Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Recurring Request for Skypehost.exe on startup


  • This topic is locked This topic is locked
3 replies to this topic

#1 NeedHelpBadlyHK

NeedHelpBadlyHK

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 20 August 2016 - 10:54 AM

Hello,

Thank you in advance for all your help.  I am not sure whatever, but I believe one of the files I was using must have been infected somehow.  While it has not done any damage per se, every start up has a dialog popup on the following:

 

"Windows cannot find "skypehost.exe". Make sure you typed the names correctly, and then try again."

 

I do not have skype and tried to deactivate but I don't see anything on the msconfig on the startup. I have ran MS defender, Malwarebytes, rkill, eset sophos and did not come up with anything.

 

I have a asus i5-2450m Win10 Home laptop.  I really hope you can help and really appreciate in advance.  Here's my FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 20-08-2016
Ran by Bond (administrator) on DESKTOP-4S87MV7 (20-08-2016 23:46:17)
Running from C:\Users\Bond\Desktop\Virus Scan
Loaded Profiles: Bond (Available Profiles: Bond & Administrator)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Samsung Electronics Co., Ltd.) C:\Windows\System32\RAPID\SamsungRapidSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung\Samsung Magician\Samsung Magician.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(FreeDownloadManager.org) C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\Steam.exe
(Original Author: Arkadiusz Wahlig, Later Updated by: MacHater) D:\Bond's Documents\Documents\TwoFingerScroll.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(GOG.com) D:\Applications\GalaxyClient\GalaxyClient.exe
() C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\browsernativehost.exe
(GOG.com) D:\Applications\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\Applications\GalaxyClient\GalaxyClient Helper.exe
(GOG.com) D:\Applications\GalaxyClient\GalaxyClient Helper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) D:\Games\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16681728 2016-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2397120 2016-08-11] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767944 2016-08-11] (NVIDIA Corporation)
HKLM\...\Run: [SamsungRapidApp] => C:\Program Files (x86)\Samsung\RAPID\CacheFilter\SamsungRapidApp.exe [281696 2015-09-04] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-07-16] (Microsoft Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-11] (Elaborate Bytes AG)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8891608 2016-07-14] (Piriform Ltd)
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [ShowBatteryBar] => C:\Program Files\BatteryBar\ShowBatteryBar.exe [89600 2014-09-19] ()
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [Free Download Manager] => C:\Program Files\FreeDownloadManager.ORG\Free Download Manager\fdm.exe [9286656 2016-07-22] (FreeDownloadManager.org)
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [GalaxyClient] => D:\Applications\GalaxyClient\GalaxyClient.exe [3975232 2016-07-04] (GOG.com)
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [Steam] => D:\Games\Steam\steam.exe [2857248 2016-08-17] (Valve Corporation)
HKU\S-1-5-21-3121907311-506769930-2724764323-1001\...\Run: [TwoFingerScroll] => D:\Bond's Documents\Documents\TwoFingerScroll.exe [1471488 2012-01-12] (Original Author: Arkadiusz Wahlig, Later Updated by: MacHater)
AppInit_DLLs: C:\WINDOWS\system32\nvinitx.dll => C:\WINDOWS\system32\nvinitx.dll [177952 2016-07-11] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\WINDOWS\SysWoW64\nvinit.dll => C:\WINDOWS\SysWoW64\nvinit.dll [155952 2016-07-11] (NVIDIA Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{4c9bd981-c2ab-47a1-9036-3a5d7a642759}: [DhcpNameServer] 218.186.2.16 218.186.2.6 202.156.1.16
Tcpip\..\Interfaces\{72810c48-5a08-49ee-a621-5ff892db24c0}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3121907311-506769930-2724764323-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_101\bin\ssv.dll [2016-08-06] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_101\bin\jp2ssv.dll [2016-08-06] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-12] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2016-05-17] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\dtplugin\npDeployJava1.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.101.2 -> C:\Program Files\Java\jre1.8.0_101\bin\plugin2\npjp2.dll [2016-08-06] (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xdp -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.xfdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2016-06-07] (Foxit Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-21] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-06] (Google Inc.)
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Free Download Manager Chrome extension) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmpjcflkgiildlgicmcieglgoilbfdp [2016-08-06]
CHR Extension: (Google Docs) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-06]
CHR Extension: (Google Drive) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-06]
CHR Extension: (YouTube) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-06]
CHR Extension: (Google Docs Offline) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-06]
CHR Extension: (Gmail) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-06]
CHR Extension: (Chrome Media Router) - C:\Users\Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-19]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [325880 2015-12-14] (Windows ® Win 7 DDK provider)
