Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Command prompt pops up intermittently


  • This topic is locked This topic is locked
7 replies to this topic

#1 OhHaiKai

OhHaiKai

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 08 October 2016 - 04:15 AM

About every hour, the command prompt pops up for about a tenth of a second and dissapears. I think it started about a week ago when I installed Fifa 17 which asked me to update my AMD drivers. 
 
Not sure if this is relevant and probably just reflects EA's bad servers - but when I play Fifa 17 offline and the command prompt pops up, it simply takes me out of fullscreen and then quickly reverts to fullscreen. If I play online against another person, then it disconnects me from a match. 
 
I have run a malwarebytes scan and a MSE scan, both of which returned no threats.
 
Here is a screenshot of my task scheduler: http://
The adobe updates don't coincide with the command prompt pop ups.
 
Here are my PC specs: http://
 
Any help would be greatly appreciated, 
Thanks.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 09 October 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the LogFile button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleanerCx.txt (x is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

How to attach a file to your reply:
In the Reply section in the bottom of the topic Click the "more reply Options" button.
attachlogs.png

Attach the file.
Select the "Choose a File" navigate to the location of the File.
Click the file you wish to Attach.

Click the Add reply button.
===

Please post the logs.

Let me know what problems persists.

#3 OhHaiKai

OhHaiKai
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 09 October 2016 - 10:37 AM

AdwCleaner
 
# AdwCleaner v6.021 - Logfile created 09/10/2016 at 16:26:11
# Updated on 06/10/2016 by ToolsLib
# Database : 2016-10-07.1 [Server]
# Operating System : Windows 7 Home Premium Service Pack 1 (X64)
# Username : Kai - KAI-PC
# Running from : C:\Users\Kai\Desktop\adwcleaner_6.021.exe
# Mode: Clean
 
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder deleted: C:\Users\Kai\AppData\Roaming\QuickCleaner
[-] Folder deleted: C:\Program Files\Caster
[-] Folder deleted: C:\ProgramData\SoftMedia
[#] Folder deleted on reboot: C:\ProgramData\Application Data\SoftMedia
[-] Folder deleted: C:\Program Files (x86)\Win Tune Pro
[-] Folder deleted: C:\Program Files (x86)\mpck
[-] Folder deleted: C:\Users\Kai\AppData\Local\app
[-] Folder deleted: C:\Program Files (x86)\host
 
 
***** [ Files ] *****
 
[-] File deleted: C:\END
 
 
***** [ DLL ] *****
***** [ WMI ] *****
***** [ Shortcuts ] *****
***** [ Scheduled Tasks ] *****
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-3764415349-471666069-2074464677-1000\Software\AppDataLow\Software\WikiZ
[#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\WikiZ
[-] Key deleted: HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
[#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\WikiZ
[-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\castplatform.com
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdn.castplatform.com
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC}
[-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1}
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: feed.sonic-search.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-searching.com
[-] [C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default] [startup_urls] Deleted: hxxp://www-searching.com/?pid=s&s=G9Hzftptn095001BU,6674978d-398e-4ef0-8358-5c4efe03d2bf,
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [2870 Bytes] - [09/10/2016 16:26:11]
C:\AdwCleaner\AdwCleaner[S0].txt - [2956 Bytes] - [09/10/2016 16:24:11]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [3016 Bytes] ##########
 
