Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

100% disk usage, low performance


  • This topic is locked This topic is locked
3 replies to this topic

#1 mishi93

mishi93

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 13 March 2017 - 04:38 AM

Hi guys
Recently i noticed some troubles with my pc.It's started working real slow and disk usage is sometimes 100%!
That's not all, I had some two empty nameless folders on my desktop but i deleted them pernamently somehow through registry. Adw Cleaner is not responding when I hit "clean" after scanning.
 
Could you be that kind and help me? 
I also included as attachment logs frrom AdwCleaner and JRT.
 
Cheers,
Michal

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-03-2017
Ran by Michał (administrator) on ASUS (13-03-2017 10:30:29)
Running from D:\DOWNLOAD
Loaded Profiles: Michał (Available Profiles: Michał)
Platform: Windows 8.1 Pro (Update) (X64) Language: Angielski (Stany Zjednoczone)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
() C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [382072 2017-01-13] ()
HKLM\...\Run: [ShadowPlay] => "C:\Windows\system32\rundll32.exe" C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163800 2016-07-30] (IvoSoft)
HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [111488 2017-03-02] (Intel Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4701888 2016-12-22] (Disc Soft Ltd)
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [717696 2010-01-16] (Microsoft Corporation)
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [479744 2014-10-29] (Microsoft Corporation)
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\Run: [Spotify Web Helper] => C:\Users\Michał\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1446000 2017-03-09] (Spotify Ltd)
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\MountPoints2: {877c937a-dc51-11e6-824f-8086f230fc04} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2017-01-17]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2017-02-27]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Wysyłanie do programu OneNote.lnk [2017-02-28]
ShortcutTarget: Wysyłanie do programu OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: 104.251.218.27 mf.svc.nhl.com
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{87AC74F8-6067-418E-B000-1EAF2155BE9A}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{CF7412A9-42AE-4E4A-BD8A-1E2BBEAF2E6E}: [DhcpNameServer] 217.113.224.36 217.113.224.134

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2017-03-03] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2017-03-03] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2016-07-30] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2016-07-30] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2016-07-30] (IvoSoft)
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1488498694719
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2017-03-02] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-03-02] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2017-03-03] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-12-23] (Adobe Systems Inc.)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2014-03-25] (Wacom)