R2 FoxitReaderService; C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe [1647808 2016-06-21] (Foxit Software Inc.)
S3 GalaxyClientService; D:\Applications\GalaxyClient\GalaxyClientService.exe [244800 2016-07-04] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6506048 2016-08-12] (GOG.com)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1163712 2016-08-11] (NVIDIA Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1879488 2016-08-11] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3632576 2016-08-11] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2521024 2016-08-11] (NVIDIA Corporation)
R2 SamsungRapidSvc; C:\Windows\System32\RAPID\SamsungRapidSvc.exe [28256 2015-09-04] (Samsung Electronics Co., Ltd.)
S3 vmicvss; C:\Windows\System32\icsvcext.dll [349696 2016-07-16] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S3 wisvc; C:\Windows\system32\flightsettings.dll [614912 2016-07-16] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASMMAP64; C:\Windows\system32\DRIVERS\ASMMAP64.sys [36696 2016-04-27] (ASUSTek Computer Inc.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\Windows\System32\DriverStore\FileRepository\nvami.inf_amd64_dac0245a363caab4\nvlddmkm.sys [14199360 2016-08-13] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [26560 2016-08-11] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
R0 pwdrvio; C:\Windows\System32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
R0 SamsungRapidDiskFltr; C:\Windows\System32\DRIVERS\SamsungRapidDiskFltr.sys [271968 2015-09-04] (Samsung Electronics Co., Ltd.)
R0 SamsungRapidFSFltr; C:\Windows\System32\DRIVERS\SamsungRapidFSFltr.sys [110688 2015-09-04] (Samsung Electronics Co., Ltd.)
S2 SecDrv; C:\WINDOWS\SysWOW64\drivers\SECDRV.SYS [11376 2016-08-20] () [File not signed]
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-08-06] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 cpuz137; \??\C:\Program Files (x86)\CPUID\PC Wizard 2015\pcwiz_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
NETSVC: shpamsvc -> C:\Windows\system32\Windows.SharedPC.AccountManager.dll (Microsoft Corporation)
NETSVC: wisvc -> C:\Windows\system32\flightsettings.dll (Microsoft Corporation)
NETSVC: WpnService -> C:\Windows\system32\WpnService.dll (Microsoft Corporation)
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-20 22:48 - 2016-08-20 22:48 - 00000000 ____D C:\WINDOWS\Panther
2016-08-20 22:47 - 2016-08-20 22:47 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-08-20 22:46 - 2016-08-20 22:46 - 00000000 ____D C:\WINDOWS\pss
2016-08-20 21:49 - 2016-08-20 21:49 - 00007046 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_21.49.39_log.txt
2016-08-20 21:43 - 2016-08-20 21:45 - 00119714 _____ C:\TDSSKiller.3.1.0.11_20.08.2016_21.43.26_log.txt
2016-08-20 21:39 - 2016-08-20 01:01 - 00011376 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.SYS
2016-08-20 21:37 - 2016-08-20 21:37 - 00006276 _____ C:\WINDOWS\SysWOW64\Drivers\SECDRV.rar
2016-08-20 17:53 - 2016-08-20 17:58 - 00000000 ____D C:\AdwCleaner
2016-08-20 17:39 - 2016-08-20 23:46 - 00000000 ____D C:\FRST
2016-08-20 15:05 - 1994-09-21 01:00 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system\WING32.dll
2016-08-20 14:38 - 1994-09-21 01:00 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WING32.dll
2016-08-20 14:15 - 2016-08-20 14:15 - 00000000 ____D C:\WINDOWS\Harpoon 3 Advanced Naval Warfare
2016-08-20 13:40 - 2016-08-20 13:40 - 00000000 ____D C:\WINDOWS\Uninstallers
2016-08-18 08:30 - 2016-08-18 08:30 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-18 08:30 - 2016-08-18 08:30 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-18 08:30 - 2016-08-18 08:30 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-18 08:30 - 2016-08-18 08:30 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-18 08:30 - 2016-08-18 08:30 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-18 08:30 - 2016-08-18 08:30 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-18 08:30 - 2016-08-18 08:30 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-18 08:30 - 2016-08-18 08:30 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-18 08:29 - 2016-08-18 08:29 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-18 08:28 - 2016-08-18 08:28 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-18 08:28 - 2016-08-18 08:28 - 00000000 ____D C:\Program Files\MSBuild
2016-08-18 08:28 - 2016-08-18 08:28 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-18 08:28 - 2016-08-18 08:28 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-18 08:27 - 2016-05-26 06:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-18 08:27 - 2016-05-26 06:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-18 08:27 - 2016-05-26 06:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-18 08:27 - 2016-05-26 03:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-18 08:27 - 2016-05-26 03:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-18 08:27 - 2016-05-26 03:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-18 00:36 - 2016-08-18 00:36 - 00003590 _____ C:\WINDOWS\System32\Tasks\Clean System Memory
2016-08-18 00:36 - 2016-08-18 00:36 - 00003474 _____ C:\WINDOWS\System32\Tasks\CleanMem Mini Monitor
2016-08-18 00:36 - 2016-08-18 00:36 - 00000020 _____ C:\WINDOWS\cmm.dat
2016-08-18 00:36 - 2014-08-21 05:48 - 00061440 _____ (PcWinTech.com) C:\WINDOWS\SysWOW64\CleanMem.exe
2016-08-18 00:36 - 2012-06-27 02:40 - 00000187 _____ C:\WINDOWS\SysWOW64\CleanMem.ini
2016-08-18 00:36 - 2009-02-22 14:53 - 00000565 _____ C:\WINDOWS\SysWOW64\CleanMem.exe.manifest