FRST
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-10-2016
Ran by Kai (administrator) on KAI-PC (09-10-2016 16:30:56)
Running from C:\Users\Kai\Desktop\FRST64
Loaded Profiles: Kai & postgres (Available Profiles: Kai & postgres)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\SysWOW64\ASGT.exe
(Realtek) C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Intel® Corporation) C:\Program Files\Intel\NCS2\WMIProv\ncs2prov.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(PostgreSQL Global Development Group) C:\postgreSQL\bin\postgres.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtWLan.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1354712 2016-08-30] (Microsoft Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [8027016 2016-09-16] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [293872 2014-08-25] (Intel Corporation)
HKU\S-1-5-21-3764415349-471666069-2074464677-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-09-09] (Apple Inc.)
HKU\S-1-5-21-3764415349-471666069-2074464677-1000\...\Run: [Adobe Acrobat Synchronizer] => "C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe"
HKU\S-1-5-18\...\RunOnce: [iCloud] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloud.exe [67384 2016-09-09] (Apple Inc.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-10-03]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E2054686520495020616464726573732073686F756C640D0A2320626520706C6163656420696E2074686520666972737420636F6C756D6E20666F6C6C6F7765642062792074686520636F72726573706F6E64696E6720686F7374206E616D652E0D0A2320546865204950206164647265737320616E642074686520686F7374206E616D652073686F756C6420626520736570617261746564206279206174206C65617374206F6E650D0A232073706163652E0D0A230D0A23204164646974696F6E616C6C792C20636F6D6D656E747320287375636820617320746865736529206D617920626520696E736572746564206F6E20696E646976696475616C0D0A23206C696E6573206F7220666F6C6C6F77696E6720746865206D616368696E65206E616D652064656E6F7465642062792061202723272073796D626F6C2E0D0A230D0A2320466F72206578616D706C653A0D0A230D0A232020202020203130322E35342E39342E393720202020207268696E6F2E61636D652E636F6D202020202020202020202320736F75726365207365727665720D0A232020202020202033382E32352E36332E31302020202020782E61636D652E636F6D202020202020202020202020202023207820636C69656E7420686F73740D0A0D0A23206C6F63616C686F7374206E616D65207265736F6C7574696F6E2069732068616E646C65642077697468696E20444E5320697473656C662E0D0A23093132372E302E302E31202020202020206C6F63616C686F73740D0A23093A3A31202020202020202020202020206C6F63616C686F73740D0A0D0A0D0A0D0A0D0A0D0A0D0A0D0A0D0A0D0A3132372E302E302E3120202020202020646F776E2E6261696475323031362E636F6D0D0A0D0A3132372E302E302E31202020202020203132332E736F676F752E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A676D2E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A786C2E636F6D0D0A0D0A3132372E302E302E3120202020202020756E696F6E2E6261696475323031392E636F6D0D0A0D0A3132372E302E302E3120202020202020646F776E2E6261696475323031362E636F6D0D0A0D0A3132372E302E302E31202020202020203132332E736F676F752E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A676D2E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A786C2E636F6D0D0A0D0A3132372E302E302E3120202020202020756E696F6E2E6261696475323031392E636F6D0D0A00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000D0A3132372E302E302E3120202020202020646F776E2E6261696475323031362E636F6D0D0A0D0A3132372E302E302E31202020202020203132332E736F676F752E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A676D2E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A786C2E636F6D0D0A0D0A3132372E302E302E3120202020202020756E696F6E2E6261696475323031392E636F6D0D0A0D0A3132372E302E302E3120202020202020646F776E2E6261696475323031362E636F6D0D0A0D0A3132372E302E302E31202020202020203132332E736F676F752E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A676D2E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A786C2E636F6D0D0A0D0A3132372E302E302E3120202020202020756E696F6E2E6261696475323031392E636F6D0D0A0D0A3132372E302E302E3120202020202020646F776E2E6261696475323031362E636F6D0D0A0D0A3132372E302E302E31202020202020203132332E736F676F752E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A676D2E636F6D0D0A0D0A3132372E302E302E31202020202020207777772E637A7A73797A786C2E636F6D0D0A0D0A3132372E302E302E3120202020202020756E696F6E2E6261696475323031392E636F6D0D0A0D0A
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.8.4
Tcpip\..\Interfaces\{3EF594AF-77D1-4E07-857D-65D1E03649F4}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{3EF594AF-77D1-4E07-857D-65D1E03649F4}: [DhcpNameServer] 172.21.24.62
Tcpip\..\Interfaces\{753CD94F-A4C0-4191-9E49-5EB8ACC8D8A6}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{E8C7807B-571C-4B41-B244-8FBB23427502}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{E8C7807B-571C-4B41-B244-8FBB23427502}: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-3764415349-471666069-2074464677-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-09-27] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\URLREDIR.DLL [2016-09-27] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-09-27] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\URLREDIR.DLL [2016-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-27] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-27] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-27] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-09-27] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-05-25] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-05-25] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_23_0_0_162.dll [2016-09-16] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_23_0_0_162.dll [2016-09-16] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-11-10] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-09-27] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3764415349-471666069-2074464677-1000: @zoom.us/ZoomVideoPlugin -> C:\Users\Kai\AppData\Roaming\Zoom\bin\npzoomplugin.dll [2016-09-08] (Zoom Video Communications, Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Hzftptn095001BU,6674978d-398e-4ef0-8358-5c4efe03d2bf,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Profile: C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default [2016-10-09]
CHR Extension: (Google Translate) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2016-06-16]
CHR Extension: (Google Slides) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-16]
CHR Extension: (Google Docs) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-16]
CHR Extension: (Google Drive) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-02]
CHR Extension: (YouTube) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-02]
CHR Extension: (Youtube to Spotify) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfkipbmhadalldhbclbbajcnagbgfbna [2015-09-08]
CHR Extension: (Google Calendar) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-14]
CHR Extension: (Google Sheets) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-16]
CHR Extension: (Google Docs Offline) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-17]
CHR Extension: (AdBlock) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-10-09]
CHR Extension: (StayFocusd) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\laankejkbhbdhmipfmgcngdelahlfoji [2015-09-20]
CHR Extension: (NetDeck) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\lpdbiakcpmcppnpchohihcbdnojlgeel [2016-07-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Gmail) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-05-25]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-08-05] (Apple Inc.)
R2 ASGT; C:\Windows\SysWOW64\ASGT.exe [55296 2012-01-17] () [File not signed]
