Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

User32.dll missing dll signatures


  • This topic is locked This topic is locked
31 replies to this topic

#1 Pap001

Pap001

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 06 November 2016 - 08:26 AM

Hello,
 
I was recently getting a very sluggish keyboard (using wireless kbyd+mouse and a usb mouse) on a coputer barely few months old. I deleted all keyboards from device manager, restarted pc and the problem was solved.
 
I changed my antivirus to Avira, and user32.dll was reported as infected (HEUR/Modified.SystemFile). Avira antivirus cannot fix it.
 
 
I ran rkill.exe from desktop and sure enough user32.dll signatures where missing. Then ran FRST64.exe from desktop of user1, and user2. The logs are attached here.
 
before this, as preparations:
disabled system restore.
installed zonealarm free firewall
used defogger to disable drive emulation
ran rkill.exe from desktop (log attached)
restarted computer
ran frst64 from user1 (logs attached before rkill.txt)
ran frst64 from user2 (without restarting. logs attached after rkill.txt)
 
Is there some malicious backdoor trojan on my computer? Please helpAttached File  FRST.txt   101.86KB   2 downloadsAttached File  Addition.txt   26.72KB   2 downloadsAttached File  Rkill.txt   5.1KB   2 downloadsAttached File  FRST.txt   103.87KB   0 downloadsAttached File  Addition.txt   26.96KB   0 downloads
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Administrator (administrator) on PARAG-PC (06-11-2016 18:20:06)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Parag & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
() C:\Program Files (x86)\ASUS\APRP\aprp.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Flux Software LLC) C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Tixati Software Inc.) C:\Program Files (x86)\tixati\tixati.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Palemoon_x86\Palemoon-Portable.exe
(Moonchild Productions) C:\Palemoon_x86\Bin\Palemoon\palemoon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896 2016-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-04] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] => C:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe [235004 2011-04-14] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-10-11] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [f.lux] => C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [HEXelon MAX] => C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe [2816512 2007-06-28] (Jerzy Znamirowski)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBBB7CC5-C269-487F-82FC-EB2E8F9832AB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2855634118-3034471008-3255769274-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-05] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-05] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-05] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-05] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-11-06]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [337664 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353384 2015-11-02] (Intel Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-10-11] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-10-06] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [796472 2016-10-11] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [31720 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-07-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2016-11-05] (Duplex Secure Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462272 2016-10-11] (Check Point Software Technologies Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 18:20 - 2016-11-06 18:20 - 00013750 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-11-06 18:12 - 2016-11-06 18:15 - 02410496 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-11-06 18:02 - 2016-11-06 18:02 - 00005220 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-11-06 17:53 - 2016-11-06 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-11-06 17:53 - 2016-11-06 17:53 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-11-06 17:10 - 2016-11-06 17:10 - 00001908 _____ C:\Windows\diagwrn.xml
2016-11-06 17:10 - 2016-11-06 17:10 - 00001908 _____ C:\Windows\diagerr.xml
2016-11-06 17:04 - 2016-11-06 15:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-11-06 16:47 - 2016-11-06 16:47 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2016-11-06 16:45 - 2016-11-06 16:45 - 00000020 _____ C:\Users\Administrator\defogger_reenable
2016-11-06 16:44 - 2016-11-06 16:44 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe
2016-11-06 16:39 - 2016-11-06 16:39 - 00439594 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-11-06 16:39 - 2016-11-06 16:39 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-11-06 16:39 - 2016-11-06 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-11-06 16:27 - 2016-11-06 16:38 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-11-06 16:26 - 2016-11-06 16:26 - 00000000 ____D C:\ProgramData\CheckPoint
2016-11-06 16:15 - 2016-11-06 18:20 - 00000000 ____D C:\FRST
2016-11-06 00:58 - 2016-11-06 00:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HEXelon
2016-11-05 23:53 - 2016-11-06 18:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\tixati
2016-11-05 23:53 - 2016-11-05 23:53 - 00000979 _____ C:\Users\Administrator\Desktop\Tixati.lnk
2016-11-05 23:53 - 2016-11-05 23:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-11-05 23:53 - 2016-11-05 23:53 - 00000000 ____D C:\Program Files (x86)\tixati
2016-11-05 23:25 - 2016-11-06 17:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2016-11-05 21:04 - 2016-11-05 21:12 - 00000000 ____D C:\Users\Administrator\T-Engine
2016-11-05 20:56 - 2016-11-05 20:56 - 00000000 ____D C:\Users\Administrator\Documents\Larian Studios
2016-11-05 18:15 - 2016-11-05 18:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Steam
2016-11-05 18:11 - 2016-11-05 18:11 - 00000715 _____ C:\Users\Administrator\Desktop\Grim Dawn Crucible.lnk
2016-11-05 18:11 - 2016-11-05 18:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grim Dawn Crucible
2016-11-05 17:40 - 2016-11-05 17:55 - 00000000 ____D C:\Users\Administrator\GDStash
2016-11-05 13:49 - 2016-11-05 13:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soul's Software
2016-11-05 13:47 - 2016-11-05 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2016-11-05 13:47 - 2016-11-05 13:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-11-05 13:40 - 2016-11-05 18:15 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2016-11-05 13:39 - 2015-07-18 18:38 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-11-05 01:47 - 2016-11-05 01:47 - 00000690 _____ C:\Users\Administrator\Desktop\Tale of Wuxia.lnk
2016-11-05 01:47 - 2016-11-05 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tale of Wuxia
2016-11-05 01:38 - 2016-11-05 01:38 - 00000222 _____ C:\Users\Administrator\Desktop\Divinity Original Sin 2.url
2016-11-05 01:38 - 2016-11-05 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2016-11-05 01:25 - 2016-11-05 01:25 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-05 01:25 - 2016-11-05 01:25 - 00000000 ____D C:\Program Files\Java
2016-11-05 01:24 - 2016-11-05 01:24 - 00000000 ____D C:\Windows\Sun
2016-11-05 01:22 - 2016-11-05 01:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2016-11-05 01:15 - 2016-11-05 01:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2016-11-05 01:14 - 2016-11-05 01:14 - 00001060 _____ C:\Users\Public\Desktop\MPUI.lnk
2016-11-05 01:14 - 2016-11-05 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\MPlayer
2016-11-05 01:14 - 2016-11-05 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer for Windows
2016-11-05 01:13 - 2016-11-05 01:14 - 00000000 ____D C:\Program Files (x86)\MPlayer for Windows
2016-11-05 01:09 - 2016-11-05 01:09 - 00001043 _____ C:\Users\Parag\Desktop\Notepad++.lnk
2016-11-05 01:09 - 2016-11-05 01:09 - 00001043 _____ C:\Users\Administrator\Desktop\Notepad++.lnk
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-11-05 01:07 - 2016-11-05 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-05 01:07 - 2016-11-05 01:24 - 00000000 ____D C:\ProgramData\Oracle
2016-11-05 01:07 - 2016-11-05 01:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-05 01:05 - 2016-11-05 01:05 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-11-05 01:05 - 2016-11-05 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-11-05 01:05 - 2016-11-05 01:05 - 00000000 ____D C:\Program Files (x86)\Calibre2
2016-11-05 01:04 - 2016-11-05 01:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\CDisplayEx
2016-11-05 01:00 - 2016-11-05 01:00 - 00001890 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2016-11-05 01:00 - 2016-11-05 01:00 - 00000998 _____ C:\Users\Public\Desktop\IrfanView.lnk
2016-11-05 01:00 - 2016-11-05 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-11-05 01:00 - 2016-11-05 01:00 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-05 00:59 - 2016-11-05 00:59 - 00000961 _____ C:\Users\Parag\Desktop\HEXelon MAX 6.lnk
2016-11-05 00:59 - 2016-11-05 00:59 - 00000961 _____ C:\Users\Administrator\Desktop\HEXelon MAX 6.lnk
2016-11-05 00:59 - 2016-11-05 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEXelon MAX 6
2016-11-05 00:59 - 2016-11-05 00:59 - 00000000 ____D C:\Program Files (x86)\HEXelon MAX 6
2016-11-05 00:58 - 2016-11-05 00:58 - 00001031 _____ C:\Users\Administrator\Desktop\CDisplayEx.lnk
2016-11-05 00:58 - 2016-11-05 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2016-11-05 00:58 - 2016-11-05 00:58 - 00000000 ____D C:\Program Files (x86)\CDisplayEx
2016-11-05 00:57 - 2016-11-05 01:14 - 00001129 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2016-11-05 00:57 - 2016-11-05 00:58 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2016-11-05 00:57 - 2016-11-05 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2016-11-05 00:54 - 2016-11-05 00:55 - 00000000 ____D C:\Program Files (x86)\Hard Disk Sentinel
2016-11-05 00:54 - 2016-11-05 00:54 - 00001003 _____ C:\Users\Administrator\Desktop\Hard Disk Sentinel.lnk
2016-11-05 00:54 - 2016-11-05 00:54 - 00000000 ____D C:\Windows\System32\Tasks\HardDiskSentinel
2016-11-05 00:54 - 2016-11-05 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hard Disk Sentinel
2016-11-05 00:54 - 2016-11-05 00:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hard Disk Sentinel
2016-11-05 00:53 - 2016-11-05 00:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-05 00:48 - 2016-11-05 00:48 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2016-11-05 00:48 - 2016-11-05 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2016-11-05 00:44 - 2016-11-06 18:19 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-05 00:25 - 2016-11-06 17:11 - 00000555 _____ C:\Users\Administrator\Documents\ax_files.xml
2016-11-05 00:22 - 2016-11-05 00:22 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
2016-11-05 00:19 - 2016-11-05 00:46 - 00503352 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2016-11-05 00:15 - 2016-11-05 01:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-05 00:15 - 2016-11-05 01:22 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-11-05 00:15 - 2016-11-05 00:15 - 00000000 ____D C:\ProgramData\Sun
2016-11-05 00:14 - 2016-11-05 00:14 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2016-11-05 00:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-11-05 00:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-11-05 00:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-11-05 00:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-11-05 00:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-11-05 00:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-11-05 00:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-11-05 00:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-11-05 00:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-11-05 00:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-11-05 00:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-11-05 00:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-11-05 00:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-11-05 00:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-11-05 00:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-11-05 00:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-11-05 00:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-11-05 00:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-11-05 00:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-11-05 00:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-11-05 00:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-11-05 00:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-11-05 00:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-11-05 00:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-11-05 00:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-11-05 00:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-11-05 00:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-11-05 00:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-11-05 00:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-11-05 00:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-11-05 00:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-11-05 00:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-11-05 00:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-11-05 00:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-11-05 00:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-11-05 00:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-11-05 00:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-11-05 00:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-11-05 00:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-11-05 00:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-11-05 00:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-11-05 00:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-11-05 00:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-11-05 00:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-11-05 00:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-11-05 00:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-11-05 00:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-11-05 00:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-11-05 00:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-11-05 00:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-11-05 00:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-11-05 00:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-11-05 00:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-11-05 00:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-11-05 00:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-11-05 00:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-11-05 00:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-11-05 00:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-11-05 00:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-11-05 00:08 - 2016-11-05 00:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-11-05 00:05 - 2016-11-05 00:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2016-11-05 00:04 - 2016-11-05 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-11-05 00:03 - 2016-11-05 00:03 - 00001046 _____ C:\Users\Administrator\Desktop\Palemoon-Portable - Shortcut.lnk
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Steam
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\FluxSoftware
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-11-04 23:59 - 2016-11-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-11-04 23:58 - 2016-11-05 21:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2016-11-04 23:58 - 2016-11-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-11-04 23:58 - 2016-11-04 23:58 - 00108840 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-04 23:58 - 2016-11-04 23:58 - 00001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-04 23:58 - 2016-11-04 23:58 - 00001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-11-04 23:57 - 2016-11-06 16:45 - 00000000 ____D C:\Users\Administrator
2016-11-04 23:57 - 2016-11-04 23:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-11-04 23:57 - 2010-11-21 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-11-04 23:43 - 2016-11-04 23:43 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Avira
2016-11-04 23:26 - 2016-11-04 23:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-04 23:26 - 2016-11-04 23:26 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Mozilla
2016-11-04 23:26 - 2016-10-17 12:18 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-11-04 22:25 - 2016-11-04 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-04 22:25 - 2016-11-04 22:25 - 00000000 ____D C:\Program Files\7-Zip
2016-11-04 22:22 - 2016-11-04 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-04 22:22 - 2016-11-04 23:25 - 00000000 ____D C:\ProgramData\Avira
2016-11-04 22:22 - 2016-11-04 23:25 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-04 22:22 - 2016-11-04 22:22 - 00001208 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-04 22:21 - 2016-11-04 22:21 - 00000137 _____ C:\Users\Parag\Desktop\Tales of Maj'Eyal.url
2016-11-04 22:17 - 2016-11-04 22:17 - 00000000 ____D C:\Users\Parag\T-Engine
2016-11-04 22:14 - 2016-11-04 22:20 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Parag\Downloads\avira_en_av_581cbad1aea58__ws.exe
2016-11-04 22:12 - 2016-11-04 22:12 - 00000000 ____D C:\Users\Parag\AppData\Roaming\WinRAR
2016-11-04 21:41 - 2016-11-04 21:41 - 00000000 ____D C:\Users\Parag\AppData\Local\Steam
2016-11-04 21:41 - 2016-11-04 21:41 - 00000000 ____D C:\Users\Parag\AppData\Local\CEF
2016-11-04 21:35 - 2016-11-05 00:04 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-04 21:35 - 2016-11-04 21:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-04 21:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-04 21:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-04 21:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-04 21:24 - 2016-11-06 16:06 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-04 21:24 - 2016-11-04 21:24 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-11-04 21:24 - 2016-11-04 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-04 21:23 - 2016-11-04 21:23 - 01446792 _____ C:\Users\Parag\Downloads\SteamSetup.exe
2016-11-04 21:23 - 2016-11-04 21:23 - 00001046 _____ C:\Users\Parag\Desktop\Palemoon-Portable - Shortcut.lnk
2016-11-04 21:22 - 2016-11-05 00:03 - 00000000 ____D C:\Palemoon_x86
2016-11-04 21:12 - 2016-11-04 21:31 - 22851472 _____ (Malwarebytes ) C:\Users\Parag\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-04 20:56 - 2016-11-04 21:21 - 21788504 _____ (Igor Pavlov) C:\Users\Parag\Downloads\Palemoon-Portable-26.5.0.win32.exe
2016-11-04 20:52 - 2016-11-04 20:52 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-04 20:52 - 2016-11-04 20:52 - 00000000 ____D C:\Users\Parag\AppData\Local\FluxSoftware
2016-11-04 20:51 - 2016-11-04 20:52 - 00597304 _____ C:\Users\Parag\Downloads\flux-setup.exe
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Parag\AppData\Roaming\ATI
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Parag\AppData\Local\ATI
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\ProgramData\ATI
2016-11-04 18:53 - 2016-11-04 18:53 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-11-04 18:53 - 2016-11-04 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-04 18:53 - 2016-11-04 18:53 - 00000000 ____D C:\Program Files\CPUID
2016-11-04 18:52 - 2016-10-28 03:48 - 01718016 ____N ( ) C:\Users\Parag\Desktop\cpu-z_1.77-en.exe
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-11-04 18:48 - 2016-11-06 18:17 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-11-04 18:46 - 2016-11-04 18:46 - 00003064 _____ C:\Windows\System32\Tasks\AURA
2016-11-04 18:46 - 2016-11-04 18:46 - 00000922 _____ C:\Users\Public\Desktop\AURA(GRAPHICS CARD).lnk
2016-11-04 18:45 - 2016-11-04 20:50 - 00003142 _____ C:\Windows\System32\Tasks\GPU Tweak II
2016-11-04 18:45 - 2016-11-04 18:46 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00001218 _____ C:\Users\Public\Desktop\XSplit Gamecaster.lnk
2016-11-04 18:45 - 2016-11-04 18:45 - 00001067 _____ C:\Users\Public\Desktop\ASUS GPU TweakII.lnk
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Windows\Downloaded Installations
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Users\Parag\AppData\Roaming\SplitmediaLabs
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Program Files (x86)\SplitmediaLabs
2016-11-04 18:44 - 2016-11-04 22:17 - 00000000 ____D C:\Users\Parag\AppData\Local\AMD
2016-11-04 18:44 - 2016-11-04 18:44 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-04 18:44 - 2016-06-23 23:52 - 00264992 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-11-04 18:44 - 2016-06-23 23:51 - 00257824 _____ C:\Windows\system32\vulkan-1.dll
2016-11-04 18:44 - 2016-06-23 23:51 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-11-04 18:44 - 2016-06-23 23:50 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-11-04 18:43 - 2016-11-04 18:43 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-11-04 18:42 - 2016-06-29 07:20 - 02129920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-11-04 18:42 - 2016-06-29 07:20 - 01820160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-11-04 18:42 - 2016-06-29 07:19 - 48797696 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-11-04 18:42 - 2016-06-29 07:19 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-11-04 18:42 - 2016-06-29 07:18 - 38248960 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-11-04 18:42 - 2016-06-29 07:17 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-04 18:42 - 2016-06-29 07:17 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-04 18:42 - 2016-06-29 07:16 - 27471872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-11-04 18:42 - 2016-06-29 07:16 - 21623808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-11-04 18:42 - 2016-06-29 06:56 - 00865792 _____ (AMD) C:\Windows\system32\coinst_16.30.dll
2016-11-04 18:42 - 2016-06-29 06:56 - 00728832 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-11-04 18:42 - 2016-06-29 06:56 - 00728832 _____ C:\Windows\system32\atiapfxx.blb
2016-11-04 18:42 - 2016-06-29 06:51 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2016-11-04 18:42 - 2016-06-23 03:16 - 00117296 _____ C:\Windows\system32\kapp_ci.sbin
2016-11-04 18:42 - 2016-06-20 00:28 - 00112336 _____ C:\Windows\system32\kapp_si.sbin
2016-11-04 18:42 - 2016-06-18 00:20 - 00270912 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2016-11-04 18:42 - 2016-06-18 00:15 - 00368672 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2016-11-04 18:42 - 2016-06-16 23:39 - 00260720 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-11-04 18:42 - 2016-06-07 02:21 - 00260980 _____ C:\Windows\system32\ativvaxy_FJ.dat
2016-11-04 18:42 - 2016-06-07 02:17 - 00266816 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2016-11-04 18:42 - 2016-05-24 08:59 - 00016827 _____ C:\Windows\system32\AMDKernelEvents.man
2016-11-04 18:42 - 2016-05-18 02:35 - 00322736 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2016-11-04 18:42 - 2016-05-18 01:55 - 00234032 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2016-11-04 18:42 - 2016-04-21 20:15 - 00166624 _____ C:\Windows\system32\amde34b.dat
2016-11-04 18:42 - 2016-04-21 20:15 - 00166624 _____ C:\Windows\system32\amde34a.dat
2016-11-04 18:42 - 2016-04-21 20:14 - 00177280 _____ C:\Windows\system32\ativce03.dat
2016-11-04 18:42 - 2016-04-21 20:14 - 00175584 _____ C:\Windows\system32\amde31a.dat
2016-11-04 18:42 - 2016-04-21 20:11 - 00100816 _____ C:\Windows\system32\ativce02.dat
2016-11-04 18:42 - 2016-04-14 01:28 - 00234292 _____ C:\Windows\system32\ativvaxy_cik.dat
2016-11-04 18:42 - 2016-03-30 03:39 - 00322996 _____ C:\Windows\system32\ativvaxy_vi.dat
2016-11-04 18:42 - 2016-02-11 23:41 - 00149008 _____ C:\Windows\system32\samu_krnl_ci.sbin
2016-11-04 18:42 - 2015-12-17 02:36 - 00000144 _____ C:\Windows\system32\amd-vulkan64.json
2016-11-04 18:42 - 2015-12-15 23:24 - 00000144 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2016-11-04 18:42 - 2015-11-30 20:24 - 00066560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2016-11-04 18:42 - 2015-11-30 20:24 - 00050176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2016-11-04 18:42 - 2013-12-12 19:23 - 00138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2016-11-04 18:41 - 2016-11-04 18:43 - 00000000 ____D C:\Program Files\AMD
2016-11-04 18:38 - 2015-02-03 09:04 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-04 18:38 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-04 18:38 - 2015-02-03 09:04 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-04 18:38 - 2015-02-03 09:04 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-04 18:38 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-04 18:38 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-04 18:38 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-04 18:38 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-04 18:38 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-04 18:38 - 2015-02-03 08:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-04 18:38 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-04 18:38 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-04 18:38 - 2015-02-03 08:46 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-04 18:38 - 2015-02-03 08:46 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-04 18:38 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-04 18:38 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-04 18:38 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-04 18:38 - 2015-02-03 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-04 18:38 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-04 18:38 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-04 18:38 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-04 18:38 - 2015-02-03 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-04 18:38 - 2015-02-03 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-04 18:38 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-04 18:38 - 2015-02-03 08:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-04 18:38 - 2015-02-03 08:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-04 18:38 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-04 18:38 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-11-04 18:38 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-04 18:38 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-11-04 18:38 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Adobe
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\LocalLow\Adobe
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\Local\Adobe
2016-11-01 10:33 - 2016-10-31 21:11 - 00000000 ____D C:\Windows\Panther
2016-11-01 10:07 - 2016-11-01 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-01 10:07 - 2016-11-01 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-01 10:07 - 2016-11-01 10:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-01 10:07 - 2016-11-01 10:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-01 10:06 - 2016-11-05 00:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-11-01 10:06 - 2016-11-04 23:58 - 00000000 ____D C:\ProgramData\Adobe
2016-11-01 10:06 - 2016-11-01 10:06 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-11-01 10:06 - 2016-11-01 10:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-01 10:05 - 2016-11-05 14:11 - 00000000 ____D C:\Windows\AutoKMS
2016-11-01 10:04 - 2016-11-01 10:04 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-11-01 10:03 - 2016-11-01 10:03 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-01 10:03 - 2016-11-01 10:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-01 10:03 - 2016-11-01 10:03 - 00000000 ____D C:\Program Files\WinRAR
2016-11-01 10:02 - 2016-11-01 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-11-01 10:02 - 2016-11-01 10:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Windows\PCHEALTH
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Synchronization Services
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Sync Framework
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-11-01 10:00 - 2016-11-01 10:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 __RHD C:\MSOCache
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 ____D C:\Users\Parag\AppData\Local\Microsoft Help
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 ____D C:\Program Files\Microsoft Office
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-11-01 09:35 - 2016-11-01 09:35 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-01 09:35 - 2016-11-01 09:35 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-10-31 21:44 - 2016-11-01 10:04 - 00108840 _____ C:\Users\Parag\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-31 21:44 - 2016-10-31 21:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-10-31 21:44 - 2016-10-31 21:44 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Intel Corporation
2016-10-31 21:44 - 2015-09-04 20:25 - 00805616 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-10-31 21:44 - 2015-09-04 20:25 - 00394992 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-10-31 21:43 - 2016-10-31 21:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-10-31 21:42 - 2015-10-15 17:50 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-10-31 21:42 - 2015-10-15 17:50 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-10-31 21:42 - 2015-10-15 17:50 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-10-31 21:41 - 2016-11-04 18:27 - 00000000 __SHD C:\Users\Parag\IntelGraphicsProfiles
2016-10-31 21:41 - 2016-10-31 21:41 - 00018392 _____ C:\Windows\system32\results.xml
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____D C:\Program Files\Realtek
2016-10-31 21:40 - 2015-07-07 16:43 - 04514008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-10-31 21:40 - 2015-07-07 13:24 - 35222128 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-10-31 21:40 - 2015-07-06 13:35 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-10-31 21:40 - 2015-07-01 15:48 - 01749208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-10-31 21:40 - 2015-06-30 13:34 - 00184688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-10-31 21:40 - 2015-06-26 17:40 - 01310936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-10-31 21:40 - 2015-06-22 12:13 - 02702552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-10-31 21:40 - 2015-06-17 12:15 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-10-31 21:40 - 2015-05-15 16:57 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-10-31 21:40 - 2015-01-19 15:40 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-10-31 21:40 - 2014-11-11 11:14 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-10-31 21:40 - 2014-05-22 13:54 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2016-10-31 21:40 - 2012-08-31 16:48 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-10-31 21:40 - 2011-12-20 13:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-10-31 21:40 - 2011-11-22 13:58 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-10-31 21:39 - 2016-11-04 18:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-31 21:39 - 2016-10-31 21:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-10-31 21:39 - 2016-10-31 21:40 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-10-31 21:39 - 2016-10-31 21:39 - 00000704 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-10-31 21:39 - 2016-10-31 21:39 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-10-31 21:39 - 2015-06-08 13:43 - 02825944 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-10-31 21:39 - 2013-06-21 08:31 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 35987168 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 35068920 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 31013304 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 29706216 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 29084160 _____ (Intel Corporation) C:\Windows\system32\common_clang64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 19844096 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 15167808 _____ (Intel Corporation) C:\Windows\system32\igc64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13640288 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13349888 _____ (Intel Corporation) C:\Windows\system32\ig9icd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13176312 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 11188872 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 10114560 _____ (Intel Corporation) C:\Windows\SysWOW64\ig9icd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 06437776 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-10-31 21:38 - 2015-11-02 12:18 - 06415888 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 05797102 _____ C:\Windows\system32\igdclbif.bin
2016-10-31 21:38 - 2015-11-02 12:18 - 05666816 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 05245440 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04918792 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04528640 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04326512 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04174584 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 03992576 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 03952128 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2016-10-31 21:38 - 2015-11-02 12:18 - 02034688 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01848832 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01767992 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01765408 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01565696 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01473912 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01156608 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01008744 _____ C:\Windows\system32\igfxSDK.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00943208 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00939624 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00819042 _____ C:\Windows\system32\DisplayAudiox64.cab
2016-10-31 21:38 - 2015-11-02 12:18 - 00729088 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00609280 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00596072 _____ (Intel Corporation) C:\Windows\system32\IntelCpHDCPSvc.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00511260 _____ C:\Windows\system32\cp_resources.bin
2016-10-31 21:38 - 2015-11-02 12:18 - 00448104 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00421376 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00403671 _____ C:\Windows\system32\ImageStabilization.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00398336 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00384104 _____ C:\Windows\system32\igfxTray.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00371200 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00366080 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00353384 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00332904 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00301056 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00285304 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00282728 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00270896 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00256000 _____ C:\Windows\system32\igfxCPL.cpl
2016-10-31 21:38 - 2015-11-02 12:18 - 00248832 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00248424 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00231936 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00218216 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00213608 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00213096 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00207872 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00201368 _____ (Intel Corporation) C:\Windows\system32\igdde64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00188928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4312.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00176128 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00163264 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00162240 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00160680 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00156672 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00156264 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00140056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00140056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00094208 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00086016 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00083456 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00077824 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00066048 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00011776 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00011776 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00004686 _____ C:\Windows\system32\iglhxs64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000935 _____ C:\Windows\system32\DPTopologyApp.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-10-31 21:37 - 2016-10-31 21:44 - 00000000 ____D C:\Program Files (x86)\Intel
2016-10-31 21:37 - 2016-10-31 21:41 - 00000000 ____D C:\Intel
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____D C:\Users\Parag\Intel
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____D C:\ProgramData\Intel
2016-10-31 21:37 - 2015-11-02 12:18 - 00473864 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-10-31 21:37 - 2012-07-26 10:25 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-10-31 21:37 - 2012-07-26 10:25 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-10-31 21:37 - 2012-07-26 08:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-10-31 21:37 - 2012-06-02 20:05 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-10-31 21:36 - 2016-11-05 13:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-31 21:36 - 2016-10-31 21:43 - 00000000 ____D C:\Program Files\Intel
2016-10-31 21:35 - 2016-11-05 13:27 - 00775352 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-31 21:34 - 2016-11-06 18:18 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 21:34 - 2016-11-06 17:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 21:34 - 2016-11-04 22:12 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-31 21:34 - 2016-11-04 22:12 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-31 21:34 - 2016-11-04 21:52 - 00000000 ____D C:\Users\Parag\AppData\Local\Google
2016-10-31 21:34 - 2016-11-04 21:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-31 21:34 - 2016-11-04 21:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-31 21:34 - 2016-10-31 21:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-31 21:33 - 2016-10-31 21:42 - 00000010 _____ C:\Windows\GSetup.ini
2016-10-31 21:12 - 2016-10-31 21:12 - 00001447 _____ C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-31 21:12 - 2016-10-31 21:12 - 00001413 _____ C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-10-31 21:12 - 2016-10-31 21:12 - 00000000 ____D C:\Users\Parag\AppData\Local\VirtualStore
2016-10-31 21:11 - 2016-11-05 14:11 - 00000000 ____D C:\Users\Parag
2016-10-31 21:11 - 2016-10-31 21:11 - 00000020 ___SH C:\Users\Parag\ntuser.ini
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\My Documents
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Videos
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Pictures
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Music
2016-10-31 21:11 - 2010-11-21 12:46 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Media Center Programs
2016-10-11 20:00 - 2016-10-11 20:00 - 00462272 _____ (Check Point Software Technologies Ltd.) C:\Windows\system32\Drivers\vsdatant.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-06 18:19 - 2009-07-14 10:15 - 00027120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-06 18:19 - 2009-07-14 10:15 - 00027120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-06 18:18 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-06 17:11 - 2009-07-14 10:43 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-06 17:11 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-11-05 14:11 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2016-11-05 03:19 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2016-11-05 00:12 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-04 23:58 - 2009-07-14 10:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-04 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-04 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2016-11-04 17:19 - 2009-07-14 10:15 - 00414656 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-01 10:33 - 2009-07-14 11:02 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-11-01 10:33 - 2009-07-14 10:15 - 00000000 ____D C:\Windows\Setup
2016-11-01 10:01 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\ShellNew
2016-11-01 10:01 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-01 10:00 - 2009-07-14 08:04 - 00000478 _____ C:\Windows\win.ini
2016-11-01 09:36 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\oobe
2016-11-01 09:35 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\sysprep
2016-11-01 09:34 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2016-10-31 21:11 - 2010-11-21 08:54 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2016-10-31 21:11 - 2010-11-21 08:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll

==================== Files in the root of some directories =======

2016-10-31 21:40 - 2016-10-31 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 08:54] - [2016-10-31 21:11] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 08:54] - [2016-10-31 21:11] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 18:08

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Administrator (06-11-2016 18:20:57)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-10-31 15:41:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2855634118-3034471008-3255769274-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2855634118-3034471008-3255769274-501 - Limited - Disabled)
Parag (S-1-5-21-2855634118-3034471008-3255769274-1000 - Administrator - Enabled) => C:\Users\Parag

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.3.3.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{509505B2-C4C8-4FF6-912D-BC01097F97F5}) (Version: 0.0.4.1 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{772ed258-65d1-4d57-ac70-7087049d1576}) (Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG) Hidden
calibre (HKLM-x32\...\{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}) (Version: 0.9.9 - Kovid Goyal)
Catalyst Control Center Next Localization BR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
Divinity: Original Sin 2 (HKLM\...\Steam App 435150) (Version: - Larian Studios)
f.lux (HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Flux) (Version: - )
GD Defiler (HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\eb52a1e1a73b9708) (Version: 0.1.1.1 - Soul's Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
MPlayer for Windows (Full Package) (HKLM-x32\...\{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}) (Version: - LoRd MuldeR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tixati (HKLM-x32\...\tixati) (Version: - )
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
WinRAR 4.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
XSplit Gamecaster (HKLM-x32\...\{8915913F-E4AF-46C5-B4EF-3535D83BFFDE}) (Version: 2.5.1507.3018 - SplitmediaLabs)
ZoneAlarm Firewall (x32 Version: 15.0.139.17085 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.139.17085 - Check Point)
ZoneAlarm Security (x32 Version: 15.0.139.17085 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {113ED480-4212-40F9-8683-9025AF227D49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {1E9FEDF2-5A6E-46AB-9A82-8871C07260A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {3796CC18-3EFE-44C7-A01A-13156A0C01F0} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-07-22] (TODO: <Company name>)
Task: {5401136C-8D45-445B-A272-EE75EA775AA0} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2016-07-12] (TODO: <Company name>)
Task: {A732938B-3CA1-4D48-BEBC-B3676C38D2DC} - System32\Tasks\HardDiskSentinel\Hard Disk Sentinel_Administrator => C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe [2012-02-01] (H.D.S. Hungary)
Task: {AE79DE79-B689-4206-AC22-7BA4598A6D5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-11-01] ()
Task: {B8E18C8C-FE32-43A7-950E-A9CD5F1778A4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-28] (Advanced Micro Devices, Inc.)
Task: {E21C770F-EAA7-49E9-8288-67F7763230EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {F39B7F50-99F1-4FAD-A034-DF2142E9D9C9} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2010-01-30 02:40 - 2010-01-30 02:40 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:38 - 2010-03-24 21:38 - 08794976 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2015-05-18 10:45 - 2015-05-18 10:45 - 01552544 _____ () C:\Program Files (x86)\ASUS\APRP\aprp.exe
2016-11-04 21:23 - 2016-02-02 05:44 - 00439912 _____ () C:\Palemoon_x86\Palemoon-Portable.exe
2016-11-04 18:46 - 2016-07-05 21:18 - 01744384 _____ () C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
2010-01-30 02:41 - 2010-01-30 02:41 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-03-24 21:17 - 2010-03-24 21:17 - 08794464 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-11-04 21:23 - 2016-09-24 00:40 - 03060736 _____ () C:\Palemoon_x86\Bin\Palemoon\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2016-11-05 00:17 - 00001226 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 *.alcohol-soft.com
127.0.0.1 *.alcohol-soft.*

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2855634118-3034471008-3255769274-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6C42116C-7DB3-43E3-A0CF-3A6537FA99DA}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [UDP Query User{7154CF0E-DCB0-4235-9983-FDEF3599DF88}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [{A48ED20D-ED9F-4362-B72F-01AEB6436331}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98504E0D-2711-450A-A478-4E9E981886DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{048AD707-0CBB-4B1F-810A-C1BEADC7065C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{789AB1F2-836F-4E7D-BA52-65326BC3C991}] => (Allow) G:\Games (installed)\Steam\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{546AA53B-6B98-4716-905F-6E4A75026C2D}] => (Allow) G:\Games (installed)\Steam\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{11A2B990-CBBF-440C-BB35-C643AA7EA5A4}] => (Allow) F:\Games\Steam\SteamApps\common\Stoneworks_Games\BloodofMagic.exe
FirewallRules: [{98D40B67-3E26-4E0D-B17A-14B65D3D1CCD}] => (Allow) F:\Games\Steam\SteamApps\common\Stoneworks_Games\BloodofMagic.exe
FirewallRules: [{AECD8B6F-95B9-47D1-9F78-475A1E33F116}] => (Allow) D:\Games_ins\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{F8CDF89D-592B-4FA5-9A0D-2D60E0830912}] => (Allow) D:\Games_ins\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [TCP Query User{8E6D0066-FC67-46D4-9DDB-D8A8A15DF425}D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{3465F4C3-725F-46D8-9937-8D6165A018E6}D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{C1CD0281-830F-4F43-B1BC-D5EB7ACF6A8B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CD1310A0-45A9-4118-8A94-B844453DA287}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{945ABAC6-7787-4F2F-8996-B45D961E35D9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9D94FA7C-C220-47BF-B6F0-8C9F1E5049B3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/06/2016 06:18:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/06/2016 05:00:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/06/2016 04:58:50 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error

Error: (11/06/2016 04:47:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/06/2016 03:59:54 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "d:\games_ins\grim dawn crucible\crashreporter.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/05/2016 06:09:15 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Grim Dawn\CrashReporter.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/05/2016 01:47:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2016 01:34:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Games_ins\Grim Dawn Crucible\crashreporter.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/05/2016 12:58:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/05/2016 01:05:34 AM) (Source: MsiInstaller) (EventID: 11704) (User: Parag-PC)
Description: Product: calibre -- Error 1704. An installation for Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?


System errors:
=============
Error: (11/06/2016 04:45:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 04:45:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (11/06/2016 04:44:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 04:27:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (11/06/2016 04:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 03:49:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (11/05/2016 01:48:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/05/2016 01:02:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/05/2016 01:02:16 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/05/2016 01:01:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 14%
Total physical RAM: 16336.18 MB
Available physical RAM: 13993.57 MB
Total Virtual: 32670.55 MB
Available Virtual: 30057.45 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:440.93 GB) NTFS
Drive d: () (Fixed) (Total:1374.73 GB) (Free:1334.8 GB) NTFS
Drive f: (WDint2 p1) (Fixed) (Total:327.01 GB) (Free:55.28 GB) NTFS
Drive g: (WDint2 p2) (Fixed) (Total:1536 GB) (Free:137.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 19C2B0A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1374.7 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: AF1BEABA)
Partition 1: (Not Active) - (Size=327 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1536 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Edited by Oh My!, 10 November 2016 - 10:15 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 10 November 2016 - 10:16 PM

Greetings Pap001 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted. While I am doing that please run this.

===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • System Summary report

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 10 November 2016 - 10:32 PM

Greetings.

Unfortunately there is evidence of illegal software on your computer. I am going to request you completely uninstall Microsoft Office Professional Plus 2010 and Alcohol Soft and any other products for which you do not have a valid Product Key, including all "cracked" software. If you are willing to do that please rerun a FRST scan and copy/paste both reports in your reply. If you prefer to leave the program(s) on your computer let me know that and I will be closing the Topic.

If you decide to remove the program(s) please run this after removal.