2016-08-18 00:35 - 2016-08-18 00:36 - 00000000 ____D C:\Program Files (x86)\CleanMem
2016-08-18 00:35 - 2016-08-18 00:35 - 00000000 ____D C:\WINDOWS\CleanMem
2016-08-17 21:34 - 2016-08-17 21:34 - 00003338 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task
2016-08-17 17:23 - 2016-08-17 17:46 - 00000000 ____D C:\Users\Administrator
2016-08-17 17:10 - 2016-08-17 17:10 - 00000000 ____D C:\WINDOWS\SysWOW64\NV
2016-08-17 17:10 - 2016-08-17 17:10 - 00000000 ____D C:\WINDOWS\system32\NV
2016-08-17 17:10 - 2016-08-17 17:10 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-08-17 17:10 - 2016-08-11 22:33 - 00213952 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-08-17 17:10 - 2016-08-11 22:33 - 00203320 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-08-17 17:10 - 2016-05-04 10:23 - 00129824 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
2016-08-17 17:10 - 2016-05-04 10:22 - 00130848 _____ C:\WINDOWS\system32\vulkan-1.dll
2016-08-17 17:10 - 2016-05-04 10:22 - 00045344 _____ C:\WINDOWS\system32\vulkaninfo.exe
2016-08-17 17:10 - 2016-05-04 10:22 - 00040224 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
2016-08-17 17:08 - 2016-08-13 10:55 - 00047048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvpciflt.sys
2016-08-17 17:08 - 2016-08-11 22:33 - 40070200 _____ C:\WINDOWS\system32\nvcompiler.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 35182648 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 34837952 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 28236856 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 10728856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 10530960 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 10273096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 09086344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 08681720 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 08644456 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 02914752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 02553912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 01922616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6437254.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 01585088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6437254.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 01023544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00961080 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00945088 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00897592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00694952 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00584712 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2016-08-17 17:08 - 2016-08-11 22:33 - 00000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2016-08-17 17:08 - 2016-08-11 22:33 - 00000669 _____ C:\WINDOWS\system32\nv-vk64.json
2016-08-17 16:40 - 2016-08-17 16:40 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-17 16:40 - 2016-08-17 16:40 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-17 16:39 - 2016-08-20 23:41 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2016-08-17 16:39 - 2016-08-20 23:34 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-17 16:39 - 2016-08-20 22:40 - 00003654 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-08-17 16:39 - 2016-08-17 16:39 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-17 16:39 - 2016-08-17 16:39 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-17 16:39 - 2016-08-17 16:39 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-17 16:39 - 2016-08-17 16:39 - 00002924 _____ C:\WINDOWS\System32\Tasks\ATK Package 36D18D69AFC3
2016-08-17 16:39 - 2016-08-17 16:39 - 00002534 _____ C:\WINDOWS\System32\Tasks\SamsungMagician
2016-08-17 16:39 - 2016-08-17 16:39 - 00002398 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2016-08-17 16:39 - 2016-08-17 16:39 - 00002346 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_ListenToDevice
2016-08-17 16:39 - 2016-08-17 16:39 - 00002284 _____ C:\WINDOWS\System32\Tasks\RtHDVBg
2016-08-17 16:39 - 2016-08-17 16:39 - 00002280 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2016-08-17 16:39 - 2016-08-17 16:39 - 00002250 _____ C:\WINDOWS\System32\Tasks\{F6358F2F-2A7A-46E6-B0ED-1AE4E12AF849}
2016-08-17 16:39 - 2016-08-17 16:39 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-08-17 16:39 - 2016-08-17 16:39 - 00002214 _____ C:\WINDOWS\System32\Tasks\ATK Package A22126881260
2016-08-17 16:36 - 2016-08-17 16:38 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-17 16:36 - 2016-07-16 19:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-17 16:35 - 2016-08-20 23:33 - 00000000 ____D C:\Users\Bond
2016-08-17 16:35 - 2016-08-17 16:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-08-17 16:35 - 2016-08-17 16:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2016-08-17 16:35 - 2016-08-17 16:35 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-08-17 16:34 - 2016-08-17 17:19 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-08-17 16:34 - 2016-08-17 16:36 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-08-17 16:34 - 2016-08-17 16:34 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-08-17 16:34 - 2016-08-17 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-17 16:34 - 2016-08-17 16:34 - 00000000 ____D C:\Program Files\Synaptics
2016-08-17 16:34 - 2016-08-17 16:34 - 00000000 ____D C:\Program Files\Realtek