R2 AsusSE; C:\Program Files (x86)\ASUS\PCE-N15 WLAN Card Utilities\RtlService.exe [36864 2012-03-20] (Realtek) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1364096 2016-05-25] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1687680 2016-05-25] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2980032 2016-09-05] (Microsoft Corporation)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [244800 2016-07-17] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6211648 2016-07-17] (GOG.com)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887256 2014-05-13] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [132896 2014-11-10] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [158496 2014-11-10] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [120888 2016-08-30] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-08-30] (Microsoft Corporation)
S3 Origin Client Service; E:\Origin\OriginClientService.exe [2142728 2016-09-26] (Electronic Arts)
S2 Origin Web Helper Service; E:\Origin\OriginWebHelperService.exe [2209296 2016-09-26] (Electronic Arts)
R2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [66048 2014-02-18] (PostgreSQL Global Development Group) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [488216 2014-02-04] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 MackieUSB; C:\Windows\System32\DRIVERS\MackieUSB_x64.sys [245728 2015-08-31] ()
S3 MackieUSBks; C:\Windows\System32\DRIVERS\MackieUSBks_x64.sys [52192 2015-08-31] ()
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [129312 2014-11-10] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S1 vgmxlgiy; \??\C:\Windows\system32\drivers\vgmxlgiy.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 16:30 - 2016-10-09 16:30 - 00000000 ____D C:\Users\Kai\Desktop\FRST64
2016-10-09 16:30 - 2016-10-09 16:30 - 00000000 ____D C:\FRST
2016-10-09 16:24 - 2016-10-09 16:24 - 00002956 _____ C:\Users\Kai\Desktop\AdwCleaner[S0].txt
2016-10-09 16:23 - 2016-10-09 16:26 - 00000000 ____D C:\AdwCleaner
2016-10-09 16:23 - 2016-10-09 16:22 - 03874368 _____ C:\Users\Kai\Desktop\adwcleaner_6.021.exe
2016-10-09 16:22 - 2016-10-09 16:22 - 03874368 _____ C:\Users\Kai\Downloads\adwcleaner_6.021.exe
2016-10-08 10:06 - 2016-10-08 10:06 - 00042381 _____ C:\Users\Kai\Desktop\KAI-PC.speccy
2016-10-07 12:00 - 2016-10-07 12:00 - 00000000 ____D C:\Program Files\Common Files\logishrd
2016-10-07 09:55 - 2016-10-07 09:55 - 00001874 _____ C:\Users\Kai\Desktop\Zoom.lnk
2016-10-07 09:52 - 2016-10-07 09:52 - 00133448 _____ (Zoom Video Communications, Inc.) C:\Users\Kai\Downloads\Zoom_launcher.exe
2016-10-07 09:52 - 2016-10-07 09:52 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Zoom
2016-10-07 09:52 - 2016-10-07 09:52 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Zoom
2016-10-06 09:17 - 2016-10-06 09:27 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-10-06 09:17 - 2016-10-06 09:17 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-06 09:17 - 2016-10-06 09:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-06 09:17 - 2016-10-06 09:17 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-06 09:17 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-10-06 09:17 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-10-06 09:17 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-10-06 09:16 - 2016-10-06 09:16 - 22851472 _____ (Malwarebytes ) C:\Users\Kai\Downloads\mbam-setup-2.2.1.1043 (1).exe
2016-10-05 14:48 - 2016-10-05 14:48 - 00784332 _____ C:\Users\Kai\Documents\IMG_20161005_0002.pdf
2016-10-05 14:12 - 2016-10-05 14:12 - 00000000 ___RD C:\Users\Kai\Creative Cloud Files
2016-10-05 14:08 - 2016-10-05 14:08 - 00800960 _____ (Adobe Systems Incorporated) C:\Users\Kai\Downloads\CreativeCloudSet-Up (1).exe
2016-10-05 13:59 - 2016-10-05 14:01 - 04948125 _____ C:\Users\Kai\Documents\IMG_20161005_0001.pdf
2016-10-05 13:57 - 2016-10-05 14:54 - 00000000 ____D C:\Users\Kai\Desktop\VARSITY TRIP INSURANCE CLAIM
2016-10-04 19:59 - 2016-10-04 19:59 - 00000000 ____D C:\Users\Kai\AppData\LocalLow\AMD
2016-10-04 19:35 - 2016-10-04 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-10-04 19:34 - 2016-10-04 19:34 - 00000000 ____D C:\Users\Kai\AppData\Roaming\ATI
2016-10-04 19:34 - 2016-10-04 19:34 - 00000000 ____D C:\Users\Kai\AppData\Local\ATI
2016-10-04 19:34 - 2016-10-04 19:34 - 00000000 ____D C:\ProgramData\ATI
2016-10-04 19:31 - 2016-10-04 19:32 - 310204568 _____ (AMD Inc.) C:\Users\Kai\Downloads\non-whql-win7-64bit-radeon-software-crimson-16.9.2-sep16.exe
2016-10-04 19:29 - 2016-10-04 19:30 - 217700632 _____ (AMD Inc.) C:\Users\Kai\Downloads\non-whql-win7-32bit-radeon-software-crimson-16.9.2-sep16.exe
2016-10-04 17:37 - 2016-10-04 19:35 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-10-04 17:36 - 2016-10-04 19:37 - 00000000 ____D C:\Users\Kai\AppData\Local\AMD
2016-10-04 17:36 - 2016-10-04 17:36 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-10-04 17:36 - 2016-10-04 17:36 - 00000000 ____D C:\Program Files (x86)\AMD
2016-10-04 17:34 - 2016-10-04 19:34 - 00000000 ____D C:\Program Files\AMD
2016-10-04 17:33 - 2016-10-04 17:33 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Kai\Downloads\autodetectutility (2).exe
2016-10-04 17:24 - 2016-10-04 17:24 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Kai\Downloads\autodetectutility (1).exe
2016-10-04 16:06 - 2016-10-07 15:19 - 00000000 ____D C:\Users\Kai\lpthw
2016-10-04 15:58 - 2016-10-04 15:58 - 00000000 ____D C:\Python27
2016-10-04 15:58 - 2016-10-04 15:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.7
2016-10-04 15:56 - 2016-10-04 15:57 - 18907136 _____ C:\Users\Kai\Downloads\python-2.7.12.msi
2016-09-29 12:41 - 2016-09-29 12:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2016-09-29 12:40 - 2016-09-29 12:40 - 00001753 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-09-29 12:40 - 2016-09-29 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-09-29 12:40 - 2016-09-29 12:40 - 00000000 ____D C:\Program Files\iTunes
2016-09-29 12:40 - 2016-09-29 12:40 - 00000000 ____D C:\Program Files\iPod
2016-09-27 15:13 - 2016-10-03 10:36 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-09-27 15:12 - 2016-09-30 12:28 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Raptr
2016-09-27 15:11 - 2016-10-09 16:26 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-09-27 15:04 - 2016-09-27 22:49 - 00000000 ____D C:\Users\Kai\Documents\FIFA 17
2016-09-27 15:04 - 2016-09-27 15:04 - 00000000 ____D C:\ProgramData\Electronic Arts
2016-09-27 14:51 - 2016-09-27 14:51 - 00000845 _____ C:\Users\Public\Desktop\FIFA 17.lnk
2016-09-27 14:51 - 2016-09-27 14:51 - 00000000 ___HD C:\Program Files\Common Files\EAInstaller
2016-09-27 14:51 - 2016-09-27 14:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 17
2016-09-27 14:19 - 2016-09-27 14:19 - 00000551 _____ C:\Users\Public\Desktop\Origin.lnk
2016-09-27 14:19 - 2016-09-27 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2016-09-27 14:17 - 2016-09-27 14:20 - 00000000 ____D C:\Users\Kai\AppData\Local\Origin
2016-09-27 14:17 - 2016-09-27 14:17 - 52491968 _____ (Electronic Arts) C:\Users\Kai\Downloads\OriginThinSetup.exe
2016-09-27 14:17 - 2016-09-27 14:17 - 00000000 ____D C:\Users\Kai\.QtWebEngineProcess
2016-09-27 14:17 - 2016-09-27 14:17 - 00000000 ____D C:\Users\Kai\.Origin
2016-09-26 14:04 - 2016-09-27 12:29 - 00000000 ____D C:\Users\Kai\temp
2016-09-22 10:30 - 2016-09-22 10:38 - 504551608 _____ C:\Users\Kai\Downloads\DoS EE-MegaPack GraphicMod (4.5) by A100N-65-4v5.rar
2016-09-22 10:22 - 2016-09-22 10:22 - 12667114 _____ C:\Users\Kai\Downloads\DDoSEE - EpicArmors-76-1-0.zip
2016-09-22 10:07 - 2016-09-22 10:07 - 00000890 _____ C:\Users\Public\Desktop\Nexus Mod Manager.lnk
2016-09-22 10:07 - 2016-09-22 10:07 - 00000000 ____D C:\Users\Kai\Documents\Nexus Mod Manager
2016-09-22 10:07 - 2016-09-22 10:07 - 00000000 ____D C:\Users\Kai\AppData\Local\Black_Tree_Gaming
2016-09-22 10:07 - 2016-09-22 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexus Mod Manager
2016-09-22 10:07 - 2016-09-22 10:07 - 00000000 ____D C:\Program Files\Nexus Mod Manager
2016-09-22 10:06 - 2016-09-22 10:07 - 06415064 _____ (Black Tree Gaming ) C:\Users\Kai\Downloads\Nexus Mod Manager-0.62.1.exe