Chrome:
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default [2017-03-13]
CHR Extension: (Prezentacje Google) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2017-03-03]
CHR Extension: (Dokumenty Google) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2017-03-03]
CHR Extension: (Dysk Google) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-03-03]
CHR Extension: (YouTube) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2017-03-03]
CHR Extension: (uBlock Origin) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2017-03-09]
CHR Extension: (Arkusze Google) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2017-03-03]
CHR Extension: (Dokumenty Google offline) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-03-03]
CHR Extension: (Płatności w sklepie Chrome Web Store) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-03-09]
CHR Extension: (Gmail) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2017-03-03]
CHR Extension: (Chrome Media Router) - C:\Users\Michał\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-03-03]
CHR HKU\S-1-5-21-4122494467-2726101799-183990937-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [mjbepbhonbojpoaenhckjocchgfiaofo] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3735744 2017-03-02] (Microsoft Corporation)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [1471168 2016-12-22] (Disc Soft Ltd)
S2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [115656 2017-03-02] (Intel Corporation)
S2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [118728 2017-03-02] (Intel Corporation)
S2 DptfPolicyCriticalService; C:\Windows\system32\DptfPolicyCriticalService.exe [148160 2017-03-02] (Intel Corporation)
S2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [124904 2017-03-02] (Intel Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-03-02] (Bitdefender)
S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344184 2017-01-13] (Intel Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-11-07] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-10-06] ()
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-02-23] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [425408 2017-02-23] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2121736 2017-01-29] (Electronic Arts)
S2 Origin Web Helper Service; C:\Program Files (x86)\Origin\OriginWebHelperService.exe [2183696 2017-01-29] (Electronic Arts)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [672208 2017-02-03] (Wacom Technology, Corp.)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-10-06] (Intel® Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [69904 2014-03-31] (ASUS Corporation)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2017-03-07] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R3 DptfDevDram; C:\Windows\system32\DRIVERS\DptfDevDram.sys [145640 2017-03-02] (Intel Corporation)
S3 DptfDevPch; C:\Windows\system32\DRIVERS\DptfDevPch.sys [116752 2017-03-02] (Intel Corporation)
S3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [290256 2017-03-02] (Intel Corporation)
R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494808 2017-03-02] (Intel Corporation)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [52200 2017-03-02] (Intel Corporation)
R3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2017-01-17] (Disc Soft Ltd)
R3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [47672 2017-01-17] (Disc Soft Ltd)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [27552 2017-03-02] (REALiX™)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [214272 2016-11-18] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-08] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-08] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-07] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 NETwNb64; C:\Windows\system32\DRIVERS\NETwbw02.sys [3517200 2016-10-20] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [27584 2017-02-23] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [46016 2017-02-23] (NVIDIA Corporation)
R3 nvvhci; C:\Windows\System32\drivers\nvvhci.sys [59448 2017-02-23] (NVIDIA Corporation)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [418784 2017-03-02] (Realsil Semiconductor Corporation)
S3 semav6msr64; C:\Windows\system32\drivers\semav6msr64.sys [21984 2016-10-18] ()
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
R1 veracrypt; C:\Windows\System32\drivers\veracrypt.sys [467368 2017-03-03] (IDRIX)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [34760 2013-08-22] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [265056 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 xb1usb; C:\Windows\System32\drivers\xb1usb.sys [42760 2016-02-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 10:29 - 2017-03-13 10:30 - 00000000 ____D C:\FRST
2017-03-13 10:26 - 2017-03-13 10:28 - 00266218 _____ C:\TDSSKiller.3.1.0.12_13.03.2017_10.26.08_log.txt
2017-03-13 10:19 - 2017-03-13 10:19 - 00001082 _____ C:\Users\Michał\Desktop\JRT.txt
2017-03-13 10:16 - 2017-03-13 10:11 - 00004210 _____ C:\Users\Michał\Desktop\AdwCleaner[S4].txt
2017-03-11 22:56 - 2017-03-11 23:01 - 00264294 _____ C:\Windows\ntbtlog.txt
2017-03-11 22:43 - 2017-03-13 10:17 - 00000000 ____D C:\Program Files (x86)\Wise
2017-03-11 22:43 - 2017-03-11 22:43 - 00001243 _____ C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
2017-03-11 22:43 - 2017-03-11 22:43 - 00000000 ____D C:\Windows\System32\Tasks\WiseCleaner
2017-03-11 22:43 - 2017-03-11 22:43 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Wise Euask
2017-03-11 22:29 - 2017-03-13 10:11 - 00000000 ____D C:\AdwCleaner
2017-03-11 22:15 - 2017-03-11 22:15 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Steam
2017-03-11 22:15 - 2017-03-11 22:15 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Arrowhead
2017-03-11 21:20 - 2017-03-11 21:20 - 00000000 ____D C:\Program Files (x86)\Microsoft XNA
2017-03-11 17:18 - 2017-03-11 17:18 - 00000221 _____ C:\Users\Michał\Desktop\Magicka.url
2017-03-11 16:50 - 2017-03-11 16:50 - 00000640 _____ C:\Users\Michał\Desktop\asd.reg
2017-03-11 16:40 - 2017-03-11 16:42 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2017-03-11 16:40 - 2017-03-11 16:40 - 00001403 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2017-03-11 16:40 - 2017-03-11 16:40 - 00001391 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2017-03-11 16:40 - 2017-03-11 16:40 - 00000000 ____D C:\Windows\System32\Tasks\Safer-Networking
2017-03-11 16:40 - 2017-03-11 16:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2017-03-11 16:40 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2017-03-11 16:39 - 2017-03-11 16:41 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2017-03-11 16:37 - 2017-03-11 16:37 - 00000000 ____D C:\Users\Michał\AppData\Local\AdAwareDesktop
2017-03-11 16:34 - 2017-03-11 16:34 - 00000000 ____D C:\Users\Michał\AppData\Local\AdAwareUpdater
2017-03-11 16:33 - 2017-03-11 16:33 - 00000000 ____D C:\Program Files\Common Files\adaware
2017-03-11 16:32 - 2017-03-11 16:32 - 00000000 ____D C:\ProgramData\Lavasoft
2017-03-09 21:50 - 2017-03-09 21:50 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-03-09 21:50 - 2017-02-23 09:28 - 06401984 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 02479160 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 01764408 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 00548288 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 00392128 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 00083512 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2017-03-09 21:50 - 2017-02-23 09:28 - 00069568 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-03-09 21:50 - 2017-02-23 07:38 - 07807027 _____ C:\Windows\system32\nvcoproc.bin
2017-03-09 21:50 - 2017-01-26 01:13 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-03-09 21:50 - 2017-01-26 01:12 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-03-09 21:50 - 2017-01-26 01:09 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-03-09 21:50 - 2017-01-26 01:09 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-03-09 21:49 - 2017-02-23 09:43 - 00001951 _____ C:\Windows\NvContainerRecovery.bat
2017-03-07 02:16 - 2017-03-07 02:16 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Runscanner.net
2017-03-03 17:59 - 2017-03-03 17:59 - 00003480 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-03-03 17:59 - 2017-03-03 17:59 - 00003352 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-03-03 17:59 - 2017-03-03 17:59 - 00002293 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-03-03 17:59 - 2017-03-03 17:59 - 00002281 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-03-03 17:59 - 2017-03-03 17:59 - 00000000 ____D C:\Program Files (x86)\Google
2017-03-03 17:58 - 2017-03-05 05:22 - 00000000 ____D C:\Users\Michał\AppData\Local\Google
2017-03-03 16:08 - 2017-03-03 16:08 - 00000000 ____D C:\Polish
2017-03-03 15:51 - 2017-03-03 15:52 - 01350664 _____ C:\Windows\Minidump\030317-40031-01.dmp
2017-03-03 15:51 - 2017-03-03 15:51 - 796417212 _____ C:\Windows\MEMORY.DMP
2017-03-03 14:56 - 2017-03-03 14:56 - 00000000 ____D C:\Users\Michał\AppData\LocalLow\InXile Entertainment
2017-03-03 13:26 - 2017-03-03 15:43 - 00000000 ____D C:\Users\Michał\AppData\Roaming\VeraCrypt
2017-03-03 13:23 - 2017-03-03 13:23 - 00467368 _____ (IDRIX) C:\Windows\system32\Drivers\veracrypt.sys
2017-03-03 13:23 - 2017-03-03 13:23 - 00000859 _____ C:\Users\Public\Desktop\VeraCrypt.lnk
2017-03-03 13:23 - 2017-03-03 13:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VeraCrypt
2017-03-03 13:23 - 2017-03-03 13:23 - 00000000 ____D C:\Program Files\VeraCrypt
2017-03-03 13:00 - 2017-03-03 13:00 - 00000028 _____ C:\Windows\OutLog.txt
2017-03-03 12:55 - 2017-03-03 12:55 - 00231376 _____ (TrueCrypt Foundation) C:\Windows\system32\Drivers\truecrypt.sys
2017-03-03 10:50 - 2017-03-13 09:34 - 00000440 __RSH C:\ProgramData\ntuser.pol
2017-03-03 10:50 - 2017-03-03 10:50 - 00949880 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Michał\Downloads\rufus-2.12p.exe
2017-03-03 10:34 - 2017-03-13 10:31 - 00000000 ____D C:\Users\Michał\Outlook Files
2017-03-03 10:20 - 2017-03-03 13:20 - 00000000 ____D C:\Program Files (x86)\SlimCleaner
2017-03-02 23:37 - 2017-03-03 12:49 - 00000000 ____D C:\Users\Michał\AppData\Roaming\WhatsApp
2017-03-02 23:37 - 2017-03-03 12:49 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp
2017-03-02 23:37 - 2017-03-03 12:49 - 00000000 ____D C:\Users\Michał\AppData\Local\WhatsApp
2017-03-02 23:36 - 2017-03-02 23:36 - 09891328 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2017-03-02 23:36 - 2017-03-02 23:36 - 04332032 _____ (Realtek Semiconductor Corp.) C:\Windows\RtCRU64.exe
2017-03-02 23:36 - 2017-03-02 23:36 - 00954368 _____ (Realtek ) C:\Windows\system32\Drivers\Rt630x64.sys
2017-03-02 23:36 - 2017-03-02 23:36 - 00418784 _____ (Realsil Semiconductor Corporation) C:\Windows\system32\Drivers\RtsUer.sys
2017-03-02 23:36 - 2017-03-02 23:36 - 00084480 _____ (Realtek Semiconductor.) C:\Windows\system32\RtCRX64.dll
2017-03-02 23:36 - 2017-03-02 23:36 - 00082536 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-03-02 23:35 - 2017-03-02 23:35 - 00052200 _____ (Intel Corporation) C:\Windows\system32\Drivers\dptf_cpu.sys
2017-03-02 23:24 - 2017-03-09 21:15 - 00000000 ____D C:\Windows\LastGood
2017-03-02 23:24 - 2017-03-02 23:24 - 00494808 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfManager.sys
2017-03-02 23:24 - 2017-03-02 23:24 - 00481768 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2017-03-02 23:24 - 2017-03-02 23:24 - 00290256 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevProc.sys
2017-03-02 23:24 - 2017-03-02 23:24 - 00234384 _____ (Intel Corporation) C:\Windows\SysWOW64\DptfInvalidPolicyRemover.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00148160 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyCriticalService.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00145640 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevDram.sys
2017-03-02 23:24 - 2017-03-02 23:24 - 00124904 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmService.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00118728 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyConfigTDPService.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00116752 _____ (Intel Corporation) C:\Windows\system32\Drivers\DptfDevPch.sys
2017-03-02 23:24 - 2017-03-02 23:24 - 00115656 _____ (Intel Corporation) C:\Windows\system32\DptfParticipantProcessorService.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00112984 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmDll.dll
2017-03-02 23:24 - 2017-03-02 23:24 - 00111488 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyLpmServiceHelper.exe
2017-03-02 23:24 - 2017-03-02 23:24 - 00110936 _____ (Intel Corporation) C:\Windows\system32\DptfPolicyConfigTDPDll.dll
2017-03-02 23:24 - 2017-03-02 23:24 - 00102712 _____ (Intel Corporation) C:\Windows\system32\DptfCoInstaller.dll
2017-03-02 23:24 - 2017-03-02 23:24 - 00012232 _____ (Intel Corporation) C:\Windows\system32\DptfEventLogMessage.dll
2017-03-02 23:22 - 2017-03-02 23:22 - 00000000 ____D C:\Windows\IObit
2017-03-02 23:21 - 2017-03-02 23:22 - 00000000 ____D C:\Users\Michał\AppData\LocalLow\IObit
2017-03-02 23:21 - 2017-03-02 23:21 - 00027552 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2017-03-02 23:21 - 2017-03-02 23:21 - 00000000 ____D C:\Users\Michał\AppData\Roaming\IObit
2017-03-02 23:21 - 2017-03-02 23:21 - 00000000 ____D C:\ProgramData\IObit
2017-03-02 23:03 - 2013-08-14 15:35 - 00663296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-03-02 22:47 - 2017-03-02 22:47 - 00000118 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-03-02 22:28 - 2017-03-12 12:15 - 00000000 __SHD C:\Users\Michał\IntelGraphicsProfiles
2017-03-02 22:28 - 2016-09-22 14:55 - 02839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-03-02 22:27 - 2017-03-02 22:27 - 00000401 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-03-02 22:22 - 2017-03-02 22:22 - 00000000 ____D C:\Windows\LastGood.Tmp
