C9-90CF0774FC8F}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [UDP Query User{46D1718B-2865-47CE-B90C-56D9DD8365BF}C:\program files\comicrack\comicrack.exe] => (Block) C:\program files\comicrack\comicrack.exe
FirewallRules: [{897A5437-88F2-4854-A016-B801CE1C8347}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{6400BFD5-9E68-4238-A1AB-386975C8492A}] => (Allow) C:\Users\snow fam\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [TCP Query User{4F554961-F4D9-4B3C-9CB1-C3F94A97A049}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{BBDC4FDE-CB16-4E5E-A5DF-843A9DA3A5D2}C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\snow fam\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [TCP Query User{55B263F5-8BDA-48FF-A5D6-C82D140BF20A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [UDP Query User{43B74EC2-1AE6-4B32-A5BF-BC86E215CF5A}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
FirewallRules: [{5129C332-F64A-4AD9-A250-2B83EAC77632}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{0AD663AC-B7E3-4274-B345-FDF5A7552055}] => (Allow) C:\Users\snow fam\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
FirewallRules: [{7B0466E3-81DE-410E-952D-D0D29D3EBB5E}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{20B2F66F-312C-424B-9AAE-E4BD4782C2F7}] => (Allow) C:\Program Files (x86)\Microsoft Games\Age of Empires III\age3x.exe
FirewallRules: [{83FA84BE-AA41-4C8D-9FC5-EC0429854EA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{35A3B467-213B-4D3F-AEFD-4220B3141FF0}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{56D24518-5669-4476-8915-5764FFB14137}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D40D1F6E-C4DA-4F12-A27D-12E1BC90AD94}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B69A346-A8F5-42F6-A4EF-BEA77BA1D119}] => (Allow) C:\Users\snow fam\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{3D9BF6B6-24A7-4FF7-B99A-C4A8086F1F5E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{176075E2-E714-43F3-9AF3-5C0937669E77}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{C84F6C73-FD9A-457C-959A-26EDEEF703EA}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [TCP Query User{14CF0514-29EF-4113-86E3-A585C352654F}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [UDP Query User{DE61115F-B178-4629-BA8F-53391667FE23}C:\program files (x86)\calibre2\calibre.exe] => (Allow) C:\program files (x86)\calibre2\calibre.exe
FirewallRules: [{2C968BFB-2964-4795-BA9E-DB95C518D0A4}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{B65B6898-66AC-43D1-9D50-F2B724FE81BF}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{38FE6007-81C5-46CD-881A-277C078B5F9F}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{57F5339A-B1E7-48E7-B281-EA49704120C7}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{A4CDDEDC-6F29-4357-A966-95B006B9C2CA}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{95E5B012-6418-4D32-920C-D5B53C68B5D6}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
FirewallRules: [{CFB48788-6B0A-4082-8941-49D401933526}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{0310F9BC-4996-4F7F-A354-207952992D65}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
FirewallRules: [{B063F8BC-608E-4890-9A41-EDA437F9AF83}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
31-07-2016 22:47:18 Scheduled Checkpoint
01-08-2016 16:59:03 Removed Adobe Photoshop Lightroom 5.3 64-bit.
01-08-2016 17:05:00 Restore Point Created by FRST
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/01/2016 05:32:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 10b4
 
Start Time: 01d1ec334d56809e
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Desktop\CKScanner.exe
 
Report Id: 04d3e757-5827-11e6-916b-e069959f48cb
 
Error: (08/01/2016 05:28:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f84
 
Start Time: 01d1ec32ed58f40e
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Desktop\CKScanner.exe
 
Report Id: 758a454c-5826-11e6-916b-e069959f48cb
 
Error: (08/01/2016 05:26:02 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 8d0
 
Start Time: 01d1ec32126ccb0f
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Desktop\CKScanner.exe
 
Report Id: 2882f8ff-5826-11e6-916b-e069959f48cb
 
Error: (08/01/2016 05:19:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: e38
 
Start Time: 01d1ec318431dddb
 
Termination Time: 1
 
Application Path: C:\Users\snow fam\Downloads\CKScanner.exe
 
Report Id: 4d3db233-5825-11e6-916b-e069959f48cb
 
Error: (08/01/2016 05:15:43 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program CKScanner.exe version 2.5.1.1 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: cb0
 