2016-09-21 20:06 - 2016-09-21 20:06 - 00954351 _____ C:\Users\Kai\Downloads\learn-python-the-hard-way.pdf
2016-09-21 19:54 - 2016-09-21 19:55 - 650090751 _____ C:\Users\Kai\Downloads\LPTHW_All.zip
2016-09-21 11:54 - 2016-09-21 11:54 - 00018231 _____ C:\Users\Kai\Downloads\linkedin_connections_export_microsoft_outlook.csv
2016-09-21 09:11 - 2016-08-05 16:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-09-21 09:11 - 2016-08-05 16:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-09-17 21:50 - 2016-09-22 11:08 - 00000000 ____D C:\Users\Kai\Documents\Larian Studios
2016-09-17 18:54 - 2016-09-17 18:54 - 00000222 _____ C:\Users\Kai\Desktop\Divinity Original Sin Enhanced Edition.url
2016-09-17 10:20 - 2016-09-17 10:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-17 10:19 - 2016-09-17 10:19 - 22851472 _____ (Malwarebytes ) C:\Users\Kai\Downloads\mbam-setup-2.2.1.1043.exe
2016-09-17 10:16 - 2016-09-17 10:16 - 00003076 _____ C:\Windows\System32\Tasks\{835FAF66-9375-424A-B649-78303D9124B7}
2016-09-17 10:15 - 2016-09-17 10:15 - 00003566 _____ C:\Windows\System32\Tasks\{58BEC1A9-7A0F-444E-A8DF-AD8D6B349B22}
2016-09-17 10:06 - 2016-09-17 10:06 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Mozilla
2016-09-17 10:06 - 2016-09-17 10:06 - 00000000 ____D C:\Users\Kai\AppData\Local\A
2016-09-17 10:05 - 2016-09-17 10:06 - 07090176 _____ C:\Users\Kai\AppData\Roaming\agent.dat
2016-09-17 10:05 - 2016-09-17 10:06 - 00018432 _____ C:\Users\Kai\AppData\Roaming\Main.dat
2016-09-17 10:05 - 2016-09-17 10:05 - 00140288 _____ C:\Users\Kai\AppData\Roaming\Installer.dat
2016-09-17 09:29 - 2016-09-17 09:29 - 00003080 _____ C:\Windows\System32\Tasks\{64B81D62-F761-4BA9-992F-E71B1771E744}
2016-09-17 09:23 - 2016-09-17 09:23 - 00003082 _____ C:\Windows\System32\Tasks\{DA1D2B40-8A8D-4EF1-ACF2-B4A8077B57F0}
2016-09-17 09:12 - 2016-09-17 09:12 - 00000000 ____D C:\Users\Kai\AppData\Local\CrashRpt
2016-09-16 20:42 - 2016-09-16 20:42 - 08847888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2016-09-16 20:42 - 2016-09-16 20:42 - 00151056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2016-09-16 20:42 - 2016-09-16 20:42 - 00139720 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 15728008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 09093504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00523144 _____ (AMD) C:\Windows\system32\atieclxx.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00518536 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2016-09-16 20:41 - 2016-09-16 20:41 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00292744 _____ C:\Windows\system32\dgtrayicon.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00287112 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00286600 _____ (AMD) C:\Windows\system32\atitmm64.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00275336 _____ C:\Windows\system32\GameManager64.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00240008 _____ C:\Windows\SysWOW64\GameManager32.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00230280 _____ C:\Windows\system32\atieah64.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00208264 _____ C:\Windows\SysWOW64\atieah32.exe
2016-09-16 20:41 - 2016-09-16 20:41 - 00201608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00175496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00122760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00110472 _____ (AMD) C:\Windows\system32\atimuixx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00107400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2016-09-16 20:41 - 2016-09-16 20:41 - 00020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 14318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 10981024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 09387400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 08741256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 07571336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 02445192 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 02132872 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 01333128 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00997768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00997768 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00891272 _____ (AMD) C:\Windows\system32\coinst_16.40.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2016-09-16 20:40 - 2016-09-16 20:40 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2016-09-16 20:40 - 2016-09-16 20:40 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2016-09-16 20:40 - 2016-09-16 20:40 - 00248200 _____ C:\Windows\system32\amdgfxinfo64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00221064 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00160136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00155016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00145400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00141280 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00136584 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00129416 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00125288 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00124776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00117640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00109856 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00108424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2016-09-16 20:40 - 2016-09-16 20:40 - 00065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2016-09-16 20:40 - 2016-09-16 20:40 - 00059784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 48824200 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 27489672 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 21640584 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 07062920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00749960 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00625032 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00269192 _____ C:\Windows\system32\clinfo.exe
2016-09-16 20:39 - 2016-09-16 20:39 - 00267656 _____ C:\Windows\system32\hsa-thunk64.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00233352 _____ C:\Windows\SysWOW64\hsa-thunk.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00134536 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2016-09-16 20:39 - 2016-09-16 20:39 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2016-09-16 20:38 - 2016-09-16 20:38 - 38268808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-09-16 20:38 - 2016-09-16 20:38 - 33239432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2016-09-16 20:38 - 2016-09-16 20:38 - 27287944 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2016-09-16 20:37 - 2016-09-16 20:37 - 26550784 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2016-09-16 20:00 - 2016-09-16 20:00 - 00751344 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-09-16 20:00 - 2016-09-16 20:00 - 00751344 _____ C:\Windows\system32\atiapfxx.blb