2016-08-17 16:34 - 2016-08-11 20:27 - 06386048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 02468288 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 01762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 01365048 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2016-08-17 16:34 - 2016-08-11 20:27 - 00548920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 00392128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2016-08-17 16:34 - 2016-08-11 20:27 - 00069568 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2016-08-17 16:34 - 2016-08-10 00:06 - 07255045 _____ C:\WINDOWS\system32\nvcoproc.bin
2016-08-17 16:33 - 2016-08-20 21:05 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-17 16:33 - 2016-08-19 21:16 - 00281488 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-17 16:33 - 2016-08-17 16:33 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-17 15:56 - 2016-08-17 15:59 - 00000036 _____ C:\WINDOWS\progress.ini
2016-08-17 14:37 - 2016-08-17 16:52 - 00000000 ___HD C:\$GetCurrent
2016-08-17 12:04 - 2016-08-17 12:04 - 00000000 ____D C:\Program Files (x86)\HxD
2016-08-17 00:27 - 2016-08-17 00:29 - 00000000 ____D C:\Program Files (x86)\DXWnd
2016-08-16 23:24 - 2016-08-16 23:24 - 00000000 ____D C:\Program Files (x86)\DXGL
2016-08-16 20:53 - 2016-08-16 20:53 - 00060809 _____ C:\WINDOWS\SysWOW64\nglide_uninst.exe
2016-08-13 22:52 - 2016-08-13 22:52 - 00000000 ____D C:\sw3dg
2016-08-13 21:38 - 2016-08-13 21:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Money
2016-08-08 03:19 - 2016-08-15 23:40 - 00466456 _____ (Creative Labs) C:\WINDOWS\system32\wrap_oal.dll
2016-08-08 03:19 - 2016-08-15 23:40 - 00444952 _____ (Creative Labs) C:\WINDOWS\SysWOW64\wrap_oal.dll
2016-08-08 03:19 - 2016-08-15 23:40 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\system32\OpenAL32.dll
2016-08-08 03:19 - 2016-08-15 23:40 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\WINDOWS\SysWOW64\OpenAL32.dll
2016-08-08 03:19 - 2016-08-08 03:19 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-08-07 02:46 - 2016-08-07 02:46 - 00000000 _SHDL C:\Documents and Settings
2016-08-06 23:03 - 2016-08-06 23:03 - 00000000 ____D C:\Program Files (x86)\Microsoft ASP.NET
2016-08-06 22:28 - 2016-08-20 22:48 - 00000000 ____D C:\WINDOWS\AutoKMS
2016-08-06 22:15 - 2016-08-06 22:15 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2016-08-06 21:24 - 2016-08-06 21:24 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-08-06 21:24 - 2016-08-06 21:24 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-06 21:23 - 2016-08-06 21:24 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-06 21:20 - 2016-08-06 21:23 - 00000000 ____D C:\Program Files\Microsoft Office
2016-08-06 21:20 - 2016-08-06 21:20 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-08-06 21:20 - 2016-08-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-06 21:20 - 2016-08-06 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-08-06 21:19 - 2016-08-06 21:19 - 00000000 __RHD C:\MSOCache
2016-08-06 21:12 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-08-06 21:12 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-08-06 21:12 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_7.dll
2016-08-06 21:12 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_7.dll
2016-08-06 21:12 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-08-06 21:12 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-08-06 21:12 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-08-06 21:12 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2016-08-06 21:12 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_43.dll
2016-08-06 21:12 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_43.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_6.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_6.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_6.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_6.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_4.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_4.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_7.dll
2016-08-06 21:11 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_7.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_5.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_5.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_5.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_5.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_3.dll
2016-08-06 21:11 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_3.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dcsx_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dcsx_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_42.dll
2016-08-06 21:11 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_42.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_4.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_4.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_4.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_4.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_6.dll
2016-08-06 21:11 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_6.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_41.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_41.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_41.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_41.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_41.dll
2016-08-06 21:11 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_41.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_3.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_3.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_3.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_3.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_2.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_2.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_5.dll