===================================================

CKScanner

--------------------
  • Download CKScanner and save it to your Desktop
  • Double click CKScanner
  • Select Search For Files
  • Once completed select Save List to File
  • A ckfiles.txt document will be placed on your Desktop
  • Copy and paste the results of that report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • CKScanner report
  • FRST report
  • Addition report

Edited by Oh My!, 10 November 2016 - 10:35 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#4 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 11 November 2016 - 03:18 AM

As instructed...here you go:

 

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program files\free download manager\windivert.dll
c:\program files\free download manager\windivert32.sys
c:\program files\free download manager\windivert64.sys
c:\windows\autokms\autokms.exe
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
scanner sequence 3.BD.11.JLAAW0
 ----- EOF -----
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 04-11-2016
Ran by Administrator (administrator) on PARAG-PC (11-11-2016 13:42:24)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Parag & Administrator)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(FreeDownloadManager.org) C:\Program Files\Free Download Manager\winwfpmonitor.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Flux Software LLC) C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Check Point Software Technologies Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(TODO: <Company name>) C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
() C:\Palemoon_x86\Palemoon-Portable.exe
(Moonchild Productions) C:\Palemoon_x86\Bin\Palemoon\palemoon.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8497368 2015-07-07] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [322472 2015-07-27] (Intel Corporation)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [6613896 2016-06-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [296216 2015-09-04] (Intel Corporation)
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-10-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [916072 2016-10-17] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [MPlayerForWindows_UpdateReminder] => C:\Program Files (x86)\MPlayer for Windows\AutoUpdate.exe [235004 2011-04-14] ()
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [144184 2016-10-11] (Check Point Software Technologies Ltd.)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [f.lux] => C:\Users\Administrator\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-24] (Flux Software LLC)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [HEXelon MAX] => C:\Program Files (x86)\HEXelon MAX 6\hexelon.exe [2816512 2007-06-28] (Jerzy Znamirowski)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [Chromium] => c:\users\administrator\appdata\local\chromium\application\chrome.exe [1068544 2016-03-18] (The Chromium Authors)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Run: [Free Download Manager] => C:\Program Files\Free Download Manager\fdm.exe [10005704 2016-10-21] (FreeDownloadManager.org)
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\MountPoints2: {4694c34e-9f85-11e6-a60e-806e6f6e6963} - E:\setup.exe
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{BBBB7CC5-C269-487F-82FC-EB2E8F9832AB}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2855634118-3034471008-3255769274-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_111\bin\ssv.dll [2016-11-05] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-05] (Oracle Corporation)
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-11-05] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-11-05] (Oracle Corporation)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-05] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-11-05] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-11-04] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default [2016-11-11]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-11-05]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-11-05]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-11-05]
CHR Extension: (Avira Browser Safety) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-11-05]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-11-05]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-11-05]
CHR Extension: (Chrome Media Router) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [1089088 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [475232 2016-10-17] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1488240 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [337664 2016-10-25] (Avira Operations GmbH & Co. KG)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [18856 2015-07-27] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [353384 2015-11-02] (Intel Corporation)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [4087568 2016-10-11] (Check Point Software Technologies Ltd.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
S3 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe [114936 2016-10-06] (Check Point Software Technologies, Ltd.)
R2 ZoneAlarm ICM Service; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ICM-Service.exe [796472 2016-10-11] (Check Point Software Technologies Ltd.)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [177432 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [145536 2016-10-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2016-10-17] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [79696 2016-10-17] (Avira Operations GmbH & Co. KG)
R0 avusbflt; C:\Windows\System32\Drivers\avusbflt.sys [31720 2016-10-17] (Avira Operations GmbH & Co. KG)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-11] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [31144 2015-07-29] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [178976 2015-07-28] (Intel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [503352 2016-11-05] (Duplex Secure Ltd.)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [462272 2016-10-11] (Check Point Software Technologies Ltd.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 iswSvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:42 - 2016-11-11 13:42 - 00013707 _____ C:\Users\Administrator\Desktop\FRST.txt
2016-11-11 13:37 - 2016-11-11 13:42 - 00000407 _____ C:\Users\Administrator\Desktop\ckfiles.txt
2016-11-11 13:35 - 2016-11-11 13:35 - 01264284 _____ C:\Users\Administrator\Desktop\Summary.nfo
2016-11-11 13:35 - 2016-11-11 13:35 - 00060020 _____ C:\Users\Administrator\Desktop\Summary.zip
2016-11-11 13:30 - 2016-11-11 13:30 - 00468480 _____ () C:\Users\Administrator\Desktop\CKScanner.exe
2016-11-11 13:25 - 2016-11-11 13:25 - 00000020 _____ C:\Users\Administrator\defogger_reenable
2016-11-11 13:23 - 2016-11-11 13:23 - 00000000 ____D C:\Windows\system32\appmgmt
2016-11-11 13:23 - 2016-11-11 13:23 - 00000000 ____D C:\ProgramData\SplitMediaLabs
2016-11-11 13:09 - 2016-11-11 13:09 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2016-11-11 01:56 - 2016-11-11 01:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\TeraCopy
2016-11-11 01:55 - 2016-11-11 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeraCopy
2016-11-11 01:55 - 2016-11-11 01:55 - 00000000 ____D C:\Program Files\TeraCopy
2016-11-11 01:53 - 2016-11-11 01:54 - 01194696 _____ C:\Users\Administrator\Downloads\shadowcopysetup.exe
2016-11-11 01:48 - 2016-11-11 13:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Free Download Manager
2016-11-11 01:48 - 2016-11-11 13:33 - 00000000 ____D C:\Program Files\Free Download Manager
2016-11-11 01:48 - 2016-11-11 01:48 - 00002698 _____ C:\Windows\System32\Tasks\FreeDownloadManagerNetworkMonitor
2016-11-11 01:48 - 2016-11-11 01:48 - 00000872 _____ C:\Users\Public\Desktop\Free Download Manager 5.lnk
2016-11-11 01:48 - 2016-11-11 01:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
2016-11-09 04:04 - 2016-11-09 07:37 - 00000000 ____D C:\Users\Administrator\AppData\Local\chromium
2016-11-09 01:23 - 2016-11-09 01:23 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-11-09 01:18 - 2016-11-09 01:18 - 00001085 _____ C:\Users\Administrator\Desktop\Cheat Engine.lnk
2016-11-09 01:18 - 2016-11-09 01:18 - 00000000 ____D C:\Users\Administrator\Documents\My Cheat Tables
2016-11-09 01:18 - 2016-11-09 01:18 - 00000000 ____D C:\Program Files (x86)\Cheat Engine 6.6
2016-11-09 00:22 - 2016-11-09 00:22 - 00000000 ____D C:\ProgramData\Steam
2016-11-09 00:03 - 2016-11-09 00:03 - 00466456 _____ (Creative Labs) C:\Windows\system32\wrap_oal.dll
2016-11-09 00:03 - 2016-11-09 00:03 - 00444952 _____ (Creative Labs) C:\Windows\SysWOW64\wrap_oal.dll
2016-11-09 00:03 - 2016-11-09 00:03 - 00122904 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2016-11-09 00:03 - 2016-11-09 00:03 - 00109080 _____ (Portions © Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2016-11-09 00:03 - 2016-11-09 00:03 - 00000000 ____D C:\Program Files (x86)\OpenAL
2016-11-08 21:59 - 2016-11-08 21:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\SmartSteamEmu
2016-11-08 21:59 - 2016-11-08 21:59 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Spellbind Studios
2016-11-06 20:22 - 2016-11-06 20:22 - 00000000 ____D C:\Users\Administrator\Documents\FLiNGTrainer
2016-11-06 20:05 - 2016-11-11 13:19 - 00000000 ____D C:\Program Files (x86)\Avernum 2
2016-11-06 18:41 - 2016-11-06 18:41 - 00000000 ____D C:\Users\Administrator\Desktop\user2
2016-11-06 18:37 - 2016-11-06 18:37 - 00001107 _____ C:\Users\Public\Desktop\DriveImage XML.lnk
2016-11-06 18:37 - 2016-11-06 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Runtime Software
2016-11-06 18:37 - 2016-11-06 18:37 - 00000000 ____D C:\Program Files (x86)\Runtime Software
2016-11-06 18:24 - 2016-11-06 18:25 - 00106362 _____ C:\Users\Parag\Desktop\FRST.txt
2016-11-06 18:24 - 2016-11-06 18:24 - 00027607 _____ C:\Users\Parag\Desktop\Addition.txt
2016-11-06 18:23 - 2016-11-06 18:15 - 02410496 _____ (Farbar) C:\Users\Parag\Desktop\FRST64.exe
2016-11-06 18:12 - 2016-11-06 18:15 - 02410496 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2016-11-06 18:02 - 2016-11-06 18:02 - 00005220 _____ C:\Users\Administrator\Desktop\Rkill.txt
2016-11-06 17:53 - 2016-11-06 17:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2016-11-06 17:53 - 2016-11-06 17:53 - 00000000 ____D C:\Program Files (x86)\Cobian Backup 11
2016-11-06 17:10 - 2016-11-07 17:39 - 00001908 _____ C:\Windows\diagwrn.xml
2016-11-06 17:10 - 2016-11-07 17:39 - 00001908 _____ C:\Windows\diagerr.xml
2016-11-06 17:04 - 2016-11-06 15:52 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\rkill.exe
2016-11-06 16:47 - 2016-11-06 16:47 - 00000000 _____ C:\Windows\system32\Drivers\etc\lmhosts
2016-11-06 16:44 - 2016-11-06 16:44 - 00050477 _____ C:\Users\Administrator\Desktop\Defogger.exe
2016-11-06 16:39 - 2016-11-06 16:39 - 00439594 _____ C:\Windows\system32\Drivers\vsconfig.xml
2016-11-06 16:39 - 2016-11-06 16:39 - 00000762 _____ C:\Users\Public\Desktop\ZoneAlarm Security.lnk
2016-11-06 16:39 - 2016-11-06 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
2016-11-06 16:27 - 2016-11-06 16:38 - 00000000 ____D C:\Program Files (x86)\CheckPoint
2016-11-06 16:26 - 2016-11-06 16:26 - 00000000 ____D C:\ProgramData\CheckPoint
2016-11-06 16:15 - 2016-11-11 13:42 - 00000000 ____D C:\FRST
2016-11-06 00:58 - 2016-11-06 00:58 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\HEXelon
2016-11-05 23:53 - 2016-11-11 02:20 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\tixati
2016-11-05 23:53 - 2016-11-05 23:53 - 00000979 _____ C:\Users\Administrator\Desktop\Tixati.lnk
2016-11-05 23:53 - 2016-11-05 23:53 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tixati
2016-11-05 23:53 - 2016-11-05 23:53 - 00000000 ____D C:\Program Files (x86)\tixati
2016-11-05 23:25 - 2016-11-06 17:01 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\uTorrent
2016-11-05 21:04 - 2016-11-05 21:12 - 00000000 ____D C:\Users\Administrator\T-Engine
2016-11-05 20:56 - 2016-11-05 20:56 - 00000000 ____D C:\Users\Administrator\Documents\Larian Studios
2016-11-05 18:15 - 2016-11-05 18:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Steam
2016-11-05 17:40 - 2016-11-05 17:55 - 00000000 ____D C:\Users\Administrator\GDStash
2016-11-05 13:49 - 2016-11-05 13:49 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Soul's Software
2016-11-05 13:47 - 2016-11-05 17:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Deployment
2016-11-05 13:47 - 2016-11-05 13:47 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apps\2.0
2016-11-05 13:40 - 2016-11-09 00:22 - 00000000 ____D C:\Users\Administrator\Documents\My Games
2016-11-05 13:39 - 2015-07-18 18:38 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2016-11-05 13:39 - 2015-07-18 18:38 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2016-11-05 01:47 - 2016-11-05 01:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tale of Wuxia
2016-11-05 01:38 - 2016-11-05 01:38 - 00000222 _____ C:\Users\Administrator\Desktop\Divinity Original Sin 2.url
2016-11-05 01:38 - 2016-11-05 01:38 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Notepad++
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Moonchild Productions
2016-11-05 01:31 - 2016-11-05 01:31 - 00000000 ____D C:\Users\Administrator\AppData\Local\Moonchild Productions
2016-11-05 01:25 - 2016-11-05 01:25 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-11-05 01:25 - 2016-11-05 01:25 - 00000000 ____D C:\Program Files\Java
2016-11-05 01:24 - 2016-11-05 01:24 - 00000000 ____D C:\Windows\Sun
2016-11-05 01:22 - 2016-11-05 01:22 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Sun
2016-11-05 01:15 - 2016-11-05 01:15 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\gnupg
2016-11-05 01:14 - 2016-11-05 01:14 - 00001060 _____ C:\Users\Public\Desktop\MPUI.lnk
2016-11-05 01:14 - 2016-11-05 01:14 - 00000000 ____D C:\Users\Administrator\AppData\Local\MPlayer
2016-11-05 01:14 - 2016-11-05 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MPlayer for Windows
2016-11-05 01:13 - 2016-11-05 01:14 - 00000000 ____D C:\Program Files (x86)\MPlayer for Windows
2016-11-05 01:09 - 2016-11-05 01:09 - 00001043 _____ C:\Users\Parag\Desktop\Notepad++.lnk
2016-11-05 01:09 - 2016-11-05 01:09 - 00001043 _____ C:\Users\Administrator\Desktop\Notepad++.lnk
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2016-11-05 01:09 - 2016-11-05 01:09 - 00000000 ____D C:\Program Files (x86)\Notepad++
2016-11-05 01:07 - 2016-11-05 01:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-11-05 01:07 - 2016-11-05 01:24 - 00000000 ____D C:\ProgramData\Oracle
2016-11-05 01:07 - 2016-11-05 01:22 - 00097856 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2016-11-05 01:05 - 2016-11-05 01:05 - 00000960 _____ C:\Users\Public\Desktop\calibre - E-book management.lnk
2016-11-05 01:05 - 2016-11-05 01:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2016-11-05 01:05 - 2016-11-05 01:05 - 00000000 ____D C:\Program Files (x86)\Calibre2
2016-11-05 01:04 - 2016-11-05 01:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\CDisplayEx
2016-11-05 01:00 - 2016-11-05 01:00 - 00001890 _____ C:\Users\Public\Desktop\IrfanView Thumbnails.lnk
2016-11-05 01:00 - 2016-11-05 01:00 - 00000998 _____ C:\Users\Public\Desktop\IrfanView.lnk
2016-11-05 01:00 - 2016-11-05 01:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-11-05 01:00 - 2016-11-05 01:00 - 00000000 ____D C:\Program Files (x86)\IrfanView
2016-11-05 00:59 - 2016-11-05 00:59 - 00000961 _____ C:\Users\Parag\Desktop\HEXelon MAX 6.lnk
2016-11-05 00:59 - 2016-11-05 00:59 - 00000961 _____ C:\Users\Administrator\Desktop\HEXelon MAX 6.lnk
2016-11-05 00:59 - 2016-11-05 00:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HEXelon MAX 6
2016-11-05 00:59 - 2016-11-05 00:59 - 00000000 ____D C:\Program Files (x86)\HEXelon MAX 6
2016-11-05 00:58 - 2016-11-05 00:58 - 00001031 _____ C:\Users\Administrator\Desktop\CDisplayEx.lnk
2016-11-05 00:58 - 2016-11-05 00:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplayEx
2016-11-05 00:58 - 2016-11-05 00:58 - 00000000 ____D C:\Program Files (x86)\CDisplayEx
2016-11-05 00:57 - 2016-11-05 01:14 - 00001129 _____ C:\Users\Public\Desktop\SMPlayer.lnk
2016-11-05 00:57 - 2016-11-05 00:58 - 00000000 ____D C:\Program Files (x86)\SMPlayer
2016-11-05 00:57 - 2016-11-05 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SMPlayer
2016-11-05 00:54 - 2016-11-05 00:54 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Hard Disk Sentinel
2016-11-05 00:53 - 2016-11-05 00:53 - 00004476 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-11-05 00:44 - 2016-11-11 13:34 - 00003754 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-05 00:25 - 2016-11-11 13:20 - 00000555 _____ C:\Users\Administrator\Documents\ax_files.xml
2016-11-05 00:19 - 2016-11-05 00:46 - 00503352 _____ (Duplex Secure Ltd.) C:\Windows\system32\Drivers\sptd.sys
2016-11-05 00:15 - 2016-11-05 01:23 - 00000000 ____D C:\Program Files (x86)\Java
2016-11-05 00:15 - 2016-11-05 01:22 - 00269888 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2016-11-05 00:15 - 2016-11-05 00:15 - 00000000 ____D C:\ProgramData\Sun
2016-11-05 00:14 - 2016-11-05 00:14 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\Sun