2016-09-16 19:58 - 2016-09-16 19:58 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2016-09-16 19:54 - 2016-09-16 19:54 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2016-09-14 12:53 - 2016-09-01 20:26 - 00394440 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-09-14 12:53 - 2016-09-01 19:41 - 00346320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-09-14 12:53 - 2016-09-01 04:18 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-09-14 12:53 - 2016-09-01 04:08 - 20312064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-09-14 12:53 - 2016-09-01 03:48 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-09-14 12:53 - 2016-09-01 03:46 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-09-14 12:53 - 2016-09-01 03:46 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-09-14 12:53 - 2016-09-01 03:46 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-09-14 12:53 - 2016-09-01 03:44 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-09-14 12:53 - 2016-09-01 03:34 - 02286592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-09-14 12:53 - 2016-09-01 03:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-09-14 12:53 - 2016-09-01 03:31 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-09-14 12:53 - 2016-09-01 03:26 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-09-14 12:53 - 2016-09-01 03:24 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-09-14 12:53 - 2016-09-01 03:24 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-09-14 12:53 - 2016-09-01 03:23 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-09-14 12:53 - 2016-09-01 03:08 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-09-14 12:53 - 2016-09-01 02:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-09-14 12:53 - 2016-09-01 02:57 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-09-14 12:53 - 2016-09-01 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-09-14 12:53 - 2016-09-01 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-09-14 12:53 - 2016-09-01 02:48 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-09-14 12:53 - 2016-09-01 02:45 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-09-14 12:53 - 2016-09-01 02:34 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-09-14 12:53 - 2016-09-01 02:30 - 00692736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-09-14 12:53 - 2016-09-01 02:29 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-09-14 12:53 - 2016-09-01 02:29 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-09-14 12:53 - 2016-09-01 02:27 - 13808128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-09-14 12:53 - 2016-09-01 02:24 - 04607488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-09-14 12:53 - 2016-09-01 01:45 - 25770496 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-09-14 12:53 - 2016-09-01 01:43 - 02445824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-09-14 12:53 - 2016-09-01 01:42 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-09-14 12:53 - 2016-09-01 01:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-09-14 12:53 - 2016-09-01 01:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-09-14 12:53 - 2016-09-01 01:38 - 01316352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-09-14 12:53 - 2016-09-01 01:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-09-14 12:53 - 2016-09-01 01:24 - 02894336 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-09-14 12:53 - 2016-09-01 01:24 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-09-14 12:53 - 2016-09-01 01:24 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-09-14 12:53 - 2016-09-01 01:24 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-09-14 12:53 - 2016-09-01 01:24 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-09-14 12:53 - 2016-09-01 01:16 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-09-14 12:53 - 2016-09-01 01:15 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-09-14 12:53 - 2016-09-01 01:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-09-14 12:53 - 2016-09-01 01:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-09-14 12:53 - 2016-09-01 01:11 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-09-14 12:53 - 2016-09-01 01:10 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-09-14 12:53 - 2016-09-01 01:10 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-09-14 12:53 - 2016-09-01 01:06 - 06047232 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-09-14 12:53 - 2016-09-01 01:03 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-09-14 12:53 - 2016-09-01 00:59 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-09-14 12:53 - 2016-09-01 00:51 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-09-14 12:53 - 2016-09-01 00:50 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-09-14 12:53 - 2016-09-01 00:47 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-09-14 12:53 - 2016-09-01 00:46 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-09-14 12:53 - 2016-09-01 00:44 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-09-14 12:53 - 2016-09-01 00:42 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-09-14 12:53 - 2016-09-01 00:31 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-09-14 12:53 - 2016-09-01 00:29 - 00724992 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-09-14 12:53 - 2016-09-01 00:28 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-09-14 12:53 - 2016-09-01 00:27 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-09-14 12:53 - 2016-09-01 00:26 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-09-14 12:53 - 2016-09-01 00:15 - 15411712 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-09-14 12:53 - 2016-09-01 00:10 - 02921472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-09-14 12:53 - 2016-08-31 23:58 - 01550848 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-09-14 12:53 - 2016-08-31 23:47 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-09-14 12:53 - 2016-08-12 17:26 - 00464896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2016-09-14 12:53 - 2016-08-12 17:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-09-14 12:53 - 2016-08-12 17:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2016-09-14 12:52 - 2016-09-02 16:40 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-09-14 12:52 - 2016-09-02 16:35 - 05548264 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-09-14 12:52 - 2016-09-02 16:35 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-09-14 12:52 - 2016-09-02 16:35 - 00154856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-09-14 12:52 - 2016-09-02 16:35 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-09-14 12:52 - 2016-09-02 16:34 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-09-14 12:52 - 2016-09-02 16:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:21 - 04000488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-09-14 12:52 - 2016-09-02 16:21 - 03944680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-09-14 12:52 - 2016-09-02 16:18 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 16:02 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-09-14 12:52 - 2016-09-02 16:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-09-14 12:52 - 2016-09-02 16:02 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-09-14 12:52 - 2016-09-02 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-09-14 12:52 - 2016-09-02 15:58 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-09-14 12:52 - 2016-09-02 15:57 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-09-14 12:52 - 2016-09-02 15:55 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-09-14 12:52 - 2016-09-02 15:54 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-09-14 12:52 - 2016-09-02 15:54 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-09-14 12:52 - 2016-09-02 15:53 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-09-14 12:52 - 2016-09-02 15:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-09-14 12:52 - 2016-09-02 15:53 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-09-14 12:52 - 2016-09-02 15:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-09-14 12:52 - 2016-09-02 15:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-09-14 12:52 - 2016-09-02 15:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-09-14 12:52 - 2016-09-02 15:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-09-14 12:52 - 2016-09-02 15:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-09-14 12:52 - 2016-09-02 15:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 15:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 15:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-09-14 12:52 - 2016-09-02 15:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-09-14 12:52 - 2016-08-16 18:36 - 01009152 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-09-14 12:52 - 2016-08-16 03:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-09-14 12:52 - 2016-08-16 03:35 - 03218432 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-09-14 12:52 - 2016-08-06 16:31 - 00877056 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2016-09-14 12:52 - 2016-08-06 16:15 - 00581632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2016-09-14 12:52 - 2016-07-07 16:36 - 01896168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-09-14 12:52 - 2016-07-07 16:36 - 00377576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-09-14 12:52 - 2016-07-07 16:36 - 00287976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-09-14 12:52 - 2016-07-07 16:08 - 00046080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2016-09-14 12:52 - 2016-07-01 16:31 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-09-14 12:52 - 2016-07-01 16:31 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\INETRES.dll