2016-08-06 21:11 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_5.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_40.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_40.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_40.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_40.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_40.dll
2016-08-06 21:11 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_40.dll
2016-08-06 21:11 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_2.dll
2016-08-06 21:11 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_2.dll
2016-08-06 21:11 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_1.dll
2016-08-06 21:11 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_1.dll
2016-08-06 21:11 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_2.dll
2016-08-06 21:11 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_2.dll
2016-08-06 21:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2016-08-06 21:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_39.dll
2016-08-06 21:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2016-08-06 21:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_39.dll
2016-08-06 21:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2016-08-06 21:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_39.dll
2016-08-06 21:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_1.dll
2016-08-06 21:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_1.dll
2016-08-06 21:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_1.dll
2016-08-06 21:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_1.dll
2016-08-06 21:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_0.dll
2016-08-06 21:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_0.dll
2016-08-06 21:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_4.dll
2016-08-06 21:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_4.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_38.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_38.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_38.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_38.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_38.dll
2016-08-06 21:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_38.dll
2016-08-06 21:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_0.dll
2016-08-06 21:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_0.dll
2016-08-06 21:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine3_0.dll
2016-08-06 21:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine3_0.dll
2016-08-06 21:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_3.dll
2016-08-06 21:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_3.dll
2016-08-06 21:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_37.dll
2016-08-06 21:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_37.dll
2016-08-06 21:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_37.dll
2016-08-06 21:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_37.dll
2016-08-06 21:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_37.dll
2016-08-06 21:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_37.dll
2016-08-06 21:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_10.dll
2016-08-06 21:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_10.dll
2016-08-06 21:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\WINDOWS\system32\X3DAudio1_2.dll
2016-08-06 21:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\X3DAudio1_2.dll
2016-08-06 21:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_36.dll
2016-08-06 21:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_36.dll
2016-08-06 21:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_36.dll
2016-08-06 21:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_36.dll
2016-08-06 21:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_36.dll
2016-08-06 21:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_36.dll
2016-08-06 21:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_9.dll
2016-08-06 21:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_9.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_35.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_35.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_35.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_35.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_35.dll
2016-08-06 21:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_35.dll
2016-08-06 21:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_8.dll
2016-08-06 21:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_8.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_34.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_34.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_34.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_34.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_34.dll
2016-08-06 21:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_34.dll
2016-08-06 21:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_7.dll
2016-08-06 21:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_7.dll
2016-08-06 21:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_3.dll
2016-08-06 21:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_3.dll
2016-08-06 21:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_33.dll
2016-08-06 21:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_33.dll
2016-08-06 21:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_33.dll
2016-08-06 21:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_33.dll