Start Time: 01d1ec312d6fee96
 
Termination Time: 2
 
Application Path: C:\Users\snow fam\Downloads\CKScanner.exe
 
Report Id: b7d05164-5824-11e6-916b-e069959f48cb
 
Error: (08/01/2016 05:12:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (08/01/2016 05:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (08/01/2016 05:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (08/01/2016 05:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
Error: (08/01/2016 05:11:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4110) (User: )
Description: Failed to add certificate to Third-Party Root Certification Authorities store with error: Access is denied.
 
 
System errors:
=============
Error: (08/01/2016 05:12:13 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (08/01/2016 05:03:12 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (07/31/2016 03:33:12 PM) (Source: WMPNetworkSvc) (EventID: 14329) (User: )
Description: WMPNetworkSvc0x80070006
 
Error: (07/31/2016 03:18:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
 
Error: (07/31/2016 03:18:54 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
 
Error: (07/31/2016 03:18:52 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084EventSystem{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (07/31/2016 03:18:47 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1084ShellHWDetection{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (07/31/2016 03:17:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
discache
mwlPSDFilter
mwlPSDNServ
mwlPSDVDisk
spldr
Wanarpv6
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
Error: (07/31/2016 03:16:28 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
%%1068 = The dependency service or group failed to start.
 
 
 
CodeIntegrity:
===================================
  Date: 2016-05-01 11:54:24.438
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:54:24.386
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:50.301
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:50.252
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:42.206
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:42.157
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:14.345
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-05-01 11:52:14.297
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 20:08:42.355
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-01-18 20:08:42.305
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 22%
Total physical RAM: 16366.47 MB
Available physical RAM: 12681.8 MB
Total Virtual: 32731.13 MB
Available Virtual: 29075.42 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:1381.17 GB) (Free:672.1 GB) NTFS
Drive d: (CABINET_DVD) (CDROM) (Total:2.23 GB) (Free:0 GB) UDF
Drive j: (New Volume) (Fixed) (Total:1863.01 GB) (Free:1064.69 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 90596A54)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1381.2 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 7D26C69D)
Partition 1: (Not Active) - (Size=1863 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================


#15 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:12:01 PM

Posted 03 August 2016 - 04:47 AM

NancySn:

Thank you for uninstalling the Adobe products. I see that there are still some remnants of the "cracks" remaining, and I will remove them with FRST.

.

:step1: We need to get your Avira removed and reinstalled. It is still showing as installed, but it is not active:
 

Avira Launcher (HKLM-x32\...\{92a7fd6b-31e5-472f-862e-79214c5032ef}) (Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.67.18988 - Avira Operations GmbH & Co. KG) Hidden


Avira could be "hung" because of an unsuccessful uninstall. This state of affairs could be responsible for your connectivity and other issues. Importantly, we need to get your computer protected as a first priority.

Please go to this link and follow the instructions for Windows 7 to uninstall Avira. Make sure that you have a copy of your licence key, if it is a paid version, before uninstalling. If using the Control Panel, Add/Remove Programs, is not successful in completely uninstalling Avira, and you are not comfortable following the instructions for a manual uninstallation, please let know and I will write a script to accomplish the manual uninstallation for you.

If you are successful in uninstalling Avira, then please reboot your computer and reinstall Avira, if you are able to do so. Please let me know how you make out.

.

:step2: Please copy and paste the text in the code box below into Notepad and save the file as fixlist.txt to the C:\Users\snow fam\Downloads folder, in which FRST64.exe is located.
.

NOTE: It's important that both files, FRST64.exe and fixlist.txt are both in the same folder or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this individual computer. Running this on another computer may cause damage to your operating system.

Run FRST64.exe and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that, let the tool complete its run.
When finished, FRST will generate a log in the C:\Users\snow fam\Downloads folder where FRST64.exe was run from (Fixlog.txt). Please copy and paste it into your reply.
 