2017-03-02 22:18 - 2016-10-18 17:14 - 00021984 _____ C:\Windows\system32\Drivers\semav6msr64.sys
2017-03-02 22:10 - 2017-03-02 22:10 - 00001840 _____ C:\Users\Public\Desktop\Torment - Tides of Numenera.lnk
2017-03-02 22:10 - 2017-03-02 22:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torment - Tides of Numenera [GOG.com]
2017-03-02 22:10 - 2017-03-02 22:10 - 00000000 ____D C:\ProgramData\GOG.com
2017-03-01 13:22 - 2017-03-03 10:24 - 00000000 ____D C:\NST
2017-03-01 13:21 - 2017-03-13 09:11 - 00003972 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{C89201C9-106A-42D5-A655-47A56DA43A0C}
2017-03-01 13:21 - 2017-03-03 13:04 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2017-03-01 13:21 - 2017-03-01 13:21 - 00000000 ____D C:\Users\Michał\AppData\Local\NeoSmart_Technologies
2017-02-27 21:34 - 2017-02-27 21:34 - 00002130 _____ C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-02-27 21:34 - 2017-02-27 21:34 - 00000000 ____D C:\Users\Michał\AppData\Local\FluxSoftware
2017-02-27 20:02 - 2017-02-27 20:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-02-27 19:59 - 2017-03-13 09:37 - 00000000 ____D C:\Users\Michał\AppData\Roaming\qBittorrent
2017-02-27 19:59 - 2017-02-27 19:59 - 00000000 ____D C:\Users\Michał\AppData\Local\qBittorrent
2017-02-27 19:59 - 2017-02-27 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\qBittorrent
2017-02-27 19:59 - 2017-02-27 19:59 - 00000000 ____D C:\Program Files (x86)\qBittorrent
2017-02-27 14:23 - 2017-02-27 14:23 - 00000000 ____D C:\Windows\system32\appraiser
2017-02-27 12:40 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2017-02-27 12:40 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2017-02-27 12:40 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2017-02-27 12:40 - 2015-10-22 18:43 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2017-02-27 12:40 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2017-02-27 12:40 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2017-02-27 12:40 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2017-02-27 12:40 - 2015-10-22 17:59 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2017-02-27 12:40 - 2014-11-15 20:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2017-02-27 12:40 - 2014-11-15 07:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2017-02-27 12:40 - 2014-11-14 07:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2017-02-27 12:40 - 2014-11-14 06:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2017-02-27 12:40 - 2014-11-08 05:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2017-02-27 12:40 - 2014-11-08 05:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2017-02-27 12:40 - 2014-11-08 04:58 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2017-02-27 12:40 - 2014-11-08 04:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2017-02-27 12:40 - 2014-11-08 04:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2017-02-27 12:40 - 2014-11-08 04:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2017-02-27 12:40 - 2014-11-08 04:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2017-02-27 12:40 - 2014-11-08 04:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2017-02-27 12:40 - 2014-11-08 04:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2017-02-27 12:40 - 2014-11-08 04:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2017-02-27 12:40 - 2014-11-08 03:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2017-02-27 12:40 - 2014-11-08 03:09 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2017-02-27 12:40 - 2014-11-08 03:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2017-02-27 12:40 - 2014-11-08 02:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2017-02-27 12:40 - 2014-11-08 02:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2017-02-27 12:40 - 2014-11-08 02:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2017-02-27 12:40 - 2014-11-05 03:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2017-02-27 12:40 - 2014-11-05 03:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2017-02-27 12:40 - 2014-11-05 03:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2017-02-27 12:40 - 2014-11-05 02:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2017-02-27 12:40 - 2014-11-05 02:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2017-02-27 12:40 - 2014-11-05 02:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2017-02-27 12:40 - 2014-11-05 02:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2017-02-27 12:40 - 2014-11-05 02:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2017-02-27 12:40 - 2014-11-05 02:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2017-02-27 12:40 - 2014-11-04 20:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2017-02-27 12:40 - 2014-11-04 07:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2017-02-27 12:40 - 2014-11-04 06:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2017-02-27 12:40 - 2014-10-29 02:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2017-02-27 12:40 - 2014-10-29 02:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2017-02-27 12:40 - 2014-10-21 02:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2017-02-27 12:40 - 2014-10-21 02:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2017-02-27 12:40 - 2014-10-21 01:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2017-02-27 12:40 - 2014-10-21 01:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2017-02-27 12:40 - 2014-10-21 01:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2017-02-27 12:40 - 2014-10-21 01:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2017-02-27 12:40 - 2014-10-17 05:56 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2017-02-27 12:40 - 2014-10-17 04:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2017-02-27 12:39 - 2017-02-03 18:37 - 00093360 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2017-02-27 12:39 - 2017-02-02 15:37 - 00650752 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 01609216 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 01286144 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 00556544 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\centel.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2017-02-27 12:39 - 2017-01-18 15:35 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2017-02-27 12:39 - 2016-06-03 18:11 - 00472576 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2017-02-27 12:39 - 2015-06-09 23:39 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2017-02-27 12:39 - 2015-06-09 23:39 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys
2017-02-27 12:39 - 2015-06-09 23:38 - 01201664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2017-02-27 12:39 - 2014-11-17 21:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2017-02-27 12:39 - 2014-11-14 07:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2017-02-27 12:24 - 2017-02-06 20:41 - 00835576 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2017-02-27 12:24 - 2017-02-06 20:41 - 00177656 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2017-02-27 12:07 - 2017-02-27 14:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2017-02-27 11:02 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2017-02-27 11:02 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-02-26 23:20 - 2014-03-18 09:18 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xusb22.sys
2017-02-26 23:00 - 2015-03-13 03:02 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\udfs.sys
2017-02-26 22:58 - 2016-08-21 00:22 - 00435200 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2017-02-26 22:58 - 2016-08-20 23:50 - 00360448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2017-02-26 22:58 - 2016-03-10 18:43 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2017-02-26 22:58 - 2016-03-10 17:55 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2017-02-26 22:58 - 2016-03-10 17:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2017-02-26 22:58 - 2016-01-07 00:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2017-02-26 22:58 - 2016-01-07 00:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2017-02-26 22:58 - 2016-01-06 17:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2017-02-26 22:58 - 2014-10-29 03:40 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2017-02-26 22:58 - 2014-10-29 03:35 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll
2017-02-26 22:58 - 2014-10-29 02:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2017-02-26 22:58 - 2014-10-29 02:52 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscisvif.dll
2017-02-26 22:57 - 2016-08-09 23:47 - 00803176 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2017-02-26 22:57 - 2016-08-09 23:47 - 00611576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2017-02-26 22:57 - 2016-01-20 23:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2017-02-26 22:56 - 2016-11-19 22:24 - 00567152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2017-02-26 22:56 - 2016-11-19 22:24 - 00152856 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2017-02-26 22:56 - 2016-11-19 20:29 - 00401408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2017-02-26 22:56 - 2016-11-19 19:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2017-02-26 22:56 - 2016-11-19 18:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2017-02-26 22:56 - 2016-11-19 18:22 - 00111104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2017-02-26 22:56 - 2016-11-16 22:49 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2017-02-26 22:56 - 2016-11-12 22:06 - 00738104 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-02-26 22:56 - 2016-11-12 20:38 - 00613632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-02-26 22:56 - 2016-11-12 20:25 - 00576000 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-02-26 22:56 - 2016-11-12 20:08 - 25759744 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-02-26 22:56 - 2016-11-12 20:07 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-02-26 22:56 - 2016-11-12 19:53 - 06049280 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-02-26 22:56 - 2016-11-12 19:29 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-02-26 22:56 - 2016-11-12 19:23 - 01033216 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2017-02-26 22:56 - 2016-11-12 19:17 - 20302848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-02-26 22:56 - 2016-11-12 19:14 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-02-26 22:56 - 2016-11-12 19:10 - 00806912 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-02-26 22:56 - 2016-11-12 18:45 - 00880640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2017-02-26 22:56 - 2016-11-12 18:41 - 15257088 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-02-26 22:56 - 2016-11-12 18:38 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-02-26 22:56 - 2016-11-12 18:37 - 04608000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-02-26 22:56 - 2016-11-12 18:35 - 02920960 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-02-26 22:56 - 2016-11-12 18:21 - 13653504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-02-26 22:56 - 2016-11-12 18:20 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-02-26 22:56 - 2016-11-12 18:11 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-02-26 22:56 - 2016-11-12 18:05 - 02444800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-02-26 22:56 - 2016-11-12 18:02 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-02-26 22:56 - 2016-11-12 18:02 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-02-26 22:56 - 2016-11-11 03:33 - 01541240 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2017-02-26 22:56 - 2016-11-09 18:25 - 01376768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2017-02-26 22:56 - 2016-11-05 21:46 - 00422744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2017-02-26 22:56 - 2016-11-05 19:35 - 04169216 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2017-02-26 22:56 - 2016-11-05 18:57 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2017-02-26 22:56 - 2016-11-05 18:11 - 03606528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2017-02-26 22:56 - 2016-11-05 16:56 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2017-02-26 22:56 - 2016-11-05 16:46 - 02463744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2017-02-26 22:56 - 2016-11-02 21:48 - 00372568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2017-02-26 22:56 - 2016-11-02 21:48 - 00315224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2017-02-26 22:56 - 2016-11-02 15:03 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2017-02-26 22:56 - 2016-11-02 15:00 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2017-02-26 22:56 - 2016-10-28 03:56 - 01380048 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2017-02-26 22:56 - 2016-10-27 19:51 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-02-26 22:56 - 2016-10-27 19:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-02-26 22:56 - 2016-10-27 19:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-02-26 22:56 - 2016-10-27 19:05 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-02-26 22:56 - 2016-10-27 18:49 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-02-26 22:56 - 2016-10-27 18:47 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-02-26 22:56 - 2016-10-27 18:46 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-02-26 22:56 - 2016-10-27 18:44 - 02131456 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-02-26 22:56 - 2016-10-27 15:28 - 01097728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2017-02-26 22:56 - 2016-10-22 18:34 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-02-26 22:56 - 2016-10-22 18:27 - 02287616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-02-26 22:56 - 2016-10-22 17:58 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-02-26 22:56 - 2016-10-22 17:57 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-02-26 22:56 - 2016-10-22 17:56 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-02-26 22:56 - 2016-10-22 17:46 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-02-26 22:56 - 2016-10-22 17:45 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-02-26 22:56 - 2016-10-22 17:43 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-02-26 22:56 - 2016-10-13 20:06 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2017-02-26 22:56 - 2016-10-13 20:06 - 01124376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2017-02-26 22:56 - 2016-10-12 22:49 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2017-02-26 22:56 - 2016-10-12 22:11 - 00922968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2017-02-26 22:56 - 2016-10-11 21:21 - 00497448 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2017-02-26 22:56 - 2016-10-11 21:21 - 00399776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2017-02-26 22:56 - 2016-10-11 19:34 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2017-02-26 22:56 - 2016-10-11 18:47 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\input.dll