2016-11-05 00:10 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2016-11-05 00:10 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2016-11-05 00:10 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2016-11-05 00:10 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2016-11-05 00:10 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2016-11-05 00:10 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2016-11-05 00:10 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2016-11-05 00:10 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2016-11-05 00:10 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2016-11-05 00:10 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2016-11-05 00:10 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2016-11-05 00:10 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2016-11-05 00:10 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2016-11-05 00:10 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2016-11-05 00:10 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2016-11-05 00:10 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2016-11-05 00:10 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2016-11-05 00:10 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2016-11-05 00:10 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2016-11-05 00:10 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2016-11-05 00:10 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2016-11-05 00:10 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2016-11-05 00:10 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2016-11-05 00:10 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2016-11-05 00:10 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2016-11-05 00:10 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2016-11-05 00:10 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2016-11-05 00:10 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2016-11-05 00:10 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2016-11-05 00:10 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2016-11-05 00:10 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2016-11-05 00:10 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2016-11-05 00:10 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2016-11-05 00:10 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2016-11-05 00:10 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2016-11-05 00:10 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2016-11-05 00:10 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2016-11-05 00:10 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2016-11-05 00:10 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2016-11-05 00:10 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2016-11-05 00:10 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2016-11-05 00:10 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2016-11-05 00:10 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2016-11-05 00:10 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2016-11-05 00:10 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2016-11-05 00:10 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2016-11-05 00:10 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2016-11-05 00:10 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2016-11-05 00:10 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2016-11-05 00:10 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2016-11-05 00:10 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2016-11-05 00:10 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2016-11-05 00:10 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2016-11-05 00:10 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2016-11-05 00:10 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2016-11-05 00:10 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2016-11-05 00:10 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2016-11-05 00:10 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2016-11-05 00:10 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2016-11-05 00:10 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2016-11-05 00:10 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2016-11-05 00:10 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2016-11-05 00:10 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2016-11-05 00:10 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2016-11-05 00:10 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2016-11-05 00:10 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2016-11-05 00:10 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2016-11-05 00:10 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2016-11-05 00:10 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2016-11-05 00:10 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2016-11-05 00:10 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2016-11-05 00:10 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2016-11-05 00:10 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2016-11-05 00:10 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2016-11-05 00:10 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2016-11-05 00:10 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2016-11-05 00:10 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2016-11-05 00:10 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2016-11-05 00:10 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2016-11-05 00:10 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2016-11-05 00:10 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2016-11-05 00:10 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2016-11-05 00:08 - 2016-11-05 00:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\WinRAR
2016-11-05 00:05 - 2016-11-05 00:05 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Avira
2016-11-05 00:04 - 2016-11-05 00:04 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-11-05 00:03 - 2016-11-05 00:03 - 00001046 _____ C:\Users\Administrator\Desktop\Palemoon-Portable - Shortcut.lnk
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\Steam
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\FluxSoftware
2016-11-05 00:03 - 2016-11-05 00:03 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2016-11-04 23:59 - 2016-11-04 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-11-04 23:58 - 2016-11-11 13:14 - 00106808 _____ C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2016-11-04 23:58 - 2016-11-05 21:04 - 00000000 ____D C:\Users\Administrator\AppData\Local\AMD
2016-11-04 23:58 - 2016-11-05 13:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-11-04 23:58 - 2016-11-04 23:58 - 00001443 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-11-04 23:58 - 2016-11-04 23:58 - 00001409 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-11-04 23:57 - 2016-11-11 13:25 - 00000000 ____D C:\Users\Administrator
2016-11-04 23:57 - 2016-11-04 23:57 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-11-04 23:57 - 2016-11-04 23:57 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-11-04 23:57 - 2010-11-21 12:46 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-11-04 23:43 - 2016-11-04 23:43 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Avira
2016-11-04 23:26 - 2016-11-04 23:26 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_avusbflt_01011.Wdf
2016-11-04 23:26 - 2016-11-04 23:26 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Mozilla
2016-11-04 23:26 - 2016-10-17 12:18 - 00031720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avusbflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00177432 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00145536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00079696 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2016-11-04 23:25 - 2016-10-17 12:18 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2016-11-04 22:25 - 2016-11-04 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-11-04 22:25 - 2016-11-04 22:25 - 00000000 ____D C:\Program Files\7-Zip
2016-11-04 22:22 - 2016-11-04 23:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-04 22:22 - 2016-11-04 23:25 - 00000000 ____D C:\ProgramData\Avira
2016-11-04 22:22 - 2016-11-04 23:25 - 00000000 ____D C:\Program Files (x86)\Avira
2016-11-04 22:22 - 2016-11-04 22:22 - 00001208 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-04 22:21 - 2016-11-04 22:21 - 00000137 _____ C:\Users\Parag\Desktop\Tales of Maj'Eyal.url
2016-11-04 22:17 - 2016-11-04 22:17 - 00000000 ____D C:\Users\Parag\T-Engine
2016-11-04 22:14 - 2016-11-04 22:20 - 04479640 _____ (Avira Operations GmbH & Co. KG) C:\Users\Parag\Downloads\avira_en_av_581cbad1aea58__ws.exe
2016-11-04 22:12 - 2016-11-04 22:12 - 00000000 ____D C:\Users\Parag\AppData\Roaming\WinRAR
2016-11-04 21:41 - 2016-11-04 21:41 - 00000000 ____D C:\Users\Parag\AppData\Local\Steam
2016-11-04 21:41 - 2016-11-04 21:41 - 00000000 ____D C:\Users\Parag\AppData\Local\CEF
2016-11-04 21:35 - 2016-11-09 08:15 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-11-04 21:35 - 2016-11-04 21:35 - 00001106 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-11-04 21:35 - 2016-11-04 21:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-11-04 21:35 - 2016-03-10 14:09 - 00064896 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-11-04 21:35 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-11-04 21:35 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-11-04 21:24 - 2016-11-08 21:59 - 00000000 ____D C:\Program Files (x86)\Steam
2016-11-04 21:24 - 2016-11-04 21:24 - 00000967 _____ C:\Users\Public\Desktop\Steam.lnk
2016-11-04 21:24 - 2016-11-04 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-11-04 21:23 - 2016-11-04 21:23 - 01446792 _____ C:\Users\Parag\Downloads\SteamSetup.exe
2016-11-04 21:23 - 2016-11-04 21:23 - 00001046 _____ C:\Users\Parag\Desktop\Palemoon-Portable - Shortcut.lnk
2016-11-04 21:22 - 2016-11-05 00:03 - 00000000 ____D C:\Palemoon_x86
2016-11-04 21:12 - 2016-11-04 21:31 - 22851472 _____ (Malwarebytes ) C:\Users\Parag\Downloads\mbam-setup-2.2.1.1043.exe
2016-11-04 20:56 - 2016-11-04 21:21 - 21788504 _____ (Igor Pavlov) C:\Users\Parag\Downloads\Palemoon-Portable-26.5.0.win32.exe
2016-11-04 20:52 - 2016-11-04 20:52 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2016-11-04 20:52 - 2016-11-04 20:52 - 00000000 ____D C:\Users\Parag\AppData\Local\FluxSoftware
2016-11-04 20:51 - 2016-11-04 20:52 - 00597304 _____ C:\Users\Parag\Downloads\flux-setup.exe
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Parag\AppData\Roaming\ATI
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\Users\Parag\AppData\Local\ATI
2016-11-04 20:40 - 2016-11-04 20:40 - 00000000 ____D C:\ProgramData\ATI
2016-11-04 18:53 - 2016-11-04 18:53 - 00000869 _____ C:\Users\Public\Desktop\CPUID CPU-Z.lnk
2016-11-04 18:53 - 2016-11-04 18:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-11-04 18:53 - 2016-11-04 18:53 - 00000000 ____D C:\Program Files\CPUID
2016-11-04 18:52 - 2016-10-28 03:48 - 01718016 ____N ( ) C:\Users\Parag\Desktop\cpu-z_1.77-en.exe
2016-11-04 18:50 - 2016-11-04 18:50 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2016-11-04 18:48 - 2016-11-11 13:31 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2016-11-04 18:46 - 2016-11-04 18:46 - 00003064 _____ C:\Windows\System32\Tasks\AURA
2016-11-04 18:46 - 2016-11-04 18:46 - 00000922 _____ C:\Users\Public\Desktop\AURA(GRAPHICS CARD).lnk
2016-11-04 18:45 - 2016-11-04 20:50 - 00003142 _____ C:\Windows\System32\Tasks\GPU Tweak II
2016-11-04 18:45 - 2016-11-04 18:46 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00001067 _____ C:\Users\Public\Desktop\ASUS GPU TweakII.lnk
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Windows\System32\Tasks\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Windows\Downloaded Installations
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Users\Parag\AppData\Roaming\SplitmediaLabs
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-04 18:45 - 2016-11-04 18:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2016-11-04 18:44 - 2016-11-04 22:17 - 00000000 ____D C:\Users\Parag\AppData\Local\AMD
2016-11-04 18:44 - 2016-11-04 18:44 - 00004224 _____ C:\Windows\System32\Tasks\AMD Updater
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2016-11-04 18:44 - 2016-11-04 18:44 - 00000000 ____D C:\Program Files (x86)\AMD
2016-11-04 18:44 - 2016-06-23 23:52 - 00264992 _____ C:\Windows\SysWOW64\vulkan-1.dll
2016-11-04 18:44 - 2016-06-23 23:51 - 00257824 _____ C:\Windows\system32\vulkan-1.dll
2016-11-04 18:44 - 2016-06-23 23:51 - 00110880 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2016-11-04 18:44 - 2016-06-23 23:50 - 00125216 _____ C:\Windows\system32\vulkaninfo.exe
2016-11-04 18:43 - 2016-11-04 18:43 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-11-04 18:42 - 2016-06-29 07:20 - 02129920 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2016-11-04 18:42 - 2016-06-29 07:20 - 01820160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2016-11-04 18:42 - 2016-06-29 07:19 - 48797696 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2016-11-04 18:42 - 2016-06-29 07:19 - 00252928 _____ C:\Windows\system32\clinfo.exe
2016-11-04 18:42 - 2016-06-29 07:18 - 38248960 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2016-11-04 18:42 - 2016-06-29 07:17 - 00096256 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2016-11-04 18:42 - 2016-06-29 07:17 - 00087040 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2016-11-04 18:42 - 2016-06-29 07:16 - 27471872 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2016-11-04 18:42 - 2016-06-29 07:16 - 21623808 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2016-11-04 18:42 - 2016-06-29 06:56 - 00865792 _____ (AMD) C:\Windows\system32\coinst_16.30.dll
2016-11-04 18:42 - 2016-06-29 06:56 - 00728832 _____ C:\Windows\SysWOW64\atiapfxx.blb
2016-11-04 18:42 - 2016-06-29 06:56 - 00728832 _____ C:\Windows\system32\atiapfxx.blb
2016-11-04 18:42 - 2016-06-29 06:51 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2016-11-04 18:42 - 2016-06-29 06:51 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2016-11-04 18:42 - 2016-06-23 03:16 - 00117296 _____ C:\Windows\system32\kapp_ci.sbin
2016-11-04 18:42 - 2016-06-20 00:28 - 00112336 _____ C:\Windows\system32\kapp_si.sbin
2016-11-04 18:42 - 2016-06-18 00:20 - 00270912 _____ C:\Windows\system32\ativvaxy_stn_nd.dat
2016-11-04 18:42 - 2016-06-18 00:15 - 00368672 _____ C:\Windows\system32\ativvaxy_el_nd.dat
2016-11-04 18:42 - 2016-06-16 23:39 - 00260720 _____ C:\Windows\system32\ativvaxy_FJ_nd.dat
2016-11-04 18:42 - 2016-06-07 02:21 - 00260980 _____ C:\Windows\system32\ativvaxy_FJ.dat
2016-11-04 18:42 - 2016-06-07 02:17 - 00266816 _____ C:\Windows\system32\ativvaxy_cz_nd.dat
2016-11-04 18:42 - 2016-05-24 08:59 - 00016827 _____ C:\Windows\system32\AMDKernelEvents.man
2016-11-04 18:42 - 2016-05-18 02:35 - 00322736 _____ C:\Windows\system32\ativvaxy_vi_nd.dat
2016-11-04 18:42 - 2016-05-18 01:55 - 00234032 _____ C:\Windows\system32\ativvaxy_cik_nd.dat
2016-11-04 18:42 - 2016-04-21 20:15 - 00166624 _____ C:\Windows\system32\amde34b.dat
2016-11-04 18:42 - 2016-04-21 20:15 - 00166624 _____ C:\Windows\system32\amde34a.dat
2016-11-04 18:42 - 2016-04-21 20:14 - 00177280 _____ C:\Windows\system32\ativce03.dat
2016-11-04 18:42 - 2016-04-21 20:14 - 00175584 _____ C:\Windows\system32\amde31a.dat
2016-11-04 18:42 - 2016-04-21 20:11 - 00100816 _____ C:\Windows\system32\ativce02.dat
2016-11-04 18:42 - 2016-04-14 01:28 - 00234292 _____ C:\Windows\system32\ativvaxy_cik.dat
2016-11-04 18:42 - 2016-03-30 03:39 - 00322996 _____ C:\Windows\system32\ativvaxy_vi.dat
2016-11-04 18:42 - 2016-02-11 23:41 - 00149008 _____ C:\Windows\system32\samu_krnl_ci.sbin
2016-11-04 18:42 - 2015-12-17 02:36 - 00000144 _____ C:\Windows\system32\amd-vulkan64.json
2016-11-04 18:42 - 2015-12-15 23:24 - 00000144 _____ C:\Windows\SysWOW64\amd-vulkan32.json
2016-11-04 18:42 - 2015-11-30 20:24 - 00066560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2016-11-04 18:42 - 2015-11-30 20:24 - 00050176 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2016-11-04 18:42 - 2013-12-12 19:23 - 00138832 _____ C:\Windows\system32\samu_krnl_isv_ci.sbin
2016-11-04 18:41 - 2016-11-04 18:43 - 00000000 ____D C:\Program Files\AMD
2016-11-04 18:38 - 2015-02-03 09:04 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-11-04 18:38 - 2015-02-03 09:04 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-11-04 18:38 - 2015-02-03 09:04 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-11-04 18:38 - 2015-02-03 09:04 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-11-04 18:38 - 2015-02-03 09:04 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2016-11-04 18:38 - 2015-02-03 09:03 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-11-04 18:38 - 2015-02-03 09:01 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 02644992 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2016-11-04 18:38 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2016-11-04 18:38 - 2015-02-03 09:01 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2016-11-04 18:38 - 2015-02-03 09:00 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-11-04 18:38 - 2015-02-03 09:00 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2016-11-04 18:38 - 2015-02-03 09:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2016-11-04 18:38 - 2015-02-03 08:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-11-04 18:38 - 2015-02-03 08:59 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-11-04 18:38 - 2015-02-03 08:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-11-04 18:38 - 2015-02-03 08:49 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2016-11-04 18:38 - 2015-02-03 08:46 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-11-04 18:38 - 2015-02-03 08:46 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-11-04 18:38 - 2015-02-03 08:42 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 02135040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2016-11-04 18:38 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2016-11-04 18:38 - 2015-02-03 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2016-11-04 18:38 - 2015-02-03 08:41 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2016-11-04 18:38 - 2015-02-03 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-11-04 18:38 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-11-04 18:38 - 2015-02-03 08:41 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-11-04 18:38 - 2015-02-03 08:41 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-11-04 18:38 - 2015-02-03 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-11-04 18:38 - 2015-02-03 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-11-04 18:38 - 2015-02-03 08:39 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-11-04 18:38 - 2015-02-03 08:38 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-11-04 18:38 - 2015-02-03 08:38 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-11-04 18:38 - 2015-02-03 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-11-04 18:38 - 2015-01-31 05:26 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-11-04 18:38 - 2014-11-01 03:54 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-11-04 18:38 - 2014-06-28 05:51 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-11-04 18:38 - 2014-06-28 05:51 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Adobe