2016-08-06 21:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_33.dll
2016-08-06 21:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_33.dll
2016-08-06 21:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_6.dll
2016-08-06 21:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_6.dll
2016-08-06 21:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_5.dll
2016-08-06 21:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_5.dll
2016-08-06 21:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10.dll
2016-08-06 21:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10.dll
2016-08-06 21:09 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_1.dll
2016-08-06 21:09 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_1.dll
2016-08-06 21:09 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-08-06 21:09 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-08-06 21:09 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_31.dll
2016-08-06 21:09 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_31.dll
2016-08-06 21:09 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_4.dll
2016-08-06 21:09 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_4.dll
2016-08-06 21:09 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_2.dll
2016-08-06 21:09 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_3.dll
2016-08-06 21:09 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_3.dll
2016-08-06 21:09 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_2.dll
2016-08-06 21:09 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_2.dll
2016-08-06 21:09 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_2.dll
2016-08-06 21:09 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_30.dll
2016-08-06 21:09 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_30.dll
2016-08-06 21:09 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_1.dll
2016-08-06 21:09 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_1.dll
2016-08-06 21:09 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\WINDOWS\system32\xinput1_1.dll
2016-08-06 21:09 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xinput1_1.dll
2016-08-06 21:09 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_29.dll
2016-08-06 21:09 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_29.dll
2016-08-06 21:09 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\WINDOWS\system32\xactengine2_0.dll
2016-08-06 21:09 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xactengine2_0.dll
2016-08-06 21:09 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\WINDOWS\system32\x3daudio1_0.dll
2016-08-06 21:09 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\x3daudio1_0.dll
2016-08-06 21:09 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_28.dll
2016-08-06 21:09 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_28.dll
2016-08-06 21:09 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_27.dll
2016-08-06 21:09 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_27.dll
2016-08-06 21:09 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_26.dll
2016-08-06 21:09 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_26.dll
2016-08-06 21:09 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_25.dll
2016-08-06 21:09 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_25.dll
2016-08-06 21:09 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_24.dll
2016-08-06 21:09 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_24.dll
2016-08-06 21:07 - 2016-08-06 21:07 - 00000000 ____D C:\Program Files\Unlocker
2016-08-06 21:07 - 2016-08-06 21:07 - 00000000 ____D C:\Program Files (x86)\WinDirStat
2016-08-06 21:06 - 2016-08-06 21:06 - 00000000 ____D C:\Program Files\Speccy
2016-08-06 21:05 - 2016-08-06 21:05 - 00000000 ____D C:\Program Files (x86)\Spacesniffer
2016-08-06 21:04 - 2016-08-06 21:04 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2016-08-06 21:02 - 2016-08-06 21:02 - 00000000 ____D C:\Program Files\Recuva
2016-08-06 21:01 - 2016-08-06 21:01 - 00010503 _____ C:\WINDOWS\Q-Dir.ini
2016-08-06 21:01 - 2016-08-06 21:01 - 00000000 ____D C:\Program Files\Q-Dir
2016-08-06 20:56 - 2016-08-06 20:56 - 00000000 ____D C:\Program Files\MiniTool Partition Wizard Free 9.1
2016-08-06 20:56 - 2015-08-11 12:22 - 03067392 _____ C:\WINDOWS\system32\pwNative.exe
2016-08-06 20:56 - 2013-09-30 15:26 - 00019152 _____ C:\WINDOWS\system32\pwdrvio.sys
2016-08-06 20:56 - 2013-09-30 15:26 - 00012504 _____ C:\WINDOWS\system32\pwdspio.sys
2016-08-06 20:53 - 2016-08-06 20:53 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-08-06 20:52 - 2016-08-20 22:53 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-08-06 20:52 - 2016-08-20 22:53 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-08-06 20:52 - 2016-08-06 20:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-06 20:52 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-08-06 20:52 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-08-06 20:49 - 2016-08-06 20:49 - 00000000 ____D C:\Program Files (x86)\Foxit Software
2016-08-06 20:42 - 2016-08-06 20:42 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2016-08-06 20:42 - 2016-08-06 20:42 - 00000000 ____D C:\Program Files\Java
2016-08-06 20:42 - 2016-08-06 20:42 - 00000000 ____D C:\Program Files (x86)\Magical Jelly Bean
2016-08-06 20:38 - 2016-08-06 20:38 - 00000000 ____D C:\Program Files (x86)\GPU-Z
2016-08-06 20:36 - 2016-08-17 17:01 - 00000000 ____D C:\Program Files\Defraggler
2016-08-06 20:36 - 2016-08-06 20:36 - 00000000 ____D C:\Program Files\FreeDownloadManager.ORG
2016-08-06 20:29 - 2016-08-06 20:29 - 00000000 ____D C:\Program Files (x86)\CrystalDiskMark3_0_4