2017-02-26 22:56 - 2016-10-11 17:55 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\input.dll
2017-02-26 22:56 - 2016-10-11 17:45 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\TpmTasks.dll
2017-02-26 22:56 - 2016-10-11 00:31 - 00990040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2017-02-26 22:56 - 2016-10-10 22:17 - 00444248 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2017-02-26 22:56 - 2016-10-10 22:17 - 00333656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2017-02-26 22:56 - 2016-10-10 19:18 - 00069976 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2017-02-26 22:56 - 2016-10-10 19:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cmimcext.sys
2017-02-26 22:56 - 2016-10-09 23:59 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2017-02-26 22:56 - 2016-10-09 15:17 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2017-02-26 22:56 - 2016-10-09 15:08 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2017-02-26 22:56 - 2016-10-09 15:08 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2017-02-26 22:56 - 2016-10-08 23:53 - 03754496 _____ (Microsoft Corporation) C:\Windows\system32\MSVidCtl.dll
2017-02-26 22:56 - 2016-10-08 23:24 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2017-02-26 22:56 - 2016-10-08 23:21 - 01445376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2017-02-26 22:56 - 2016-10-08 23:18 - 00840704 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2017-02-26 22:56 - 2016-10-08 23:07 - 00332288 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-02-26 22:56 - 2016-10-08 22:49 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVidCtl.dll
2017-02-26 22:56 - 2016-10-08 22:31 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2017-02-26 22:56 - 2016-10-08 22:21 - 00254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-02-26 22:56 - 2016-10-08 22:10 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2017-02-26 22:56 - 2016-10-08 02:34 - 01660040 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2017-02-26 22:56 - 2016-10-08 02:34 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2017-02-26 22:56 - 2016-10-05 15:01 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2017-02-26 22:56 - 2016-10-05 15:00 - 00868864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2017-02-26 22:56 - 2016-10-05 15:00 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2017-02-26 22:56 - 2016-10-05 14:52 - 00513456 _____ C:\Windows\SysWOW64\locale.nls
2017-02-26 22:56 - 2016-10-05 14:52 - 00513456 _____ C:\Windows\system32\locale.nls
2017-02-26 22:56 - 2016-10-05 05:15 - 01969944 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2017-02-26 22:56 - 2016-10-05 05:15 - 01613528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2017-02-26 22:56 - 2016-10-05 05:15 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2017-02-26 22:56 - 2016-10-05 05:15 - 00245320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2017-02-26 22:56 - 2016-10-04 21:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2017-02-26 22:56 - 2016-10-04 21:23 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\asycfilt.dll
2017-02-26 22:56 - 2016-10-04 21:08 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\olepro32.dll
2017-02-26 22:56 - 2016-10-04 21:08 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\asycfilt.dll
2017-02-26 22:56 - 2016-10-01 01:22 - 07444312 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-02-26 22:56 - 2016-09-27 21:16 - 00445873 _____ C:\Windows\system32\ApnDatabase.xml
2017-02-26 22:56 - 2016-09-20 23:30 - 02462040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-02-26 22:56 - 2016-09-17 19:16 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\adsmsext.dll
2017-02-26 22:56 - 2016-09-17 18:21 - 00089600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adsmsext.dll
2017-02-26 22:56 - 2016-09-14 02:53 - 01663184 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2017-02-26 22:56 - 2016-09-14 02:53 - 01523208 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2017-02-26 22:56 - 2016-09-14 02:53 - 01490112 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2017-02-26 22:56 - 2016-09-14 02:53 - 01358952 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2017-02-26 22:56 - 2016-09-12 23:03 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2017-02-26 22:56 - 2016-09-12 22:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2017-02-26 22:56 - 2016-09-09 23:14 - 00275800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2017-02-26 22:56 - 2016-09-09 15:15 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2017-02-26 22:56 - 2016-09-09 15:09 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2017-02-26 22:56 - 2016-09-09 15:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2017-02-26 22:56 - 2016-09-09 15:03 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmi.dll
2017-02-26 22:56 - 2016-09-09 15:02 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmi.dll
2017-02-26 22:56 - 2016-09-08 21:41 - 00121176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tm.sys
2017-02-26 22:56 - 2016-09-08 15:00 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2017-02-26 22:56 - 2016-09-08 15:00 - 00138240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2017-02-26 22:56 - 2016-09-07 23:07 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-02-26 22:56 - 2016-09-07 22:59 - 01754112 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2017-02-26 22:56 - 2016-09-07 22:59 - 01377792 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-02-26 22:56 - 2016-09-07 22:57 - 01560064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-02-26 22:56 - 2016-09-07 22:56 - 01491456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2017-02-26 22:56 - 2016-09-03 19:20 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\iscsidsc.dll
2017-02-26 22:56 - 2016-09-03 19:06 - 00151040 _____ (Microsoft Corporation) C:\Windows\system32\iscsiexe.dll
2017-02-26 22:56 - 2016-09-03 18:21 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsidsc.dll
2017-02-26 22:56 - 2016-09-03 18:18 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll
2017-02-26 22:56 - 2016-09-03 17:12 - 00512512 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2017-02-26 22:56 - 2016-09-03 17:05 - 01094656 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2017-02-26 22:56 - 2016-09-03 16:58 - 00397824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2017-02-26 22:56 - 2016-09-02 15:05 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2017-02-26 22:56 - 2016-09-02 15:05 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2017-02-26 22:56 - 2016-09-01 15:33 - 00377856 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2017-02-26 22:56 - 2016-09-01 15:33 - 00342528 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2017-02-26 22:56 - 2016-09-01 15:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2017-02-26 22:56 - 2016-08-30 15:11 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2017-02-26 22:56 - 2016-08-30 03:45 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\xolehlp.dll
2017-02-26 22:56 - 2016-08-30 03:18 - 00871936 _____ (Microsoft Corporation) C:\Windows\system32\msdtcprx.dll
2017-02-26 22:56 - 2016-08-30 03:18 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xolehlp.dll
2017-02-26 22:56 - 2016-08-30 03:03 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdtcprx.dll
2017-02-26 22:56 - 2016-08-25 21:50 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2017-02-26 22:56 - 2016-08-25 20:40 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2017-02-26 22:56 - 2016-08-22 14:34 - 01628672 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2017-02-26 22:56 - 2016-08-13 01:05 - 09323008 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2017-02-26 22:56 - 2016-08-13 01:03 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifibus.sys
2017-02-26 22:56 - 2016-08-13 01:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwififlt.sys
2017-02-26 22:56 - 2016-08-13 01:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vwifimp.sys
2017-02-26 22:56 - 2016-08-12 23:35 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2017-02-26 22:56 - 2016-08-12 23:19 - 09323008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2017-02-26 22:56 - 2016-08-12 22:47 - 15431168 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2017-02-26 22:56 - 2016-08-12 22:17 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2017-02-26 22:56 - 2016-08-12 21:52 - 13317120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2017-02-26 22:56 - 2016-08-12 02:58 - 02315496 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-02-26 22:56 - 2016-08-12 02:58 - 01946176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-02-26 22:56 - 2016-08-11 19:33 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\parport.sys
2017-02-26 22:56 - 2016-08-11 19:33 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serial.sys
2017-02-26 22:56 - 2016-08-11 19:33 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\serenum.sys
2017-02-26 22:56 - 2016-08-11 18:17 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2017-02-26 22:56 - 2016-08-03 16:42 - 01317888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2017-02-26 22:56 - 2016-08-03 16:36 - 01102848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2017-02-26 22:56 - 2016-08-03 16:36 - 00289792 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2017-02-26 22:56 - 2016-08-03 16:33 - 00215552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2017-02-26 22:56 - 2016-08-02 07:20 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-02-26 22:56 - 2016-07-30 18:12 - 02896384 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2017-02-26 22:56 - 2016-07-30 17:36 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2017-02-26 22:56 - 2016-07-26 14:40 - 00162850 _____ C:\Windows\SysWOW64\C_932.NLS
2017-02-26 22:56 - 2016-07-26 14:40 - 00162850 _____ C:\Windows\system32\C_932.NLS
2017-02-26 22:56 - 2016-07-23 19:18 - 01220096 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2017-02-26 22:56 - 2016-07-23 19:12 - 00954880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2017-02-26 22:56 - 2016-07-08 15:17 - 00696832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2017-02-26 22:56 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2017-02-26 22:56 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2017-02-26 22:56 - 2016-01-30 20:50 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2017-02-26 22:56 - 2016-01-30 20:00 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2017-02-26 22:56 - 2016-01-30 19:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2017-02-26 22:56 - 2016-01-30 18:48 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2017-02-26 22:56 - 2016-01-24 12:57 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2017-02-26 22:56 - 2016-01-24 12:45 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2017-02-26 22:56 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-02-26 22:56 - 2015-10-22 16:58 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2017-02-26 22:56 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-02-26 22:56 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-02-26 22:56 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-02-26 22:56 - 2015-09-07 17:17 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll
2017-02-26 22:56 - 2015-07-22 15:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2017-02-26 22:56 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-02-26 22:56 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-02-26 22:56 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-02-26 22:56 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-02-26 22:56 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-02-26 22:56 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-02-26 22:56 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-02-26 22:56 - 2015-05-22 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-02-26 22:56 - 2015-04-21 17:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-02-26 22:56 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2017-02-26 22:56 - 2014-12-08 20:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2017-02-26 22:56 - 2014-10-31 06:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-02-26 22:56 - 2014-10-31 06:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-02-26 22:56 - 2014-10-31 06:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-02-26 22:56 - 2014-10-31 06:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-02-26 22:56 - 2014-10-31 06:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-02-26 22:56 - 2014-10-31 06:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-02-26 22:56 - 2014-10-31 06:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-02-26 22:56 - 2014-10-31 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-02-26 22:56 - 2014-10-31 05:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-02-26 22:56 - 2014-10-31 05:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-02-26 22:56 - 2014-10-31 05:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-02-26 22:56 - 2014-10-31 05:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-02-26 22:56 - 2014-10-31 05:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-02-26 22:56 - 2014-10-31 05:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-02-26 22:56 - 2014-10-31 05:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-02-26 22:56 - 2014-10-31 05:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-02-26 22:56 - 2014-10-31 05:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-02-26 22:56 - 2014-10-31 05:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-02-26 22:56 - 2014-10-31 04:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-02-26 22:56 - 2014-10-31 04:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-02-26 22:56 - 2014-10-31 04:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-02-26 22:56 - 2014-10-31 04:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-02-26 22:56 - 2014-10-31 04:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-02-26 22:56 - 2014-10-31 04:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-02-26 22:56 - 2014-10-31 04:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-02-26 22:56 - 2014-10-31 04:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-02-26 22:56 - 2014-10-31 04:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-02-26 22:56 - 2014-10-31 04:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-02-26 22:56 - 2014-10-31 04:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-02-26 22:56 - 2014-10-31 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-02-26 22:56 - 2014-10-31 04:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-02-26 22:56 - 2014-10-31 04:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-02-26 22:56 - 2014-10-31 03:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-02-26 22:56 - 2014-10-31 03:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-02-26 22:56 - 2014-10-31 03:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-02-26 22:56 - 2014-10-31 03:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-02-26 22:56 - 2014-10-31 03:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-02-26 22:56 - 2014-10-31 03:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-02-26 22:56 - 2014-10-29 03:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2017-02-26 22:56 - 2014-10-29 03:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2017-02-26 22:56 - 2014-10-29 03:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2017-02-26 22:56 - 2014-10-29 03:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe
2017-02-26 22:56 - 2014-10-29 03:43 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iscsied.dll
2017-02-26 22:56 - 2014-10-29 03:42 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\iscsiwmiv2.dll
2017-02-26 22:56 - 2014-10-29 03:36 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iscsium.dll
2017-02-26 22:56 - 2014-10-29 03:29 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iscsicli.exe
2017-02-26 22:56 - 2014-10-29 03:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll
2017-02-26 22:56 - 2014-10-29 03:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2017-02-26 22:56 - 2014-10-29 03:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2017-02-26 22:56 - 2014-10-29 03:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2017-02-26 22:56 - 2014-10-29 02:58 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsiwmiv2.dll
2017-02-26 22:56 - 2014-10-29 02:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe
2017-02-26 22:56 - 2014-10-29 02:58 - 00009728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsied.dll
2017-02-26 22:56 - 2014-10-29 02:53 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsium.dll
2017-02-26 22:56 - 2014-10-29 02:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll
2017-02-26 22:56 - 2014-10-29 02:52 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\rdvvmtransport.dll
2017-02-26 22:56 - 2014-10-29 02:48 - 00147456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iscsicli.exe
2017-02-26 22:56 - 2014-10-29 02:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2017-02-26 22:56 - 2014-10-29 02:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll
2017-02-26 22:56 - 2014-10-29 02:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\smphost.dll
2017-02-26 22:56 - 2014-10-29 02:20 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvvmtransport.dll
2017-02-26 22:56 - 2014-10-29 02:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2017-02-26 22:56 - 2014-10-29 02:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smphost.dll
2017-02-26 22:56 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-02-26 22:56 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-02-26 22:56 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-02-26 22:55 - 2016-08-21 00:45 - 07076864 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2017-02-26 22:55 - 2016-08-21 00:05 - 05273600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2017-02-26 22:55 - 2016-08-20 23:42 - 07795712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2017-02-26 22:55 - 2016-08-20 23:27 - 05268480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2017-02-26 22:55 - 2016-01-26 20:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2017-02-26 22:55 - 2016-01-26 15:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpcivsp.sys
2017-02-26 22:55 - 2016-01-22 06:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2017-02-26 22:55 - 2016-01-22 06:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2017-02-26 22:55 - 2015-03-23 22:59 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2017-02-26 22:55 - 2015-03-23 22:45 - 00257216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2017-02-26 22:55 - 2015-03-20 04:17 - 00411648 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2017-02-26 22:55 - 2015-03-20 03:41 - 00369152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2017-02-26 22:55 - 2014-10-29 03:43 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2017-02-26 22:55 - 2014-10-29 03:17 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2017-02-26 22:55 - 2014-10-29 02:58 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2017-02-26 22:55 - 2014-10-29 02:38 - 00087552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2017-02-26 22:55 - 2014-10-29 02:26 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2017-02-26 22:55 - 2014-10-29 02:26 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2017-02-26 22:55 - 2014-10-29 02:21 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\delegatorprovider.dll
2017-02-26 22:55 - 2014-10-29 02:21 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi_passthru.dll
2017-02-26 22:55 - 2014-10-29 02:04 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2017-02-26 22:55 - 2014-10-29 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2017-02-26 22:55 - 2014-10-29 02:00 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\delegatorprovider.dll
2017-02-26 22:55 - 2014-10-29 02:00 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi_passthru.dll
2017-02-26 22:54 - 2016-03-10 18:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dsparse.dll
2017-02-26 22:54 - 2016-03-10 17:48 - 00024064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dsparse.dll
2017-02-26 22:54 - 2015-08-06 18:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx
2017-02-26 22:54 - 2015-08-06 17:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx
2017-02-26 22:54 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2017-02-26 22:54 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2017-02-26 22:54 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2017-02-26 22:54 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2017-02-26 22:54 - 2015-04-25 03:25 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2017-02-26 22:54 - 2015-04-08 23:55 - 00410128 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2017-02-26 22:54 - 2015-03-13 03:58 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2017-02-26 22:54 - 2015-03-13 03:37 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2017-02-26 22:54 - 2015-02-21 00:49 - 00780800 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2017-02-26 22:54 - 2015-02-03 01:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-02-26 22:54 - 2015-02-03 01:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-02-26 22:54 - 2015-01-30 03:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2017-02-26 22:54 - 2015-01-30 03:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2017-02-26 22:54 - 2015-01-30 02:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2017-02-26 22:54 - 2015-01-30 02:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2017-02-26 22:54 - 2015-01-30 02:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2017-02-26 22:54 - 2014-10-29 03:48 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\workerdd.dll
2017-02-26 22:54 - 2014-10-29 03:43 - 00017408 _____ (Microsoft Corporation) C:\Windows\hh.exe
2017-02-26 22:54 - 2014-10-29 03:19 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\hhsetup.dll
2017-02-26 22:54 - 2014-10-29 02:58 - 00015872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hh.exe
2017-02-26 22:54 - 2014-10-29 02:40 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhsetup.dll
2017-02-26 22:54 - 2014-10-29 02:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll
2017-02-26 22:54 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-02-26 22:54 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-02-26 22:53 - 2016-02-04 19:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2017-02-26 22:53 - 2016-02-04 18:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2017-02-26 22:28 - 2017-02-26 22:28 - 00000000 ____D C:\Users\Michał\AppData\Local\ElevatedDiagnostics
2017-02-24 20:47 - 2017-03-03 10:21 - 00000000 ____D C:\Users\Michał\AppData\Roaming\dvdcss
2017-02-23 22:24 - 2017-02-23 22:24 - 00002799 ____T C:\Windows\system32\lic2tmp.xml253
2017-02-19 03:01 - 2017-02-19 03:04 - 00065168 _____ C:\Users\Michał\AppData\Local\2017-02-19.json
2017-02-19 03:01 - 2017-02-19 03:02 - 00072557 _____ C:\Users\Michał\AppData\Local\2017-02-17.json
2017-02-19 03:01 - 2017-02-19 03:01 - 00191845 _____ C:\Users\Michał\AppData\Local\2017-02-16.json
2017-02-18 02:46 - 2017-02-18 02:46 - 00000201 _____ C:\Users\Michał\AppData\Local\changelog.txt
2017-02-17 21:06 - 2017-02-17 21:06 - 00000000 ____D C:\Users\Michał\AppData\Roaming\WTablet
2017-02-17 21:03 - 2017-02-17 21:03 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Wacom
2017-02-17 21:03 - 2017-02-17 21:03 - 00000000 ____D C:\Program Files\TabletPlugins
2017-02-17 21:03 - 2017-02-17 21:03 - 00000000 ____D C:\Program Files\Tablet
2017-02-17 21:03 - 2017-02-17 21:03 - 00000000 ____D C:\Program Files (x86)\TabletPlugins
2017-02-17 21:03 - 2017-02-03 01:01 - 02274256 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Tablet.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 02267600 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wacom_Touch_Tablet.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 02173392 _____ (Wacom Technology, Corp.) C:\Windows\system32\WacomMT.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 02111952 _____ (Wacom Technology, Corp.) C:\Windows\system32\Wintab32.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 01787856 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Tablet.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 01781200 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wacom_Touch_Tablet.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 01673168 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\WacomMT.dll
2017-02-17 21:03 - 2017-02-03 01:01 - 01632720 _____ (Wacom Technology, Corp.) C:\Windows\SysWOW64\Wintab32.dll
2017-02-17 13:48 - 2017-02-17 13:48 - 00000000 ____D C:\Program Files (x86)\NT-ware
2017-02-13 21:06 - 2017-02-13 21:06 - 00000000 ____D C:\Users\Michał\AppData\Local\AGS
2017-02-13 21:05 - 2017-02-13 21:05 - 00001159 _____ C:\Users\Public\Desktop\AGS 3.4.0.lnk
2017-02-13 21:05 - 2017-02-13 21:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adventure Game Studio 3.4.0 P2
2017-02-13 21:05 - 2017-02-13 21:05 - 00000000 ____D C:\Program Files (x86)\Adventure Game Studio 3.4.0
2017-02-13 21:03 - 2017-02-13 21:03 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2017-02-13 21:03 - 2017-02-13 21:03 - 00000000 ____D C:\Program Files\Reference Assemblies
2017-02-13 21:03 - 2017-02-13 21:03 - 00000000 ____D C:\Program Files\MSBuild
2017-02-13 21:03 - 2017-02-13 21:03 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2017-02-13 21:01 - 2013-08-03 05:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2017-02-13 21:01 - 2013-08-03 05:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2017-02-13 20:39 - 2017-03-13 10:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Narzędzia pakietu Microsoft Office 2016
2017-02-13 20:39 - 2017-02-13 20:39 - 00002426 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2017-02-13 20:36 - 2017-02-13 20:36 - 00000000 ____D C:\Program Files\Microsoft Office 15
2017-02-12 22:40 - 2017-02-12 22:40 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Fallout2
2017-02-12 13:29 - 2017-03-02 23:37 - 00000000 ____D C:\Users\Michał\AppData\Local\SquirrelTemp
2017-02-12 13:29 - 2017-02-12 22:01 - 00000000 ____D C:\Users\Michał\AppData\Local\Infinity
2017-02-12 13:29 - 2017-02-12 13:29 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Infinity
2017-02-12 13:29 - 2017-02-12 13:29 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Daring Development