CreateRestorePoint:
CloseProcesses:

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\file_id.diz
c:\users\snow fam\documents\books\imagenomic portraiture 2.3.08 plugin for photoshop [chingliu]\crack\x-force.nfo
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\silverefexpro2-pl-ver2.000all.exe
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\torrent downloaded from demonoid.com.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\patch.bat
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\32bit\silverefexpro2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\nik soft. silver efex pro v.2 (x86-x64 plus crack)\crack\64bit\silverefexpro2fc64.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\readme.txt
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc32.dll
c:\users\snow fam\documents\books\photoshop plugins\viveza 2.004 [jovabre]\crack\viveza2fc64.dll
CustomCLSID: HKU\S-1-5-21-534614172-2324584149-4159002519-1001_Classes\CLSID\{590C4387-5EBD-4D46-8A84-CD0BA2EF2856}\InprocServer32 -> C:\Users\snow fam\AppData\Local\Google\Update\1.3.30.3\psuser_64.dll => No File
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX Author – Create DivX Movies.lnk -> hxxp://go.divx.com/divx/windows/author/moviesfolder/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\DivX.com.lnk -> hxxp://go.divx.com/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Enhance your video soundtracks.lnk -> hxxp://go.divx.com/divx/windows/player/dfx/en (No File)
Shortcut: C:\Users\snow fam\Videos\DivX Movies\Post DivX® video to your website.lnk -> hxxp://go.divx.com/publishvideo/en (No File)
Shortcut: C:\Users\snow fam\Desktop\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
Shortcut: C:\Users\snow fam\Desktop\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=desktop (No File)
Shortcut: C:\Users\snow fam\Desktop\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\4\Microsoft.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\3\Ensemble Studios on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\2\Support.lnk -> hxxp:\support.microsoft.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\1\Microsoft Games Studios - Age of Empires III - The WarChiefs on the Web..lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{EDF84F46-5D3B-4FD3-BA4A-337991CE177E}\SupportTasks\0\Age Community.lnk -> hxxp:\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{BB9D051D-A3CC-422F-931A-1019449001A5}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{B71A3D29-03D6-48E2-909B-183371B53249}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\1\Support.lnk -> hxxp://support.microsoft.com/games/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{94143A92-E836-4DDC-B105-98AEAF974D53}\SupportTasks\0\More Games from Microsoft.lnk -> hxxp://www.ageofempires3.com/ (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{528AC45E-C2CF-43AB-AAF0-6B268211A5F2}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Local\Microsoft\Windows\GameExplorer\{30DB7B94-7BD4-4BE5-9D92-7BBD12C0EAE4}\SupportTasks\0\Support.lnk -> hxxp:\www.2kgames.com\( (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Create Amazing Presentations.lnk -> hxxp://www.emaze.com/lp/lp.php?affid=bundcore&campid=program (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WHCC ROES\WHCC ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/WHCC/Launch-WHCC-ROES.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\519fd5bf-5b2c4496"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49\37101971-71707f32.ico (No File)
Shortcut: C:\Users\snow fam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Artsy Couture ROES\Artsy Couture ROES.lnk -> hxxp://www.roeslaunch.com/ROES/labs/ArtsyCouture/launch.jnlp "C:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\2beb8f0d-6afd9c14"YC:\Users\snow fam\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60\570ed67c-309597a8.ico (No File)
FirewallRules: [TCP Query User{0C89DE57-5550-4B1C-B124-6E6187EA3107}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [UDP Query User{F170B033-2654-40B1-A069-39A2D25B2E16}C:\Program Files (x86)\Vuze\Azureus.exe] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{3D9BF6B6-24A7-4FF7-B99A-C4A8086F1F5E}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
FirewallRules: [{176075E2-E714-43F3-9AF3-5C0937669E77}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe
File: C:\Windows\System32\drivers\usbaapl64.sys
.
 
 
If you encountered any errors with either of the steps, please describe them in detail.  Screenshots would be helpful.  The more information that you can provide, the more likely it is that the cause can be identified and corrected.  I would also like you to copy and paste the fixlog.txt file into your next reply.
 
We have some more work to do to update vulnerable programs in another post, but first let's get your computer stabilized and your protection software made functional.
 
Thank you and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users