2016-08-06 20:27 - 2016-08-06 20:39 - 00000000 ____D C:\Program Files\CPUID
2016-08-06 20:27 - 2016-08-06 20:28 - 00000000 ____D C:\Program Files (x86)\CrystalDiskInfo7_0_0
2016-08-06 20:26 - 2016-08-06 20:26 - 00000000 ____D C:\Program Files\Combined Community Codec Pack 64bit
2016-08-06 20:24 - 2016-08-06 20:24 - 00000000 ____D C:\Program Files\Classic Shell
2016-08-06 20:23 - 2016-08-06 20:23 - 00000000 ____D C:\Program Files (x86)\BleachBit
2016-08-06 20:22 - 2016-08-18 21:29 - 00000000 ____D C:\Program Files (x86)\Fraps
2016-08-06 20:22 - 2016-08-06 20:22 - 00000000 ____D C:\Program Files\BatteryBar
2016-08-06 20:22 - 2016-08-06 20:22 - 00000000 _____ C:\WINDOWS\ATTODiskBenchmark.INI
2016-08-06 20:18 - 2016-08-06 20:28 - 00000000 ____D C:\Program Files (x86)\ATTO Disk Benchmark
2016-08-06 20:16 - 2016-08-06 20:16 - 00000000 ____D C:\Program Files (x86)\AS SSD Benchmark
2016-08-06 20:15 - 2016-08-06 20:15 - 00000000 ____D C:\Program Files\7-Zip
2016-08-06 16:22 - 2016-08-17 16:38 - 00000000 ____D C:\WINDOWS\system32\RAPID
2016-08-06 16:22 - 2015-09-04 12:08 - 00271968 _____ (Samsung Electronics Co., Ltd.) C:\WINDOWS\system32\Drivers\SamsungRapidDiskFltr.sys
2016-08-06 16:20 - 2016-08-06 16:21 - 00000000 ____D C:\Program Files (x86)\Samsung
2016-08-06 16:08 - 2016-08-06 16:09 - 00000000 ____D C:\Program Files\Common Files\QCA_Bluetooth
2016-08-06 16:08 - 2016-08-06 16:08 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2016-08-06 16:07 - 2016-08-06 21:08 - 00000000 ____D C:\Program Files\WinRAR
2016-08-06 16:01 - 2016-08-11 22:33 - 01767944 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2016-08-06 16:01 - 2016-08-11 22:33 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2016-08-06 16:01 - 2016-08-11 22:33 - 01377800 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2016-08-06 16:01 - 2016-08-11 22:33 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2016-08-06 16:01 - 2016-08-11 22:33 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DX9_43.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_43.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_43.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_43.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-08-06 16:01 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-08-06 15:59 - 2016-08-11 22:33 - 03901520 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2016-08-06 15:59 - 2016-08-11 22:33 - 03443152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2016-08-06 15:59 - 2016-08-11 22:33 - 00040827 _____ C:\WINDOWS\system32\nvinfo.pb
2016-08-06 15:59 - 2016-07-18 14:55 - 13675584 ____N (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2016-08-06 15:59 - 2016-07-11 10:34 - 01939000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436881.dll
2016-08-06 15:59 - 2016-07-11 10:34 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436881.dll
2016-08-06 15:59 - 2016-07-11 10:34 - 00563856 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
2016-08-06 15:59 - 2016-07-11 10:34 - 00462904 ____N (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
2016-08-06 15:59 - 2016-07-11 10:34 - 00177952 ____N (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
2016-08-06 15:59 - 2016-07-11 10:34 - 00155952 ____N (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
2016-08-06 15:59 - 2016-04-14 13:38 - 00113216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2016-08-06 15:59 - 2016-04-14 13:38 - 00102976 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2016-08-06 15:59 - 2016-04-14 13:38 - 00056384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2016-08-06 15:49 - 2016-08-06 15:49 - 00000000 ____D C:\Program Files\ASUS
2016-08-06 15:46 - 2016-08-06 15:46 - 00000000 ____D C:\Program Files (x86)\AmUStor
2016-08-06 15:03 - 2016-08-17 16:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-06 15:03 - 2016-08-17 15:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-06 15:03 - 2016-08-06 15:03 - 00000000 ____D C:\Program Files\CCleaner
2016-08-06 15:03 - 2016-08-06 15:03 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-06 14:58 - 2016-08-06 14:58 - 00000000 ____D C:\Program Files\Intel
2016-08-06 14:42 - 2016-07-15 17:25 - 72520720 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-06 14:42 - 2016-07-15 17:25 - 06566325 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-08-06 14:42 - 2016-07-15 17:25 - 05196296 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-06 14:42 - 2016-07-15 17:25 - 03283248 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 03199744 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 03090544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 02895104 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-06 14:42 - 2016-07-15 17:25 - 02072584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 01360528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00190552 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00096064 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00093504 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00092480 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00092480 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-08-06 14:42 - 2016-07-15 17:25 - 00023704 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-06 14:41 - 2016-08-20 11:13 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-08-06 14:41 - 2016-08-06 14:55 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-08-06 14:41 - 2016-08-06 14:41 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-08-06 14:41 - 2016-07-15 17:25 - 03282544 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00708312 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00253864 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00122320 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-08-06 14:41 - 2016-07-15 17:25 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-08-06 14:41 - 2016-04-11 13:38 - 02838232 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-08-06 14:40 - 2016-08-06 14:40 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-08-06 12:05 - 2016-07-28 03:25 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-08-06 12:02 - 2016-08-13 23:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-06 12:02 - 2016-08-13 23:49 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-06 12:02 - 2016-08-06 15:15 - 00000000 ____D C:\Program Files (x86)\Intel