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-03-13 10:28 - 2017-01-17 01:58 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4122494467-2726101799-183990937-1001
2017-03-13 10:23 - 2017-01-17 11:39 - 00000000 ____D C:\Program Files (x86)\Steam
2017-03-13 10:21 - 2017-01-17 10:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-03-13 10:21 - 2013-08-22 16:36 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-03-13 10:16 - 2017-01-17 02:07 - 00000000 ____D C:\ProgramData\NVIDIA
2017-03-13 10:15 - 2017-01-17 10:24 - 00000000 ____D C:\Users\Michał\AppData\Local\ClassicShell
2017-03-13 10:09 - 2017-01-17 11:35 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Skype
2017-03-13 09:38 - 2017-01-17 11:21 - 00809800 _____ C:\Windows\system32\perfh015.dat
2017-03-13 09:38 - 2017-01-17 11:21 - 00164398 _____ C:\Windows\system32\perfc015.dat
2017-03-13 09:38 - 2017-01-17 01:29 - 01827818 _____ C:\Windows\system32\PerfStringBackup.INI
2017-03-13 09:38 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\Inf
2017-03-13 09:09 - 2017-01-17 11:57 - 00000000 ____D C:\Users\Michał\AppData\Local\Spotify
2017-03-13 09:08 - 2017-01-17 11:57 - 00000000 ____D C:\Users\Michał\AppData\Roaming\Spotify
2017-03-12 12:16 - 2017-01-17 01:48 - 00000000 ___DO C:\Users\Michał\SkyDrive
2017-03-12 01:57 - 2017-01-17 13:31 - 00000992 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2017-03-11 23:04 - 2013-08-22 15:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-03-11 22:23 - 2017-01-17 01:31 - 00000000 ____D C:\Users\Michał
2017-03-11 22:08 - 2017-01-17 10:24 - 00000000 ____D C:\Users\Michał\AppData\Roaming\DAEMON Tools Lite
2017-03-11 00:44 - 2013-08-22 15:44 - 00489536 _____ C:\Windows\system32\FNTCACHE.DAT
2017-03-11 00:18 - 2017-01-17 11:33 - 00000000 ____D C:\Users\Michał\AppData\Local\CrashDumps
2017-03-10 23:55 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\NDF
2017-03-10 23:48 - 2017-02-05 18:54 - 00000000 ____D C:\Program Files (x86)\Resident Evil 7 Biohazarda
2017-03-10 01:27 - 2017-01-17 18:22 - 00000000 ____D C:\Users\Michał\AppData\Local\Steam
2017-03-10 01:04 - 2017-01-17 11:43 - 00092403 _____ C:\Users\Michał\AppData\Local\games.txt
2017-03-10 01:04 - 2017-01-17 11:43 - 00000039 _____ C:\Users\Michał\AppData\Local\test.txt
2017-03-10 01:04 - 2017-01-17 11:43 - 00000008 _____ C:\Users\Michał\AppData\Local\version.txt
2017-03-09 21:50 - 2017-01-17 02:00 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2017-03-09 21:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Help
2017-03-09 21:49 - 2017-01-17 02:01 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-03-09 21:49 - 2017-01-17 02:00 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2017-03-09 21:17 - 2017-01-17 02:07 - 00003852 _____ C:\Windows\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-02-02 10:46 - 00004146 _____ C:\Windows\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-01-17 02:07 - 00003738 _____ C:\Windows\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-01-17 02:07 - 00003738 _____ C:\Windows\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-01-17 02:07 - 00003730 _____ C:\Windows\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-01-17 02:07 - 00003554 _____ C:\Windows\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-09 21:16 - 2017-01-17 02:07 - 00003494 _____ C:\Windows\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-03-08 16:05 - 2017-01-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2017-03-08 16:05 - 2017-01-17 10:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2017-03-08 16:05 - 2017-01-17 10:27 - 00000000 ____D C:\Program Files (x86)\MSBuild
2017-03-08 16:05 - 2013-08-22 20:11 - 00000000 ____D C:\Windows\ShellNew
2017-03-08 13:45 - 2013-08-22 14:25 - 00000167 _____ C:\Windows\win.ini
2017-03-07 14:43 - 2017-01-17 11:54 - 00000000 ____D C:\Windows\system32\appmgmt
2017-03-07 03:02 - 2013-08-22 14:25 - 00262144 ___SH C:\Windows\system32\config\BBI
2017-03-03 17:17 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\rescache
2017-03-03 15:51 - 2017-02-06 15:09 - 00000000 ____D C:\Windows\Minidump
2017-03-03 10:52 - 2017-01-29 17:00 - 00000000 ____D C:\Users\Michał\Downloads\df_43_05_win
2017-03-03 10:50 - 2013-08-22 16:36 - 00000000 ___HD C:\Windows\system32\GroupPolicy
2017-03-03 10:50 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\GroupPolicy
2017-03-03 10:21 - 2017-01-17 10:20 - 00000000 ____D C:\Windows\Panther
2017-03-03 10:14 - 2017-01-17 02:01 - 00000000 ____D C:\Program Files\Intel
2017-03-03 10:14 - 2017-01-17 02:00 - 00000000 ____D C:\ProgramData\Package Cache
2017-03-03 01:33 - 2017-01-18 02:16 - 00000000 ____D C:\Users\Michał\AppData\Roaming\vlc
2017-03-03 01:02 - 2017-01-22 17:34 - 00153969 _____ C:\Windows\system32\Drivers\RTWAVES30.dat
2017-03-03 00:51 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\Downloaded Program Files
2017-03-03 00:18 - 2017-01-22 17:32 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-03-03 00:17 - 2017-01-17 11:18 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-03-02 23:36 - 2017-01-17 11:18 - 00000000 ____D C:\Windows\SysWOW64\sda
2017-03-02 22:28 - 2017-01-17 02:02 - 00000000 ____D C:\Intel
2017-03-02 22:22 - 2017-01-17 02:01 - 00000000 ____D C:\Program Files (x86)\Intel
2017-03-02 22:18 - 2017-01-17 02:01 - 00000000 ____D C:\ProgramData\Intel
2017-03-02 21:56 - 2017-01-29 23:18 - 00000000 ____D C:\GOG Games
2017-02-28 12:38 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppCompat
2017-02-27 22:11 - 2017-01-25 23:05 - 00000000 __SHD C:\Users\Michał\AppData\LocalLow\EmieUserList
2017-02-27 22:11 - 2017-01-23 17:07 - 00000000 __SHD C:\Users\Michał\AppData\LocalLow\EmieSiteList
2017-02-27 22:11 - 2017-01-23 17:07 - 00000000 __SHD C:\Users\Michał\AppData\Local\EmieUserList
2017-02-27 22:11 - 2017-01-23 17:07 - 00000000 __SHD C:\Users\Michał\AppData\Local\EmieSiteList
2017-02-27 20:06 - 2017-01-17 10:12 - 00000000 ____D C:\Users\Michał\AppData\Roaming\uTorrent
2017-02-27 15:16 - 2013-08-22 16:20 - 00000000 ____D C:\Windows\CbsTemp
2017-02-27 13:00 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SecureBootUpdates
2017-02-27 12:27 - 2017-01-17 13:45 - 00000000 ____D C:\Windows\system32\MRT
2017-02-27 12:11 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2017-02-27 12:11 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2017-02-27 12:11 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2017-02-27 12:10 - 2013-08-22 16:36 - 00000000 ___RD C:\Windows\ToastData
2017-02-27 12:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\MediaViewer
2017-02-27 12:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\FileManager
2017-02-27 12:10 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\Camera
2017-02-27 12:09 - 2013-08-22 20:11 - 00000000 __SHD C:\Windows\BitLockerDiscoveryVolumeContents
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\setup
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\migwiz
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Com
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Portable Devices
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2017-02-27 12:09 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\System
2017-02-27 12:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\oobe
2017-02-27 12:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\SysWOW64\Dism
2017-02-27 12:09 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\servicing
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ___SD C:\Windows\system32\dsc
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\setup
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\migwiz
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Com
2017-02-27 12:08 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\IME
2017-02-27 12:08 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Sysprep
2017-02-27 12:08 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\oobe
2017-02-27 12:08 - 2013-08-22 14:36 - 00000000 ____D C:\Windows\system32\Dism
2017-02-27 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\InputMethod
2017-02-27 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2017-02-27 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2017-02-27 12:07 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2017-02-27 12:06 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\WinStore
2017-02-27 01:18 - 2013-08-22 16:36 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\msclmd.dll
2017-02-27 01:18 - 2013-08-22 16:36 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msclmd.dll
2017-02-26 23:41 - 2017-01-17 01:31 - 00000000 ____D C:\Program Files\KMSpico
2017-02-26 23:38 - 2017-01-17 13:45 - 138020592 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2017-02-26 22:17 - 2017-01-17 11:18 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-02-23 19:35 - 2017-01-17 02:07 - 01880512 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2017-02-23 19:35 - 2017-01-17 02:07 - 01755072 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2017-02-23 19:35 - 2017-01-17 02:07 - 01468864 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2017-02-23 19:35 - 2017-01-17 02:07 - 01317312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2017-02-23 19:35 - 2017-01-17 02:07 - 00120256 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2017-02-23 18:59 - 2017-01-22 15:08 - 00000000 ___HD C:\_acestream_cache_
2017-02-23 15:30 - 2017-02-02 10:46 - 00001951 _____ C:\Windows\NvTelemetryContainerRecovery.bat
2017-02-21 23:32 - 2017-01-17 13:30 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2017-02-19 12:40 - 2017-01-17 13:31 - 00003950 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2017-02-19 12:40 - 2017-01-17 13:28 - 00000000 ____D C:\Users\Michał\AppData\Local\Adobe
2017-02-19 12:40 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\Macromed
2017-02-19 12:40 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\Macromed
2017-02-18 02:48 - 2017-01-17 11:43 - 00000875 _____ C:\Windows\system32\Drivers\etc\hosts.bak
2017-02-17 21:07 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\AppReadiness
2017-02-17 10:04 - 2017-01-17 10:25 - 00000000 ____D C:\Users\Michał\AppData\Local\Microsoft Help
2017-02-17 09:39 - 2017-01-17 11:35 - 00000000 ___RD C:\Program Files (x86)\Skype
2017-02-17 09:39 - 2017-01-17 11:34 - 00000000 ____D C:\ProgramData\Skype
2017-02-14 00:21 - 2017-01-17 11:28 - 00000000 ____D C:\Users\Michał\AppData\Roaming\NapiProjekt
2017-02-13 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\SysWOW64\MUI
2017-02-13 21:03 - 2013-08-22 16:36 - 00000000 ____D C:\Windows\system32\MUI
2017-02-13 20:36 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-02-12 22:27 - 2017-01-17 01:46 - 00000000 ____D C:\Users\Michał\AppData\Local\VirtualStore
2017-02-11 19:09 - 2017-01-17 10:14 - 00002304 _____ C:\Users\Michał\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk
2017-02-11 19:09 - 2017-01-17 10:14 - 00000000 ____D C:\Users\Michał\AppData\Local\Vivaldi