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\LocalLow\Adobe
2016-11-04 18:37 - 2016-11-04 18:37 - 00000000 ____D C:\Users\Parag\AppData\Local\Adobe
2016-11-01 10:33 - 2016-10-31 21:11 - 00000000 ____D C:\Windows\Panther
2016-11-01 10:07 - 2016-11-01 10:07 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-11-01 10:07 - 2016-11-01 10:07 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-11-01 10:07 - 2016-11-01 10:07 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2016-11-01 10:07 - 2016-11-01 10:07 - 00000000 ____D C:\Windows\system32\Macromed
2016-11-01 10:06 - 2016-11-05 00:56 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-11-01 10:06 - 2016-11-04 23:58 - 00000000 ____D C:\ProgramData\Adobe
2016-11-01 10:06 - 2016-11-01 10:06 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-11-01 10:06 - 2016-11-01 10:06 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-11-01 10:05 - 2016-11-05 14:11 - 00000000 ____D C:\Windows\AutoKMS
2016-11-01 10:04 - 2016-11-01 10:04 - 00000000 ____D C:\ProgramData\Microsoft Toolkit
2016-11-01 10:03 - 2016-11-11 13:32 - 00000000 ____D C:\Program Files\WinRAR
2016-11-01 10:03 - 2016-11-01 10:03 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-11-01 10:01 - 2016-11-01 10:01 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-11-01 10:00 - 2016-11-01 10:00 - 00000000 ____D C:\Users\Parag\AppData\Local\Microsoft Help
2016-11-01 09:35 - 2016-11-01 09:35 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2016-11-01 09:35 - 2016-11-01 09:35 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2016-10-31 21:44 - 2016-11-01 10:04 - 00108840 _____ C:\Users\Parag\AppData\Local\GDIPFONTCACHEV1.DAT
2016-10-31 21:44 - 2016-10-31 21:44 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2016-10-31 21:44 - 2016-10-31 21:44 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Intel Corporation
2016-10-31 21:44 - 2015-09-04 20:25 - 00805616 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys
2016-10-31 21:44 - 2015-09-04 20:25 - 00394992 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys
2016-10-31 21:43 - 2016-10-31 21:43 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-10-31 21:42 - 2015-10-15 17:50 - 01026304 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2016-10-31 21:42 - 2015-10-15 17:50 - 00116304 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2016-10-31 21:42 - 2015-10-15 17:50 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2016-10-31 21:41 - 2016-11-04 18:27 - 00000000 __SHD C:\Users\Parag\IntelGraphicsProfiles
2016-10-31 21:41 - 2016-10-31 21:41 - 00018392 _____ C:\Windows\system32\results.xml
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2016-10-31 21:40 - 2016-10-31 21:40 - 00000000 ____D C:\Program Files\Realtek
2016-10-31 21:40 - 2015-07-07 16:43 - 04514008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2016-10-31 21:40 - 2015-07-07 13:24 - 35222128 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2016-10-31 21:40 - 2015-07-06 13:35 - 02930904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2016-10-31 21:40 - 2015-07-01 15:48 - 01749208 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2016-10-31 21:40 - 2015-06-30 13:34 - 00184688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2016-10-31 21:40 - 2015-06-26 17:40 - 01310936 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2016-10-31 21:40 - 2015-06-22 12:13 - 02702552 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2016-10-31 21:40 - 2015-06-17 12:15 - 03234520 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2016-10-31 21:40 - 2015-05-15 16:57 - 02918104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2016-10-31 21:40 - 2015-01-19 15:40 - 72113152 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2016-10-31 21:40 - 2014-11-11 11:14 - 00631000 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2016-10-31 21:40 - 2014-05-22 13:54 - 00096568 _____ C:\Windows\system32\audioLibVc.dll
2016-10-31 21:40 - 2012-08-31 16:48 - 07164176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00434960 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00141584 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00124176 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2016-10-31 21:40 - 2012-08-31 16:47 - 00075024 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2016-10-31 21:40 - 2011-12-20 13:02 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2016-10-31 21:40 - 2011-11-22 13:58 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2016-10-31 21:39 - 2016-11-04 18:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-31 21:39 - 2016-10-31 21:42 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-10-31 21:39 - 2016-10-31 21:40 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-10-31 21:39 - 2016-10-31 21:39 - 00000704 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-10-31 21:39 - 2016-10-31 21:39 - 00000200 _____ C:\Windows\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-10-31 21:39 - 2015-06-08 13:43 - 02825944 ____R (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 07087448 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 01939800 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 00315736 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2016-10-31 21:39 - 2014-09-24 09:01 - 00261464 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2016-10-31 21:39 - 2013-06-21 08:31 - 00109848 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01756264 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01568360 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 01486952 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00728680 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00712296 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00693352 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00491112 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00432744 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00428648 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00242792 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2016-10-31 21:39 - 2011-05-31 07:12 - 00241768 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 35987168 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 35068920 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 31013304 _____ (Intel Corporation) C:\Windows\SysWOW64\igd11dxva32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 29706216 _____ (Intel Corporation) C:\Windows\system32\igd11dxva64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 29084160 _____ (Intel Corporation) C:\Windows\system32\common_clang64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 19844096 _____ (Intel Corporation) C:\Windows\SysWOW64\common_clang32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 15167808 _____ (Intel Corporation) C:\Windows\system32\igc64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13640288 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13349888 _____ (Intel Corporation) C:\Windows\system32\ig9icd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 13176312 _____ (Intel Corporation) C:\Windows\SysWOW64\igc32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 11188872 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 10114560 _____ (Intel Corporation) C:\Windows\SysWOW64\ig9icd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 06437776 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2016-10-31 21:38 - 2015-11-02 12:18 - 06415888 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 05797102 _____ C:\Windows\system32\igdclbif.bin
2016-10-31 21:38 - 2015-11-02 12:18 - 05666816 _____ (Intel Corporation) C:\Windows\system32\igdmcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 05245440 _____ (Intel Corporation) C:\Windows\system32\GfxResources.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04918792 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04528640 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04326512 _____ (Intel Corporation) C:\Windows\system32\igd12umd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 04174584 _____ (Intel Corporation) C:\Windows\SysWOW64\igd12umd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 03992576 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 03952128 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 02813952 _____ C:\Windows\system32\iglhxa64.cpa
2016-10-31 21:38 - 2015-11-02 12:18 - 02034688 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01848832 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01767992 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01765408 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01565696 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01473912 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01156608 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 01008744 _____ C:\Windows\system32\igfxSDK.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00943208 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00939624 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00819042 _____ C:\Windows\system32\DisplayAudiox64.cab
2016-10-31 21:38 - 2015-11-02 12:18 - 00729088 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00641530 _____ C:\Windows\system32\FilmModeDetection.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00609280 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00596072 _____ (Intel Corporation) C:\Windows\system32\IntelCpHDCPSvc.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00511260 _____ C:\Windows\system32\cp_resources.bin
2016-10-31 21:38 - 2015-11-02 12:18 - 00448104 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00421376 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00403671 _____ C:\Windows\system32\ImageStabilization.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00398336 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00384104 _____ C:\Windows\system32\igfxTray.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00375173 _____ C:\Windows\system32\ColorImageEnhancement.wmv
2016-10-31 21:38 - 2015-11-02 12:18 - 00372736 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00371200 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00366080 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00353384 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00332904 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00301056 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00285304 _____ (Intel Corporation) C:\Windows\system32\igd10idpp64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00282728 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00270896 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10idpp32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00256000 _____ C:\Windows\system32\igfxCPL.cpl
2016-10-31 21:38 - 2015-11-02 12:18 - 00248832 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00248424 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00231936 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00220432 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00218216 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00213608 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00213096 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00207872 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00201368 _____ (Intel Corporation) C:\Windows\system32\igdde64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00188928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4312.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00184352 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00176128 _____ (Intel Corporation) C:\Windows\system32\igdail64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00163264 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00162240 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00160680 _____ (Intel Corporation) C:\Windows\SysWOW64\igdde32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00156672 _____ (Intel Corporation) C:\Windows\SysWOW64\igdail32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00156264 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2016-10-31 21:38 - 2015-11-02 12:18 - 00140056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00140056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00094208 _____ ( ) C:\Windows\system32\igfxSDKLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00086528 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00086016 _____ C:\Windows\system32\igfxCUIServicePS.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00083456 _____ ( ) C:\Windows\system32\igfxSDKLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00082432 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00077824 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00066048 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00044025 _____ C:\Windows\system32\iglhxo64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043494 _____ C:\Windows\system32\iglhxc64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00043256 _____ C:\Windows\system32\iglhxg64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00036616 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00035328 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00011776 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00011776 _____ ( ) C:\Windows\system32\igfxDILib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2016-10-31 21:38 - 2015-11-02 12:18 - 00004686 _____ C:\Windows\system32\iglhxs64.vp
2016-10-31 21:38 - 2015-11-02 12:18 - 00000935 _____ C:\Windows\system32\Gfxv4_0.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000935 _____ C:\Windows\system32\DPTopologyApp.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2016-10-31 21:38 - 2015-11-02 12:18 - 00000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2016-10-31 21:37 - 2016-10-31 21:44 - 00000000 ____D C:\Program Files (x86)\Intel
2016-10-31 21:37 - 2016-10-31 21:41 - 00000000 ____D C:\Intel
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____D C:\Users\Parag\Intel
2016-10-31 21:37 - 2016-10-31 21:37 - 00000000 ____D C:\ProgramData\Intel
2016-10-31 21:37 - 2015-11-02 12:18 - 00473864 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2016-10-31 21:37 - 2012-07-26 10:25 - 00785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-10-31 21:37 - 2012-07-26 10:25 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2016-10-31 21:37 - 2012-07-26 08:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2016-10-31 21:37 - 2012-06-02 20:05 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2016-10-31 21:36 - 2016-11-05 13:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-31 21:36 - 2016-10-31 21:43 - 00000000 ____D C:\Program Files\Intel
2016-10-31 21:35 - 2016-11-05 13:27 - 00775352 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2016-10-31 21:34 - 2016-11-11 13:33 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-31 21:34 - 2016-11-11 01:46 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-31 21:34 - 2016-11-04 22:12 - 00002195 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-10-31 21:34 - 2016-11-04 22:12 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-10-31 21:34 - 2016-11-04 21:52 - 00000000 ____D C:\Users\Parag\AppData\Local\Google
2016-10-31 21:34 - 2016-11-04 21:41 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-10-31 21:34 - 2016-11-04 21:41 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-10-31 21:34 - 2016-10-31 21:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-31 21:33 - 2016-10-31 21:42 - 00000010 _____ C:\Windows\GSetup.ini
2016-10-31 21:12 - 2016-10-31 21:12 - 00001447 _____ C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2016-10-31 21:12 - 2016-10-31 21:12 - 00001413 _____ C:\Users\Parag\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2016-10-31 21:12 - 2016-10-31 21:12 - 00000000 ____D C:\Users\Parag\AppData\Local\VirtualStore
2016-10-31 21:11 - 2016-11-05 14:11 - 00000000 ____D C:\Users\Parag
2016-10-31 21:11 - 2016-10-31 21:11 - 00000020 ___SH C:\Users\Parag\ntuser.ini
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\My Documents
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Videos
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Pictures
2016-10-31 21:11 - 2016-10-31 21:11 - 00000000 _SHDL C:\Users\Parag\Documents\My Music
2016-10-31 21:11 - 2010-11-21 12:46 - 00000000 ____D C:\Users\Parag\AppData\Roaming\Media Center Programs