2016-08-06 12:02 - 2016-08-06 12:02 - 00000000 ____D C:\Intel
2016-08-06 12:01 - 2016-07-01 11:57 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpreference.exe
2016-08-06 12:00 - 2016-07-01 11:40 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2016-08-06 11:50 - 2016-08-20 23:41 - 01368228 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-30 09:05 - 2016-07-30 09:05 - 00289240 _____ (IvoSoft) C:\WINDOWS\system32\StartMenuHelper64.dll
2016-07-30 09:05 - 2016-07-30 09:05 - 00247768 _____ (IvoSoft) C:\WINDOWS\SysWOW64\StartMenuHelper32.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-20 23:34 - 2016-07-16 14:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-20 23:29 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-20 22:40 - 2016-07-16 19:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-20 22:37 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-20 22:32 - 2016-07-16 19:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-20 22:31 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\SystemApps
2016-08-20 18:02 - 2015-10-30 15:24 - 00000103 _____ C:\WINDOWS\win.ini
2016-08-20 16:54 - 2016-07-16 19:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-20 15:05 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\System
2016-08-19 00:21 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-08-18 08:33 - 2016-07-16 19:49 - 00000000 ____D C:\WINDOWS\Setup
2016-08-18 08:33 - 2016-07-16 19:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-18 08:30 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-18 08:30 - 2016-07-16 19:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-18 08:28 - 2016-07-16 19:43 - 00471040 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2016-08-18 08:28 - 2016-07-16 19:43 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2016-08-18 08:28 - 2016-07-16 19:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2016-08-18 08:28 - 2016-07-16 19:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2016-08-18 08:28 - 2016-07-16 19:43 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2016-08-18 06:34 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\appcompat
2016-08-17 16:42 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-17 16:41 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-17 16:41 - 2016-07-16 14:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-08-17 16:40 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-17 16:40 - 2015-10-30 15:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-17 16:38 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-08-17 16:38 - 2016-04-27 14:20 - 00000000 ____D C:\WINDOWS\ShellNew
2016-08-17 16:38 - 2015-10-30 14:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-17 16:37 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-17 16:36 - 2016-07-16 19:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-17 16:35 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-17 16:35 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-17 16:35 - 2016-07-16 19:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-17 16:35 - 2016-07-16 14:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-17 16:34 - 2016-07-16 19:47 - 00000000 ____D C:\WINDOWS\Help
2016-08-06 20:41 - 2015-10-30 15:17 - 00006656 _____ C:\WINDOWS\system32\lpcio.dll
2016-08-06 15:37 - 2015-08-03 18:58 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-08-06 15:37 - 2014-01-30 18:17 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-17 16:33
 
==================== End of FRST.txt ============================


BC AdBot (Login to Remove)

 


#2 NeedHelpBadlyHK

NeedHelpBadlyHK
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:19 AM

Posted 21 August 2016 - 05:52 AM

Hello,

 

Thanks for all your help in advance.  I have used autoruns to identify two suspicious entries and indeed they start two small exe program called r.exe and d.exe in the programdata/microsoft/messaging folders.  Furthermore in the folder there is a very suspicious .bat file called skypehost.bat that seem to initiate a ping and tried to execute skypehost.exe  I don't have skype so perhaps this is why it keeps trying to run skype on startup.

 

Anyway, I have deleted the files (actually zipped them) and delete the autoruns entries (scheduled tasks) and it no long seem to have the "windows can not find skypehost.exe" message at startup.

 

Anyway thank you for your help and if you can still take a look to see if I missed anything, I would be very grateful for your help.  Thanks.

 

-NeedHelp



#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 22 August 2016 - 10:28 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

I need more information.

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,256 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:19 PM

Posted 28 August 2016 - 08:58 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users