2016-09-14 12:52 - 2016-07-01 16:13 - 00741888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-09-14 12:52 - 2016-07-01 16:13 - 00084480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\INETRES.dll
2016-09-14 12:52 - 2016-06-06 17:50 - 01483264 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-09-14 12:52 - 2016-06-06 17:50 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-09-14 12:52 - 2016-06-06 17:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-09-14 12:52 - 2016-06-06 17:50 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-09-14 12:52 - 2016-06-06 16:23 - 01176064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-09-14 12:52 - 2016-06-06 16:23 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-09-14 12:52 - 2016-06-06 16:23 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-09-14 12:52 - 2016-06-06 16:23 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-09-14 12:52 - 2016-05-13 23:09 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-09-14 12:52 - 2016-05-13 23:09 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-09-14 12:52 - 2016-05-13 23:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-09-14 12:52 - 2016-05-13 23:07 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-09-14 12:52 - 2016-05-13 22:55 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-09-14 12:52 - 2016-05-13 22:53 - 00709120 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-09-14 12:52 - 2016-05-13 22:53 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-09-14 12:52 - 2016-05-13 22:52 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-09-14 12:52 - 2016-05-13 22:52 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-09-14 12:52 - 2016-05-13 22:52 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-09-14 12:52 - 2016-05-13 22:52 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2016-09-14 12:52 - 2016-05-13 22:50 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-09-14 12:52 - 2016-05-13 22:38 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-09-14 12:52 - 2016-05-13 22:38 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-09-14 12:52 - 2016-05-13 22:38 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-09-14 12:52 - 2016-05-13 22:38 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2016-09-14 12:52 - 2016-05-12 18:14 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2016-09-14 12:52 - 2016-05-12 16:18 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2016-09-14 12:52 - 2016-05-12 16:18 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2016-09-14 12:52 - 2016-05-04 18:21 - 00114408 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2016-09-14 12:52 - 2016-05-04 18:17 - 03244032 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2016-09-14 12:52 - 2016-05-04 18:17 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2016-09-14 12:52 - 2016-05-04 18:16 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-09-14 12:52 - 2016-05-04 18:16 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2016-09-14 12:52 - 2016-05-04 16:04 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2016-09-14 12:52 - 2016-05-04 15:55 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2016-09-12 20:50 - 2016-09-12 20:50 - 00000000 ____D C:\ProgramData\GeoComply
2016-09-12 20:49 - 2016-09-17 10:34 - 00001982 _____ C:\ProgramData\Microsoft\Windows\Start Menu\PokerStars.uk.lnk
2016-09-12 20:49 - 2016-09-17 10:34 - 00001970 _____ C:\Users\Public\Desktop\PokerStars.uk.lnk
2016-09-12 20:49 - 2016-09-12 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.UK
2016-09-12 20:48 - 2016-09-12 20:48 - 00000000 ____D C:\New folder
2016-09-12 20:47 - 2016-09-12 20:48 - 87443704 _____ (Rational Intellectual Holdings Ltd.) C:\Users\Kai\Downloads\PokerStarsInstallUK.exe
2016-09-12 16:19 - 2016-09-12 16:19 - 00380799 _____ C:\Users\Kai\Downloads\Weekly Mon-Fri Schedule Excel Template (1).xlsx
2016-09-12 16:12 - 2016-09-12 16:12 - 00380799 _____ C:\Users\Kai\Downloads\Weekly Mon-Fri Schedule Excel Template.xlsx
2016-09-12 16:07 - 2016-09-12 16:07 - 00269692 _____ C:\Users\Kai\Downloads\Daily Schedule Excel Template.xlsx
2016-09-12 10:15 - 2016-09-12 10:15 - 00394240 ____H C:\Windows\system32\BITE89.tmp
2016-09-12 10:15 - 2016-09-12 10:15 - 00394240 ____H C:\Windows\system32\BIT1FA1.tmp
2016-09-12 10:15 - 2016-09-12 10:15 - 00394240 ____H C:\Windows\system32\BIT135C.tmp
2016-09-12 10:15 - 2016-09-12 10:15 - 00394240 ____H C:\Windows\system32\BIT12DE.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-10-09 16:28 - 2015-10-15 19:11 - 00000566 _____ C:\Windows\Tasks\MATLAB R2015b Startup Accelerator.job
2016-10-09 16:28 - 2015-04-21 09:19 - 00000000 ____D C:\Users\postgres
2016-10-09 16:28 - 2015-03-16 01:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-09 16:28 - 2015-03-15 23:51 - 00000000 ____D C:\Users\Kai
2016-10-09 16:27 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-10-09 16:27 - 2009-07-14 05:45 - 00425896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-10-09 16:25 - 2015-11-06 23:13 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Origin
2016-10-09 16:17 - 2015-03-16 02:05 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-10-09 15:44 - 2015-03-16 01:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-09 14:43 - 2009-07-14 05:45 - 00017888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-10-09 14:43 - 2009-07-14 05:45 - 00017888 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-10-09 14:37 - 2016-01-24 23:38 - 00000000 ____D C:\Users\Kai\AppData\Local\Battle.net
2016-10-09 14:37 - 2016-01-24 23:37 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-08 15:32 - 2009-07-14 06:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2016-10-08 15:32 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\inf
2016-10-06 10:04 - 2015-11-06 23:12 - 00000000 ____D C:\ProgramData\Origin
2016-10-06 10:00 - 2015-03-16 00:32 - 00111848 _____ C:\Users\Kai\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-06 09:50 - 2015-08-10 17:07 - 00000000 ____D C:\ProgramData\Adobe
2016-10-06 09:50 - 2015-08-10 17:07 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-10-06 09:49 - 2015-03-16 01:20 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Adobe
2016-10-06 09:46 - 2015-03-21 11:58 - 00336170 _____ C:\Windows\ntbtlog.txt
2016-10-06 09:22 - 2015-08-10 22:26 - 00000000 ____D C:\Users\Kai\AppData\Roaming\uTorrent
2016-10-05 14:32 - 2015-09-18 17:32 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-10-05 14:19 - 2015-08-11 14:32 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-10-05 14:19 - 2015-08-11 08:30 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-10-05 14:19 - 2015-03-17 00:24 - 00000000 ____D C:\Users\Kai\AppData\Local\Adobe
2016-10-05 14:12 - 2015-08-11 14:01 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-10-04 20:24 - 2016-01-24 23:39 - 00000000 ____D C:\Program Files (x86)\Hearthstone
2016-10-04 19:33 - 2015-03-11 21:29 - 00000000 ____D C:\AMD