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-11-11 13:39 - 2009-07-14 10:15 - 00027120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-11-11 13:39 - 2009-07-14 10:15 - 00027120 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-11-11 13:36 - 2009-07-14 10:43 - 00783114 _____ C:\Windows\system32\PerfStringBackup.INI
2016-11-11 13:32 - 2009-07-14 10:38 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-11-11 13:31 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\inf
2016-11-11 13:14 - 2009-07-14 10:15 - 00410888 _____ C:\Windows\system32\FNTCACHE.DAT
2016-11-11 13:11 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\ShellNew
2016-11-11 13:11 - 2009-07-14 11:02 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-11-11 13:10 - 2009-07-14 08:04 - 00000387 _____ C:\Windows\win.ini
2016-11-11 13:09 - 2009-07-14 08:50 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2016-11-09 01:23 - 2009-07-14 08:50 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2016-11-09 01:23 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2016-11-05 14:11 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\registration
2016-11-05 03:19 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\rescache
2016-11-04 23:58 - 2009-07-14 10:27 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-11-04 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-11-04 18:38 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\Dism
2016-11-01 10:33 - 2009-07-14 11:02 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2016-11-01 10:33 - 2009-07-14 10:15 - 00000000 ____D C:\Windows\Setup
2016-11-01 09:36 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\oobe
2016-11-01 09:35 - 2009-07-14 08:50 - 00000000 ____D C:\Windows\system32\sysprep
2016-11-01 09:34 - 2010-11-21 12:47 - 00000000 ____D C:\Windows\CSC
2016-10-31 21:11 - 2010-11-21 08:54 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00833024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\systemcpl.dll
2016-10-31 21:11 - 2010-11-21 08:54 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\slwga.dll
2016-10-31 21:11 - 2010-11-21 08:53 - 00013824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slwga.dll