2016-10-04 17:15 - 2015-03-16 00:21 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-03 20:47 - 2015-03-16 01:56 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-01 20:27 - 2016-05-30 21:40 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-09-29 12:40 - 2015-08-03 17:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-09-29 10:32 - 2015-10-02 16:18 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-09-29 10:31 - 2015-10-02 16:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-09-28 12:00 - 2015-03-16 00:32 - 00002154 _____ C:\Windows\epplauncher.mif
2016-09-28 12:00 - 2015-03-16 00:32 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2016-09-28 12:00 - 2015-03-16 00:32 - 00000000 ____D C:\Program Files\Microsoft Security Client
2016-09-28 12:00 - 2015-03-16 00:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2016-09-27 14:51 - 2015-03-16 00:13 - 00000000 ____D C:\ProgramData\Package Cache
2016-09-27 12:02 - 2015-10-28 16:05 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Notepad++
2016-09-26 22:00 - 2015-03-16 02:41 - 00000000 ____D C:\Users\Kai\AppData\Local\PokerStars.UK
2016-09-26 20:17 - 2015-03-16 01:57 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-23 08:00 - 2016-07-25 09:04 - 00000000 ____D C:\Users\Kai\AppData\Roaming\HearthstoneDeckTracker
2016-09-23 07:51 - 2016-07-21 21:26 - 00000000 ____D C:\Users\Kai\Desktop\Hearthstone Deck Tracker
2016-09-21 20:04 - 2015-11-10 15:22 - 00000000 ____D C:\Users\Kai\Desktop\Quest
2016-09-18 09:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PLA
2016-09-18 00:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2016-09-17 10:35 - 2015-03-16 01:53 - 00000000 ____D C:\Users\Kai\AppData\Local\Apps\2.0
2016-09-17 10:34 - 2016-09-05 19:53 - 00001947 _____ C:\Users\Public\Desktop\Sonos.lnk
2016-09-17 10:34 - 2016-09-01 10:01 - 00001965 _____ C:\Users\Kai\Desktop\Audible Manager.lnk
2016-09-17 10:34 - 2016-08-08 19:38 - 00000625 _____ C:\Users\Public\Desktop\StarCraft II.lnk
2016-09-17 10:34 - 2016-08-02 21:04 - 00001132 _____ C:\Users\Public\Desktop\Diablo III.lnk
2016-09-17 10:34 - 2016-06-15 12:18 - 00002112 _____ C:\Users\Public\Desktop\XLSTAT 2016.lnk
2016-09-17 10:34 - 2016-05-30 22:27 - 00001088 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-09-17 10:34 - 2016-01-24 23:40 - 00001175 _____ C:\Users\Public\Desktop\Hearthstone.lnk
2016-09-17 10:34 - 2016-01-24 23:38 - 00001138 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-09-17 10:34 - 2015-12-01 17:49 - 00002023 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk
2016-09-17 10:34 - 2015-10-28 16:26 - 00000948 _____ C:\Users\Kai\Desktop\StataSE 13 (64-bit).lnk
2016-09-17 10:34 - 2015-10-15 19:12 - 00001313 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MATLAB R2015b (32-bit).lnk
2016-09-17 10:34 - 2015-10-15 19:12 - 00001307 _____ C:\Users\Public\Desktop\MATLAB R2015b (32-bit).lnk
2016-09-17 10:34 - 2015-10-02 16:34 - 00002146 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002404 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002367 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002366 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002360 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2016-09-17 10:34 - 2015-10-02 16:21 - 00002346 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2016-09-17 10:34 - 2015-09-08 14:25 - 00001763 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2016-09-17 10:34 - 2015-09-08 14:25 - 00001757 _____ C:\Users\Kai\Desktop\Spotify.lnk
2016-09-17 10:34 - 2015-08-31 13:36 - 00000886 _____ C:\Users\Public\Desktop\Tracktion 5 (x64).lnk
2016-09-17 10:34 - 2015-08-10 17:07 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-09-17 10:34 - 2015-08-10 17:07 - 00002013 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-09-17 10:34 - 2015-08-03 17:54 - 00001204 _____ C:\Users\Public\Desktop\AnyTrans.lnk
2016-09-17 10:34 - 2015-08-03 17:46 - 00002507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-09-17 10:34 - 2015-05-19 15:38 - 00001049 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2016-09-17 10:34 - 2015-04-26 17:40 - 00002691 _____ C:\Users\Public\Desktop\Skype.lnk
2016-09-17 10:34 - 2015-03-20 20:52 - 00000834 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-09-17 10:34 - 2015-03-16 06:49 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-09-17 10:34 - 2015-03-16 06:49 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-09-17 10:34 - 2015-03-16 02:04 - 00002339 _____ C:\Users\Kai\Desktop\ICMIZER.lnk
2016-09-17 10:34 - 2015-03-16 01:57 - 00000957 _____ C:\Users\Public\Desktop\Steam.lnk
2016-09-17 10:34 - 2015-03-16 01:43 - 00001044 _____ C:\Users\Public\Desktop\GPUTweakStreaming.lnk
2016-09-17 10:34 - 2015-03-16 01:43 - 00001037 _____ C:\Users\Public\Desktop\ASUS GPU Tweak.lnk
2016-09-17 10:34 - 2015-03-16 00:25 - 00002093 _____ C:\Users\Public\Desktop\ASUS PCE-N15 WLAN Control Center.lnk
2016-09-17 10:34 - 2015-03-15 23:52 - 00001389 _____ C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-09-17 10:34 - 2009-07-14 06:01 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2016-09-17 10:34 - 2009-07-14 05:57 - 00001535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-09-17 10:34 - 2009-07-14 05:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2016-09-17 10:34 - 2009-07-14 05:57 - 00001318 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2016-09-17 10:34 - 2009-07-14 05:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2016-09-17 10:34 - 2009-07-14 05:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2016-09-17 10:34 - 2009-07-14 05:49 - 00001266 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2016-09-17 09:23 - 2015-07-28 17:04 - 00000000 ____D C:\ProgramData\Driving Test Success
2016-09-17 09:09 - 2015-09-08 14:24 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Spotify
2016-09-16 20:42 - 2016-07-18 23:21 - 07213248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2016-09-16 20:42 - 2016-07-18 23:21 - 00170072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2016-09-16 20:42 - 2016-07-18 23:21 - 00123776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2016-09-16 20:41 - 2016-07-18 23:21 - 10936704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2016-09-16 20:41 - 2016-07-18 23:21 - 09983912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2016-09-16 20:41 - 2016-07-18 23:21 - 01549272 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2016-09-16 20:40 - 2016-07-18 23:21 - 01272184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2016-09-16 14:41 - 2015-09-08 14:25 - 00000000 ____D C:\Users\Kai\AppData\Local\Spotify
2016-09-16 12:17 - 2015-03-16 02:05 - 00796352 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-09-16 12:17 - 2015-03-16 02:05 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-16 12:17 - 2015-03-16 02:05 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-09-16 12:17 - 2015-03-16 02:05 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-09-16 12:17 - 2015-03-16 02:05 - 00000000 ____D C:\Windows\system32\Macromed
2016-09-15 19:39 - 2016-09-05 19:53 - 00000000 ____D C:\ProgramData\Sonos,_Inc
2016-09-15 12:04 - 2015-03-16 02:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-09-15 12:03 - 2015-03-16 02:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-09-15 12:03 - 2015-03-16 02:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-09-15 12:03 - 2015-03-16 01:13 - 00000000 ____D C:\Windows\system32\MRT
2016-09-15 12:00 - 2015-03-16 01:13 - 144199024 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-09-13 13:14 - 2016-09-05 19:53 - 00000000 ____D C:\Users\Kai\AppData\Local\Downloaded Installations
2016-09-13 13:14 - 2016-09-05 19:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sonos
2016-09-13 13:14 - 2016-09-05 19:53 - 00000000 ____D C:\Program Files (x86)\Sonos
2016-09-12 20:55 - 2015-03-15 23:51 - 00000000 ____D C:\Users\Kai\AppData\Local\VirtualStore
2016-09-12 20:49 - 2015-03-16 02:41 - 00000000 ____D C:\Program Files (x86)\PokerStars.UK
2016-09-12 15:02 - 2015-10-02 15:39 - 00000000 ____D C:\Users\Kai\Desktop\Cambridge University
 
==================== Files in the root of some directories =======
 
2016-09-17 10:05 - 2016-09-17 10:06 - 7090176 _____ () C:\Users\Kai\AppData\Roaming\agent.dat
2016-09-17 10:05 - 2016-09-17 10:05 - 0140288 _____ () C:\Users\Kai\AppData\Roaming\Installer.dat
2016-09-17 10:05 - 2016-09-17 10:06 - 0018432 _____ () C:\Users\Kai\AppData\Roaming\Main.dat
2015-08-31 13:45 - 2012-02-03 08:09 - 0126976 _____ (Thesycon GmbH) C:\ProgramData\CNE6D14.tmp
2015-08-31 13:47 - 2012-02-03 08:09 - 0126976 _____ (Thesycon GmbH) C:\ProgramData\CNEE781.tmp
2015-03-16 00:22 - 2015-03-16 00:22 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-04-21 19:44 - 2015-04-21 19:44 - 0000016 _____ () C:\ProgramData\mntemp
 
Some files in TEMP:
====================
C:\Users\Kai\AppData\Local\Temp\3JDDFEWSFI.exe
C:\Users\Kai\AppData\Local\Temp\3XETXU8HMJ.exe
C:\Users\Kai\AppData\Local\Temp\566UKKGX16.exe
C:\Users\Kai\AppData\Local\Temp\56T5ZDGGMK.exe
C:\Users\Kai\AppData\Local\Temp\amd-catalyst-omega-14.12-without-dotnet45-win7-64bit.exe
C:\Users\Kai\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Kai\AppData\Local\Temp\AutoDetectUtilApp.exe
C:\Users\Kai\AppData\Local\Temp\Cleanup.dll
C:\Users\Kai\AppData\Local\Temp\ddu.exe
C:\Users\Kai\AppData\Local\Temp\difxapi.dll
C:\Users\Kai\AppData\Local\Temp\LEY4RBEVS8.exe
C:\Users\Kai\AppData\Local\Temp\libeay32.dll
C:\Users\Kai\AppData\Local\Temp\M8L6QL7HXJ.exe
C:\Users\Kai\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Kai\AppData\Local\Temp\msvcm80.dll
C:\Users\Kai\AppData\Local\Temp\msvcp80.dll
C:\Users\Kai\AppData\Local\Temp\msvcr120.dll
C:\Users\Kai\AppData\Local\Temp\msvcr80.dll
C:\Users\Kai\AppData\Local\Temp\npp.6.9.2.Installer.exe
C:\Users\Kai\AppData\Local\Temp\nsb77EF.tmp.exe
C:\Users\Kai\AppData\Local\Temp\nsrC821.tmp.exe
C:\Users\Kai\AppData\Local\Temp\nss7C4E.tmp.exe
C:\Users\Kai\AppData\Local\Temp\nswBDE4.tmp.exe
C:\Users\Kai\AppData\Local\Temp\nszC723.tmp.exe
C:\Users\Kai\AppData\Local\Temp\P262IY3K1L.exe
C:\Users\Kai\AppData\Local\Temp\PHPP4OOWGY.exe
C:\Users\Kai\AppData\Local\Temp\playstv_patch.exe
C:\Users\Kai\AppData\Local\Temp\radeon-crimson-16.7.3-minimalsetup-160728.exe
C:\Users\Kai\AppData\Local\Temp\radeon-crimson-16.7.3-without-dotnet45-win7-64bit.exe
C:\Users\Kai\AppData\Local\Temp\raptrpatch.exe
C:\Users\Kai\AppData\Local\Temp\raptr_stub.exe
C:\Users\Kai\AppData\Local\Temp\S0O9OMFANP.exe
C:\Users\Kai\AppData\Local\Temp\setup.exe
C:\Users\Kai\AppData\Local\Temp\sqlite3.dll
C:\Users\Kai\AppData\Local\Temp\tmp3A70.exe
C:\Users\Kai\AppData\Local\Temp\tmpBD07.exe
C:\Users\Kai\AppData\Local\Temp\tmpC5CD.exe
C:\Users\Kai\AppData\Local\Temp\uninstall.exe
C:\Users\Kai\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Kai\AppData\Local\Temp\YGIH826J3W.exe
C:\Users\Kai\AppData\Local\Temp\_is7589.exe
C:\Users\Kai\AppData\Local\Temp\_unps.exe
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-09-26 17:15
 
==================== End of FRST.txt ============================
 

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 10 October 2016 - 09:41 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:

Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E205... (long line)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Hzftptn095001BU,6674978d-398e-4ef0-8358-5c4efe03d2bf,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29]
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S1 vgmxlgiy; \??\C:\Windows\system32\drivers\vgmxlgiy.sys [X]
Task: {8CCAE11A-055D-4EF4-9565-D222ECEFA842} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <==== ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

Please post the logs and let me know what problem persists.

#5 OhHaiKai

OhHaiKai
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 10 October 2016 - 09:57 AM

Fixlog

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 09-10-2016

Ran by Kai (10-10-2016 15:45:09) Run:1
Running from C:\Users\Kai\Desktop\FRST64
Loaded Profiles: Kai & postgres (Available Profiles: Kai & postgres)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
start
 
 
CreateRestorePoint:
EmptyTemp:
CloseProcesses:
Hosts:
 
Hosts: 0x2320436F707972696768742028632920313939332D32303039204D6963726F736F667420436F72702E0D0A230D0A23205468697320697320612073616D706C6520484F5354532066696C652075736564206279204D6963726F736F6674205443502F495020666F722057696E646F77732E0D0A230D0A2320546869732066696C6520636F6E7461696E7320746865206D617070696E6773206F662049502061646472657373657320746F20686F7374206E616D65732E20456163680D0A2320656E7472792073686F756C64206265206B657074206F6E20616E20696E646976696475616C206C696E652E205... (long line)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
CHR DefaultSearchURL: Default ->
hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Hzftptn095001BU,6674978d-398e-4ef0-8358-5c4efe03d2bf,
CHR DefaultSearchKeyword: Default -> www-searching.com
CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}
CHR Extension: (Chrome Web Store Payments) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-17]
CHR Extension: (Chrome Media Router) - C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-29]
S2 nlsX86cc; C:\Windows\SysWOW64\nlssrv32.exe [X]
R4 IOMap; \??\C:\Windows\system32\drivers\IOMap64.sys [X]
S1 vgmxlgiy; \??\C:\Windows\system32\drivers\vgmxlgiy.sys [X]
Task: {8CCAE11A-055D-4EF4-9565-D222ECEFA842} - \e02c4bd5-54d5-4470-9ea0-a68d88112c00 -> No File <====
ATTENTION
AlternateDataStreams: C:\Windows:nlsPreferences [386]
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
Chrome DefaultSearchURL => removed successfully
hxxp://www-searching.com/search.aspx?site=shdefault1&prd=smw&pid=s&shr=d&q={searchTerms}&s=G9Hzftptn095001BU,6674978d-398e-4ef0-8358-5c4efe03d2bf, => Error: No automatic fix found for this entry.
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultSuggestURL => removed successfully
C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda => moved successfully
C:\Users\Kai\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm => moved successfully
nlsX86cc => service removed successfully
IOMap => Unable to stop service.
IOMap => service could not remove
vgmxlgiy => service removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8CCAE11A-055D-4EF4-9565-D222ECEFA842}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8CCAE11A-055D-4EF4-9565-D222ECEFA842}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\e02c4bd5-54d5-4470-9ea0-a68d88112c00" => key removed successfully
ATTENTION => Error: No automatic fix found for this entry.
C:\Windows => ":nlsPreferences" ADS removed successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 25208294 B
Java, Flash, Steam htmlcache => 365466752 B
Windows/system/drivers => 553622765 B
Edge => 0 B
Chrome => 809735110 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 58504039 B
systemprofile32 => 69628 B
LocalService => 43026 B
NetworkService => 18563276 B
Kai => 3171649031 B
postgres => 0 B
 
RecycleBin => 4321798867 B
EmptyTemp: => 8.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 15:45:35 ====
 
 
 
JRT
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.9 (09.30.2016)
Operating System: Windows 7 Home Premium x64 
Ran by Kai (Administrator) on Mon 10/10/2016 at 15:52:25.14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\ProgramData\mntemp (File) 
Successfully deleted: C:\Users\Kai\AppData\Local\crashrpt (Folder) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 10/10/2016 at 15:53:24.15
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 10 October 2016 - 12:34 PM

How is the computer running now?

#7 OhHaiKai

OhHaiKai
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:36 AM

Posted 10 October 2016 - 02:13 PM

Hi, 

 

I think it has solved the issue. I'll post again tomorrow to confirm. 

 

Thank you so much for your help!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,576 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:36 AM

Posted 11 October 2016 - 09:34 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users