==================== Files in the root of some directories =======

2016-10-31 21:40 - 2016-10-31 21:40 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll
[2010-11-21 08:54] - [2016-10-31 21:11] - 1008640 ____A (Microsoft Corporation) 2C353B6CE0C8D03225CAA2AF33B68D79

C:\Windows\SysWOW64\User32.dll
[2010-11-21 08:54] - [2016-10-31 21:11] - 0833024 ____A (Microsoft Corporation) 861C4346F9281DC0380DE72C8D55D6BE

C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-11-04 18:08

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Administrator (11-11-2016 13:42:42)
Running from C:\Users\Administrator\Desktop
Windows 7 Professional Service Pack 1 (X64) (2016-10-31 15:41:18)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-2855634118-3034471008-3255769274-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2855634118-3034471008-3255769274-501 - Limited - Disabled)
Parag (S-1-5-21-2855634118-3034471008-3255769274-1000 - Administrator - Enabled) => C:\Users\Parag

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Free Firewall Firewall (Enabled) {1B8D532F-88B1-B2AD-ED22-AED92687A1D2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.175 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
ASUS GPU TweakII (HKLM-x32\...\InstallShield_{0075AAC2-EA9F-490E-83F7-5D5F81EB2A43}) (Version: 1.3.3.2 - ASUSTek COMPUTER INC.)
ASUS GPU TweakII (x32 Version: 1.3.3.2 - ASUSTek COMPUTER INC.) Hidden
ASUS Product Register Program (HKLM-x32\...\{C87D79F6-F813-4812-B7A9-CCCAAB8B1188}) (Version: 1.0.031 - ASUSTek Computer Inc.)
AURA(GRAPHICS CARD) (HKLM-x32\...\{509505B2-C4C8-4FF6-912D-BC01097F97F5}) (Version: 0.0.4.1 - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.23.58 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM-x32\...\{772ed258-65d1-4d57-ac70-7087049d1576}) (Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG)
Avira Connect (x32 Version: 1.2.74.26159 - Avira Operations GmbH & Co. KG) Hidden
calibre (HKLM-x32\...\{F0F4163F-6A2D-48BA-BC36-23C33B0ECDB5}) (Version: 0.9.9 - Kovid Goyal)
Catalyst Control Center Next Localization BR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0628.2138.37120 - Advanced Micro Devices, Inc.) Hidden
Cheat Engine 6.6 (HKLM-x32\...\Cheat Engine 6.6_is1) (Version:  - Cheat Engine)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version:  - )
Divinity: Original Sin 2 (HKLM\...\Steam App 435150) (Version:  - Larian Studios)
DriveImage XML (Private Edition) (HKLM-x32\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.50.000 - Runtime Software)
f.lux (HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\Flux) (Version:  - )
Free Download Manager (HKLM\...\{43781dff-e0df-49ce-a6d2-47da96a485e7}}_is1) (Version:  - FreeDownloadManager.ORG)
GD Defiler (HKU\S-1-5-21-2855634118-3034471008-3255769274-500\...\eb52a1e1a73b9708) (Version: 0.1.1.1 - Soul's Software)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.71 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.9 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1162 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4312 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.6.0.1029 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 4.0.1.40 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java 8 Update 111 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24210 (HKLM-x32\...\{f144e08f-9cbe-4f09-9a8c-f2b858b7ee7f}) (Version: 14.0.24210.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24210 (HKLM-x32\...\{23658c02-145e-483d-ba6b-1eb82c580529}) (Version: 14.0.24210.0 - Microsoft Corporation)
MPlayer for Windows (Full Package) (HKLM-x32\...\{DB9E4EAB-2717-499F-8D56-4CC8A644AB60}) (Version:  - LoRd MuldeR)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.9 - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.97.1001.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7553 - Realtek Semiconductor Corp.)
SMPlayer 0.6.9 (HKLM-x32\...\SMPlayer) (Version: 0.6.9 - RVM)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector)
Tixati (HKLM-x32\...\tixati) (Version:  - )
Vulkan Run Time Libraries 1.0.17.0 (HKLM\...\VulkanRT1.0.17.0) (Version: 1.0.17.0 - LunarG, Inc.)
ZoneAlarm Firewall (x32 Version: 15.0.139.17085 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Firewall (HKLM-x32\...\ZoneAlarm Free Firewall) (Version: 15.0.139.17085 - Check Point)
ZoneAlarm Security (x32 Version: 15.0.139.17085 - Check Point Software Technologies Ltd.) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {113ED480-4212-40F9-8683-9025AF227D49} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {1E9FEDF2-5A6E-46AB-9A82-8871C07260A3} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {3796CC18-3EFE-44C7-A01A-13156A0C01F0} - System32\Tasks\GPU Tweak II => C:\Program Files (x86)\ASUS\GPU TweakII\GPUTweakII.exe [2016-07-22] (TODO: <Company name>)
Task: {5401136C-8D45-445B-A272-EE75EA775AA0} - System32\Tasks\AURA => C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\ledcontrolservice.exe [2016-07-12] (TODO: <Company name>)
Task: {9742AE69-60AD-41CF-9D81-35B345913682} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-11-01] ()
Task: {B8E18C8C-FE32-43A7-950E-A9CD5F1778A4} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-06-28] (Advanced Micro Devices, Inc.)
Task: {DAA3A476-637C-4242-8037-733F6962049A} - System32\Tasks\FreeDownloadManagerNetworkMonitor => C:\Program Files\Free Download Manager\winwfpmonitor.exe [2016-10-21] (FreeDownloadManager.org)
Task: {E21C770F-EAA7-49E9-8288-67F7763230EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-10-31] (Google Inc.)
Task: {F39B7F50-99F1-4FAD-A034-DF2142E9D9C9} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-18] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-11-11 01:48 - 2016-10-21 19:50 - 00029696 _____ () C:\Program Files\Free Download Manager\WinDivert.dll
2016-11-11 01:55 - 2012-01-20 14:55 - 00678400 _____ () C:\Program Files\TeraCopy\TeraCopyExt64.dll
2011-02-09 06:26 - 2011-02-09 06:26 - 00301568 _____ () C:\Program Files (x86)\Notepad++\NppShell_04.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-11-04 21:23 - 2016-02-02 05:44 - 00439912 _____ () C:\Palemoon_x86\Palemoon-Portable.exe
2016-11-04 18:46 - 2016-07-05 21:18 - 01744384 _____ () C:\Program Files (x86)\ASUS\AURA(GRAPHICS CARD)\Vender.dll
2016-11-04 21:23 - 2016-09-24 00:40 - 03060736 _____ () C:\Palemoon_x86\Bin\Palemoon\mozjs.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 08:04 - 2016-11-05 00:17 - 00001226 ___RA C:\Windows\system32\Drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 *.alcohol-soft.com
127.0.0.1 *.alcohol-soft.*

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2855634118-3034471008-3255769274-500\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [TCP Query User{6C42116C-7DB3-43E3-A0CF-3A6537FA99DA}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [UDP Query User{7154CF0E-DCB0-4235-9983-FDEF3599DF88}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [{A48ED20D-ED9F-4362-B72F-01AEB6436331}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{98504E0D-2711-450A-A478-4E9E981886DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{048AD707-0CBB-4B1F-810A-C1BEADC7065C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{789AB1F2-836F-4E7D-BA52-65326BC3C991}] => (Allow) G:\Games (installed)\Steam\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{546AA53B-6B98-4716-905F-6E4A75026C2D}] => (Allow) G:\Games (installed)\Steam\SteamApps\common\TalesMajEyal\t-engine.exe
FirewallRules: [{11A2B990-CBBF-440C-BB35-C643AA7EA5A4}] => (Allow) F:\Games\Steam\SteamApps\common\Stoneworks_Games\BloodofMagic.exe
FirewallRules: [{98D40B67-3E26-4E0D-B17A-14B65D3D1CCD}] => (Allow) F:\Games\Steam\SteamApps\common\Stoneworks_Games\BloodofMagic.exe
FirewallRules: [{AECD8B6F-95B9-47D1-9F78-475A1E33F116}] => (Allow) D:\Games_ins\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [{F8CDF89D-592B-4FA5-9A0D-2D60E0830912}] => (Allow) D:\Games_ins\Steam\steamapps\common\Divinity Original Sin 2\bin\SupportTool.exe
FirewallRules: [TCP Query User{8E6D0066-FC67-46D4-9DDB-D8A8A15DF425}D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [UDP Query User{3465F4C3-725F-46D8-9937-8D6165A018E6}D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe] => (Block) D:\games_ins\steam\steamapps\common\divinity original sin 2\bin\eocapp.exe
FirewallRules: [{C1CD0281-830F-4F43-B1BC-D5EB7ACF6A8B}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{CD1310A0-45A9-4118-8A94-B844453DA287}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{945ABAC6-7787-4F2F-8996-B45D961E35D9}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{9D94FA7C-C220-47BF-B6F0-8C9F1E5049B3}] => (Allow) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
FirewallRules: [{7359D4A2-C6F1-445C-835D-E349F5D492E3}] => (Allow) C:\Program Files\Free Download Manager\fdm.exe
FirewallRules: [{0E9D9E7A-9056-4995-90E2-49FE76059385}] => (Allow) C:\Program Files\Free Download Manager\fdm.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/11/2016 01:33:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2016 01:32:56 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2016 01:26:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2016 01:26:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2016 01:17:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "D:\Games_ins\Grim Dawn Crucible\crashreporter.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error: (11/11/2016 01:14:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2016 01:14:43 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2016 01:02:41 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Users\Administrator\AppData\Local\chromium\Application\chrome.exe".
Dependent Assembly 51.0.2683.0,language="&#x2a;",type="win32",version="51.0.2683.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/11/2016 01:02:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (11/11/2016 02:21:29 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error


System errors:
=============
Error: (11/09/2016 01:47:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/09/2016 01:47:01 AM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 70.

Error: (11/06/2016 04:45:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 04:45:11 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (11/06/2016 04:44:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 04:27:41 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {752073A1-23F2-4396-85F0-8FDB879ED0ED} did not register with DCOM within the required timeout.

Error: (11/06/2016 04:27:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.

Error: (11/06/2016 03:49:29 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004

Error: (11/05/2016 01:48:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: The server {995C996E-D918-4A8C-A302-45719A6F4EA7} did not register with DCOM within the required timeout.

Error: (11/05/2016 01:02:46 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
Access is denied.


==================== Memory info ===========================

Processor: Intel® Core™ i5-6400 CPU @ 2.70GHz
Percentage of memory in use: 14%
Total physical RAM: 16336.18 MB
Available physical RAM: 13913.95 MB
Total Virtual: 32670.54 MB
Available Virtual: 29972.6 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:488.18 GB) (Free:442.64 GB) NTFS
Drive d: () (Fixed) (Total:1374.73 GB) (Free:1314.38 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 19C2B0A7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1374.7 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

 

Attached File  Summary.zip   58.61KB   1 downloads



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 11 November 2016 - 01:52 PM

Thank you.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2855634118-3034471008-3255769274-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 iswSvc; no ImagePath
2016-11-05 00:44 - 2016-11-06 18:19 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-05 00:48 - 2016-11-05 00:48 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2016-11-05 00:48 - 2016-11-05 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2016-11-05 00:22 - 2016-11-05 00:22 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
c:\windows\autokms
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
Task: {AE79DE79-B689-4206-AC22-7BA4598A6D5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-11-01] ()
FirewallRules: [TCP Query User{6C42116C-7DB3-43E3-A0CF-3A6537FA99DA}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [UDP Query User{7154CF0E-DCB0-4235-9983-FDEF3599DF88}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\system32\User32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll C:\Windows\SysWOW64\User32.dll
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, click Run, then select I agree if it appears
  • Click Scan
  • Once the scan has completed you will see Pending. Please check elements you don't want to remove above the progress bar
  • Review the entries and uncheck any items you would like to keep on your computer (leaving an item checked will cause its deletion)
  • Click on Clean
  • Confirm the cleaning and rebooting of your computer by clicking OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
===================================================

Rerun RKill and post the results

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • RKill log
  • AdwCleaner log
  • Update on computer performance

Edited by Oh My!, 11 November 2016 - 01:53 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#6 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 12 November 2016 - 06:02 AM

Followed the instructions...here goes:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 04-11-2016
Ran by Administrator (12-11-2016 13:42:22) Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Parag & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
GroupPolicy: Restriction <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2855634118-3034471008-3255769274-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
BHO-x32: No Name -> {13D67BB7-DB5F-48AA-884D-7A5D94168509} -> No File
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
U3 iswSvc; no ImagePath
2016-11-05 00:44 - 2016-11-06 18:19 - 00003758 _____ C:\Windows\System32\Tasks\AutoKMS
2016-11-05 00:48 - 2016-11-05 00:48 - 00001180 _____ C:\Users\Public\Desktop\Alcohol 120%.lnk
2016-11-05 00:48 - 2016-11-05 00:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%
2016-11-05 00:22 - 2016-11-05 00:22 - 00000000 ____D C:\Program Files (x86)\Alcohol Soft
c:\windows\autokms
c:\windows\system32\slmgr.vbs.removewat
c:\windows\syswow64\slmgr.vbs.removewat
Task: {AE79DE79-B689-4206-AC22-7BA4598A6D5A} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2016-11-01] ()
FirewallRules: [TCP Query User{6C42116C-7DB3-43E3-A0CF-3A6537FA99DA}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
FirewallRules: [UDP Query User{7154CF0E-DCB0-4235-9983-FDEF3599DF88}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe] => (Allow) F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe
Replace: C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll C:\Windows\system32\User32.dll
Replace: C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll C:\Windows\SysWOW64\User32.dll
hosts:
*****************

Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-2855634118-3034471008-3255769274-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}" => key removed successfully
HKCR\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13D67BB7-DB5F-48AA-884D-7A5D94168509}" => key removed successfully
HKCR\Wow6432Node\CLSID\{13D67BB7-DB5F-48AA-884D-7A5D94168509} => key not found.
gdrv => service removed successfully
iswSvc => service removed successfully
C:\Windows\System32\Tasks\AutoKMS => moved successfully
"C:\Users\Public\Desktop\Alcohol 120%.lnk" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Alcohol 120%" => not found.
"C:\Program Files (x86)\Alcohol Soft" => not found.
c:\windows\autokms => moved successfully
c:\windows\system32\slmgr.vbs.removewat => moved successfully
c:\windows\syswow64\slmgr.vbs.removewat => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE79DE79-B689-4206-AC22-7BA4598A6D5A} => key not found.
C:\Windows\System32\Tasks\AutoKMS => not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{6C42116C-7DB3-43E3-A0CF-3A6537FA99DA}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe => value not found.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{7154CF0E-DCB0-4235-9983-FDEF3599DF88}F:\ \tool kit\office 2010 toolkit and ez-activator v2.2.3\microsoft toolkit.exe => value not found.
C:\Windows\system32\User32.dll => moved successfully
C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll copied successfully to C:\Windows\system32\User32.dll
C:\Windows\SysWOW64\User32.dll => moved successfully
C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll copied successfully to C:\Windows\SysWOW64\User32.dll
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.


The system needed a reboot.

==== End of Fixlog 13:42:28 ====

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/12/2016 03:57:21 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

 * Windows Firewall Disabled

   [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
   "EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

 * Windows Defender (WinDefend) is not Running.
   Startup Type set to: Manual

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1 serial.alcohol-soft.com
  127.0.0.1 www.alcohol-soft.com
  127.0.0.1 serial.alcohol-soft.com
  127.0.0.1 images.alcohol-soft.com
  127.0.0.1 trial.alcohol-soft.com
  127.0.0.1 forum.alcohol-soft.com
  127.0.0.1 support.alcohol-soft.com
  127.0.0.1 users.alcohol-soft.com
  127.0.0.1 shop.alcohol-soft.com
  127.0.0.1 vodka.alcohol-soft.com
  127.0.0.1 *.alcohol-soft.com
  127.0.0.1 *.alcohol-soft.*

Program finished at: 11/12/2016 03:57:26 PM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)
 

# AdwCleaner v6.030 - Logfile created 12/11/2016 at 15:53:00
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-11-12.1 [Server]
# Operating System : Windows 7 Professional Service Pack 1 (X64)
# Username : Administrator - PARAG-PC
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : hxxps://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****

[-] File deleted: C:\Windows\Installer\ddb60.msi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****



***** [ Web browsers ] *****

[-] [C:\Users\Parag\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Parag\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1185 Bytes] - [12/11/2016 15:53:00]
C:\AdwCleaner\AdwCleaner[S0].txt - [1494 Bytes] - [12/11/2016 15:49:27]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1331 Bytes] ##########
 

as for performance update...

the computer boots up slightly faster. also for some reason my device manager shows two keyboards (when only one keyboard is connected. this happens even if i uninstall both the keboards and restart the computer with just one keyboard connected.) is this some keylogger or something? (total computer noob here...)



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 12 November 2016 - 06:50 PM

No, having 2 keyboards listed is not indicative of a keylogger. That is common.

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
SetDefaultFilePermissions: C:\Windows\System32\Drivers\etc\hosts
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner and save it to your Desktop
  • Double click the icon to launch the program
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • A FSS.txt document will be placed on your Desktop
  • Copy and paste the contents of the report in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#8 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 13 November 2016 - 07:26 AM

Hello there. As instructed:

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Administrator (13-11-2016 17:51:17) Run:4
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Parag & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SetDefaultFilePermissions: C:\Windows\System32\Drivers\etc\hosts
hosts:
*****************

"C:\Windows\System32\Drivers\etc\hosts" => Default permissions restored successfully.
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.

==== End of Fixlog 17:51:17 ====

 

Farbar Service Scanner Version: 27-01-2016
Ran by Administrator (administrator) on 13-11-2016 at 17:53:29
Running from "C:\Users\Administrator\Desktop"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 13 November 2016 - 10:14 AM

Please rerun Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
closeprocesses:
Move: C:\Windows\system32\drivers\etc\hosts C:\Windows\system32\drivers\etc\hosts.old
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#10 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 13 November 2016 - 11:56 AM

Fix result of Farbar Recovery Scan Tool (x64) Version: 12-11-2016
Ran by Administrator (13-11-2016 22:23:29) Run:5
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Parag & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
closeprocesses:
Move: C:\Windows\system32\drivers\etc\hosts C:\Windows\system32\drivers\etc\hosts.old
hosts:
*****************

Processes closed successfully.
"C:\Windows\system32\drivers\etc\hosts" Could not move to C:\Windows\system32\drivers\etc\hosts.old
"C:\Windows\System32\Drivers\etc\hosts" => Could not move.
Could not restore Hosts.


The system needed a reboot.

==== End of Fixlog 22:23:29 ====



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 13 November 2016 - 02:39 PM

Please do this.

===================================================

GrantPerms by Farbar

--------------------
  • Download GrantPerms for either 32 bit or 64 bit systems and save it to your desktop
  • Unzip the file and launch the program
  • Copy and paste the following in the edit box:

C:\Windows\system32\drivers\etc\hosts

  • Click Unlock. When it is done click OK
  • Click List Permissions and copy/paste the results of the Perms.txt document in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Perms.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#12 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 14 November 2016 - 06:58 AM

GrantPerms by Farbar
Ran by Administrator (administrator) at 2016-11-14 17:29:21

===============================================
\\?\C:\Windows\system32\drivers\etc\hosts

   Owner: BUILTIN\Administrators

   DACL(P)(AI):
   BUILTIN\Administrators   FULL   ALLOW   (NI)
   NT AUTHORITY\SYSTEM   FULL   ALLOW   (NI)
   BUILTIN\Users   READ/EXECUTE   ALLOW   (NI)



================ End Of List ================


Edited by Pap001, 14 November 2016 - 07:00 AM.


#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 14 November 2016 - 12:05 PM

Using Windows Explorer navigate to C:\Windows\system32\drivers\etc\hosts, right click on the entry and select Delete. If successful, do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
hosts:
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Delete hosts file?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."

#14 Pap001

Pap001
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:11:18 AM

Posted 15 November 2016 - 02:54 AM

when I try to delete hosts file, I get the following:

"This action can't be completed because this file is open in System"



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,457 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:48 PM

Posted 15 November 2016 - 09:35 AM

Greetings,

Thanks, there is probably a 3rd party program protecting the hosts file.

Please do this.

===================================================

Process Explorer File Information

--------------------
  • Please download Process Explorer.zip and save it to your Desktop
  • Right click on the folder and select Extract All...
  • If the default file location is not your Desktop click the Browse... button and select your Desktop
  • Make sure Show extracted files when complete is checked
  • Click Extract
  • Right click on precexp (Application) and select Run as administrator
  • Press the Ctrl + F keys at the same time
  • Next to Handle or DLL substream type hosts
  • Click Search
  • Once the search has completed, please take a screen shot of this window and attach it to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Attached Process Explorer screen shot

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"May you be richly rewarded by the Lord, the God of Israel, under whose wings you have come to take refuge."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users