==================== Files in the root of some directories =======

2017-01-29 00:29 - 2017-01-29 00:29 - 0000294 _____ () C:\Users\Michał\AppData\Local\2017-01-29.json
2017-01-29 00:29 - 2017-01-29 00:29 - 0000294 _____ () C:\Users\Michał\AppData\Local\2017-01-30.json
2017-01-29 00:29 - 2017-01-29 00:29 - 0085194 _____ () C:\Users\Michał\AppData\Local\2017-01-31.json
2017-02-19 03:01 - 2017-02-19 03:01 - 0191845 _____ () C:\Users\Michał\AppData\Local\2017-02-16.json
2017-02-19 03:01 - 2017-02-19 03:02 - 0072557 _____ () C:\Users\Michał\AppData\Local\2017-02-17.json
2017-02-19 03:01 - 2017-02-19 03:04 - 0065168 _____ () C:\Users\Michał\AppData\Local\2017-02-19.json
2017-02-18 02:46 - 2017-02-18 02:46 - 0000201 _____ () C:\Users\Michał\AppData\Local\changelog.txt
2017-01-17 11:43 - 2017-03-10 01:04 - 0092403 _____ () C:\Users\Michał\AppData\Local\games.txt
2017-01-17 11:43 - 2017-03-10 01:04 - 0000039 _____ () C:\Users\Michał\AppData\Local\test.txt
2017-01-17 11:43 - 2017-03-10 01:04 - 0000008 _____ () C:\Users\Michał\AppData\Local\version.txt
2017-01-22 17:34 - 2017-01-22 17:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-03-10 11:12

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-03-2017
Ran by Michał (13-03-2017 10:33:24)
Running from D:\DOWNLOAD
Windows 8.1 Pro (Update) (X64) (2017-01-17 00:33:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4122494467-2726101799-183990937-500 - Administrator - Disabled)
Guest (S-1-5-21-4122494467-2726101799-183990937-501 - Limited - Disabled)
Michał (S-1-5-21-4122494467-2726101799-183990937-1001 - Administrator - Enabled) => C:\Users\Michał

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus Free Edition (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antivirus Free Edition (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 16.04 (x64) (HKLM\...\7-Zip) (Version: 16.04 - Igor Pavlov)
Adobe Acrobat Reader DC - Polish (HKLM-x32\...\{AC76BA86-7AD7-1045-7B44-AC0F074E4100}) (Version: 15.023.20070 - Adobe Systems Incorporated)
Adobe Flash Player 24 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 24.0.0.221 - Adobe Systems Incorporated)
Adventure Game Studio 3.4.0 P2 (HKLM-x32\...\c57ecb2e-4390-4154-b3b7-e9f5816f6edd_is1) (Version: 3.4.0.14 - AGS Project Team)
Aktualizacje NVIDIA 23.23.30.0 (Version: 23.23.30.0 - NVIDIA Corporation) Hidden
Ansel (Version: 378.78 - NVIDIA Corporation) Hidden
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.14 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0050 - ASUS)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1109 - Bitdefender)
Canon Lite Driver (HKLM-x32\...\{66A4E6BC-ECA4-4602-98BA-79425E47887F}) (Version: 1.9.0.12 - NT-ware)
Classic Shell (HKLM\...\{383BB30A-B4A7-4666-9A83-22CFA8640097}) (Version: 4.3.0 - IvoSoft)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 10.5.0.0222 - Disc Soft Ltd)
Eastside Hockey Manager (HKLM\...\Steam App 301120) (Version: - Sports Interactive)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 56.0.2924.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.14 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.14.4578 - Intel Corporation)
Intel® Smart Connect Technology (HKLM\...\{EAF303B3-86E2-4B9E-92E6-2468921D86ED}) (Version: 4.2.41.2633 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{aa2c2346-d0c0-4d3e-9ab1-11a48b4cb9f3}) (Version: 19.20.3 - Intel Corporation)
Magicka (HKLM\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0415-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneNote 2016 dla Użytkowników Domowych i Uczniów - pl-pl (HKLM\...\OneNoteFreeRetail - pl-pl) (Version: 16.0.7870.2020 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.23026 (HKLM-x32\...\{e46eca4f-393b-40df-9f49-076faf788d83}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.23026 (HKLM-x32\...\{74d0e5db-b326-4dae-a6b2-445b9de1836e}) (Version: 14.0.23026.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
NapiProjekt (2.2.0.2399) (HKLM-x32\...\NapiProjekt_is1) (Version: - )
NVIDIA GeForce Experience 3.4.0.70 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.4.0.70 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.16.0318 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.16.0318 - NVIDIA Corporation)
NVIDIA Sterownik graficzny 378.78 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 378.78 - NVIDIA Corporation)
NvNodejs (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
NvTelemetry (Version: 2.3.16.0 - NVIDIA Corporation) Hidden
NvvHci (Version: 2.02.0.5 - NVIDIA Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7870.2020 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7870.2020 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7668.2066 - Microsoft Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 10.4.2.12697 - Electronic Arts, Inc.)
Panel sterowania NVIDIA 378.78 (Version: 378.78 - NVIDIA Corporation) Hidden
qBittorrent 3.3.10 (HKLM-x32\...\qBittorrent) (Version: 3.3.10 - The qBittorrent project)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.14393.31228 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8073 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 7.1.0351 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 3.4.0.70 - NVIDIA Corporation) Hidden
Skype™ 7.32 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.32.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Tablet Wacom (HKLM\...\Wacom Tablet Driver) (Version: 6.3.20-7 - Wacom Technology Corp.)
The Age of Decadence (HKLM-x32\...\1440152251_is1) (Version: 2.6.0.7 - GOG.com)
Torment: Tides of Numenera (1.0.1) (HKLM-x32\...\1958306970_is1) (Version: 0.1.1.294 - GOG.com)
VeraCrypt (HKLM-x32\...\VeraCrypt) (Version: 1.19 - IDRIX)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
Windows Driver Package - ASUS (ATP) Mouse (03/18/2014 6.0.0.35) (HKLM\...\DAA6E0EEB715139C1CEA332C78AB4609FB3C211B) (Version: 03/18/2014 6.0.0.35 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4122494467-2726101799-183990937-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {27FDB55D-4EB6-4923-B031-E972842C3179} - System32\Tasks\WiseCleaner\WRCSkipUAC => C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe
Task: {3862461A-F16E-4C04-88E6-7F8050608FED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {39CDB6CD-FD79-4DA5-82BE-1105A8806FE1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {4822A455-D58C-44B2-AB5A-2B2B1D45A2F1} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {4CB11756-3010-4778-B344-9BE6C6A30F92} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {5321AC97-06FD-4AC2-934C-F2C19134BC09} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {5D604969-5EDD-4B92-A4E9-BB4E21ECE095} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor)
Task: {65EF2584-09C0-42CD-ADEF-D8FF67874590} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-03-02] (Microsoft Corporation)
Task: {6B16563B-DAB1-4C99-B50D-704CFE3226CF} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-09-22] (ASUSTek Computer Inc.)
Task: {6E50C5C2-FD18-421A-80D7-F1EE6A74DF6A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {714E68B6-EE0A-4491-AEE0-F6E363BE9738} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {83624577-6CAB-4FBF-B60D-F53343B35D1E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-03-03] (Google Inc.)
Task: {900B5488-BAD2-4F91-A91A-E428C8EC198B} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [2017-02-23] (NVIDIA Corporation)
Task: {909AD154-0ECD-43E5-93D7-D6A8D0641748} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe [2017-02-19] (Adobe Systems Incorporated)
Task: {92E20C9A-3DEB-4ECB-97F2-BACFE37113F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {B699EC0B-3A4F-40AA-A652-673B897C4AB3} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-03-31] (AsusTek)
Task: {BDF499F5-16C2-48F7-AB05-63DA718854F8} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor)
Task: {C8CB446E-35CF-405B-9236-90CB4A0F4EB8} - System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)
Task: {CB22AFF5-0947-46AC-8892-AB85E3F1E6A4} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [2017-02-23] (NVIDIA Corporation)
Task: {D5411B5F-7ED8-4B05-AF10-BDB3F1B5CD05} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-12-19] (Adobe Systems Incorporated)
Task: {DC6C57AA-FE70-4910-A687-A33AD9959348} - System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe [2017-02-23] (NVIDIA Corporation)
Task: {E58FCE2B-A20B-401D-95F0-E2AB088C94CA} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2017-02-23] (Realtek Semiconductor)
Task: {F9DD5EA4-68E1-429F-839A-910A78042CC8} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [2017-02-23] (NVIDIA Corporation)
Task: {FF01388F-AA53-4AF8-A52C-FF48EECDE472} - System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe [2017-02-23] (NVIDIA Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_24_0_0_221_pepper.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2017-01-17 18:35 - 2013-03-19 11:07 - 00712288 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2017-01-17 18:35 - 2013-09-03 13:29 - 00111832 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2013-11-07 17:12 - 2013-11-07 17:12 - 00198120 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\iSCTAgent.exe
2013-11-07 17:12 - 2013-11-07 17:12 - 00054760 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\NetworkHeuristic.dll
2013-11-07 17:12 - 2013-11-07 17:12 - 00034792 _____ () C:\Program Files\Intel\Intel® Smart Connect Technology Agent\ISCTNetMon.dll
2010-01-09 20:17 - 2010-01-09 20:17 - 04254560 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-01-21 01:40 - 2010-01-21 01:40 - 08794464 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2017-01-17 02:07 - 2017-02-23 19:35 - 04489152 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-17 02:07 - 2017-02-23 19:35 - 01147328 _____ () C:\Program Files\NVIDIA Corporation\NvContainer\libprotobuf.dll
2017-03-03 17:59 - 2017-02-01 10:47 - 02459992 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libglesv2.dll
2017-03-03 17:59 - 2017-02-01 10:47 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\56.0.2924.87\libegl.dll
2017-03-02 22:20 - 2017-01-13 13:26 - 18046520 _____ () C:\Windows\SYSTEM32\igd11dxva64.dll
2017-03-11 16:40 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2017-03-11 16:40 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2017-03-11 16:40 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2017-03-11 16:40 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2017-03-11 16:40 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2017-01-17 02:07 - 2017-02-23 19:35 - 00018880 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
2017-01-17 02:07 - 2017-02-23 19:35 - 03774400 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\Poco.dll
2017-01-17 02:07 - 2017-02-23 19:35 - 00900032 _____ () C:\Program Files (x86)\NVIDIA Corporation\NvContainer\libprotobuf.dll
2010-01-09 20:18 - 2010-01-09 20:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\sharepoint.com -> hxxps://unilodzeu-files.sharepoint.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2017-02-18 02:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts

104.251.218.27 mf.svc.nhl.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4122494467-2726101799-183990937-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Michał\Desktop\homepage_large.7d81e105.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run32: => "EaseUS Cleanup"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\StartupFolder: => "OneNote 2010 Screen Clipper and Launcher.lnk"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\StartupFolder: => "Wysyłanie do programu OneNote.lnk"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-4122494467-2726101799-183990937-1001\...\StartupApproved\Run: => "OfficeSyncProcess"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{D99DDC88-5EA2-4F99-B8CA-DC75E3508B5F}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{0DD83512-26A3-450D-BE52-ECCED6FEBE25}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{54C7EF0F-A0A7-496C-8E00-1981A7842D66}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{0F52A5FA-E27D-4041-B651-B753C876B7E0}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{6B08BE72-4D62-47BF-9778-40F9D73F3C58}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{18D936FC-DB61-434E-B75E-61D4F25C52C8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{5B595112-210C-417B-883F-E1A1DDAC0F00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\NvContainer.exe
FirewallRules: [{68CBA8D3-1020-455B-8EFB-AA24EC753421}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{9A0927D6-E056-4A71-A0A7-C4F8DC10A6BC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{CA4C634D-39DD-4BC8-80FB-AE73772E7158}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{AE0E58BE-3DD0-4097-9CB8-799F9689B890}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{82D0980D-E16D-481B-B259-7266E44EEDCA}] => (Allow) C:\Program Files (x86)\NapiProjekt\napisy.exe
FirewallRules: [{E49A1622-A8F6-4BC0-8807-E7CE35A37797}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [{D6B1BC34-DB48-4B4C-BEB3-E1336A13BC75}] => (Allow) C:\Program Files\KMSpico\Service_KMS.exe
FirewallRules: [TCP Query User{7E8E1461-556A-4E0D-8159-74F1F039BDB9}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{27E468FA-62BF-4A23-AD99-9214A2B30389}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{841C706E-509E-4F92-A34A-30734DF050A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A4D2DD90-9512-40AC-8549-906E00A69A51}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [TCP Query User{245209EB-3236-4186-AD3F-64C648A60847}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7EE41E52-124E-4D78-AC10-193AA244C0D1}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{96E4A222-47BB-4646-9B45-B4B1296978B4}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{AD9234A2-C66B-42D1-8278-1602D906796A}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{ECD62EBE-92A4-4141-A4E4-8C0DCBBC8C78}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{CD4056FA-6C2B-4F7D-9042-2315E90ED05A}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{D830BF9D-B8B6-498B-97FB-462C0ECAF93F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{DEB69438-58D0-4C82-A375-CF3595C83237}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Eastside Hockey Manager\ehm.exe
FirewallRules: [{03DC7915-80FC-4E29-99D2-0618F904DFB4}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{C7767552-4EA8-4B61-BAF5-F89180EB6B19}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [TCP Query User{E597A767-69F8-4B1C-81C6-84BECC33CB31}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{C9F4AAD8-8D15-4C4E-BC5D-636A30DDB34C}C:\users\michał\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\michał\appdata\roaming\spotify\spotify.exe
FirewallRules: [{39CBE7ED-D91A-4AC5-B855-E2A84BDF160E}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{4C2DC89B-734F-4C88-8685-56BF593EE683}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{806D4CE9-74DA-4946-8AF1-77632D3750D8}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [UDP Query User{12E4CC59-6798-4A06-9E30-B0E7D2990D35}C:\program files (x86)\qbittorrent\qbittorrent.exe] => (Allow) C:\program files (x86)\qbittorrent\qbittorrent.exe
FirewallRules: [TCP Query User{7A52A517-F17E-4360-95BD-87F008064176}C:\gog games\torment - tides of numenera\tidesofnumenera.exe] => (Allow) C:\gog games\torment - tides of numenera\tidesofnumenera.exe
FirewallRules: [UDP Query User{1CF91CD3-A7E4-420B-97C9-004B07943952}C:\gog games\torment - tides of numenera\tidesofnumenera.exe] => (Allow) C:\gog games\torment - tides of numenera\tidesofnumenera.exe
FirewallRules: [{4CDD48F6-902F-4789-88B1-CA4B0E2FA067}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{96288DBD-C1EE-4F1E-8D30-72309AFB3609}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [{4DDAA5BE-DA87-42DF-A458-4F6A01A74B26}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Magicka\Magicka.exe
FirewallRules: [TCP Query User{6A58DAF9-4F9E-4805-8BA3-A7FCA5C5B53F}D:\games\helldivers\binaries\x64\helldivers.exe] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
FirewallRules: [UDP Query User{3AAD0EBA-40D8-4C43-A494-0500E7A8753E}D:\games\helldivers\binaries\x64\helldivers.exe] => (Block) D:\games\helldivers\binaries\x64\helldivers.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

06-03-2017 22:25:23 Zainstalowany program DirectX
08-03-2017 13:03:19 Removed ATK Package
11-03-2017 16:32:39 AA11
13-03-2017 10:16:05 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/13/2017 09:11:48 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (03/12/2017 12:09:36 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Nie można wygenerować kontekstu aktywacji dla "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest". Błąd w pliku manifestu lub w pliku zasad "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" w wierszu 1.
Tożsamość składnika znaleziona w manifeście nie odpowiada tożsamości składnika żądanego.
Odwołanie to UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definicja to UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Użyj narzędzia sxstrace.exe, aby uzyskać szczegółową diagnozę.

Error: (03/11/2017 11:06:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 11.0.0.0, sygnatura czasowa: 0x52a8d15d
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0x00000000
Przesunięcie błędu: 0x00007fff88e90668
Identyfikator procesu powodującego błąd: 0x100c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab39c3c0a2b
Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka modułu powodującego błąd: unknown
Identyfikator raportu: fa4ab6f0-06a6-11e7-828b-40167e9a6da5
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (03/11/2017 11:04:41 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfPolicyConfigTDPService
ServiceMainThread: NotifyServiceStatusRunning() failed.

Error: (03/11/2017 11:04:41 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfPolicyConfigTDPService
NotifyServiceStatusRunning: DeviceIoControl() failed.
Last error = [0x0000001f]

Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfProcessorParticipantService
ServiceMain: ServiceStart() failed.

Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 1) (User: )
Description: DptfProcessorParticipantService
ServiceStart: ConnectToDptfProcessorDriver() failed.

Error: (03/11/2017 11:04:37 PM) (Source: DptfEvent) (EventID: 2) (User: )
Description: DptfProcessorParticipantService
ConnectToDptfProcessorDriver: SetupDiEnumDeviceInterfaces() failed.
Last error = [0x00000103]

Error: (03/11/2017 11:01:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: helldivers.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x565eea2a
Nazwa modułu powodującego błąd: helldivers.exe, wersja: 0.0.0.0, sygnatura czasowa: 0x565eea2a
Kod wyjątku: 0xc0000005
Przesunięcie błędu: 0x00000000001910c0
Identyfikator procesu powodującego błąd: 0x2dc
Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab307ae3c35
Ścieżka aplikacji powodującej błąd: D:\Games\HELLDIVERS\binaries\x64\helldivers.exe
Ścieżka modułu powodującego błąd: D:\Games\HELLDIVERS\binaries\x64\helldivers.exe
Identyfikator raportu: 4757216f-06a6-11e7-828a-cbe38ab3c826
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:

Error: (03/11/2017 10:49:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nazwa aplikacji powodującej błąd: Service_KMS.exe, wersja: 11.0.0.0, sygnatura czasowa: 0x52a8d15d
Nazwa modułu powodującego błąd: unknown, wersja: 0.0.0.0, sygnatura czasowa: 0x00000000
Kod wyjątku: 0x00000000
Przesunięcie błędu: 0x00007ff952140668
Identyfikator procesu powodującego błąd: 0x100c
Godzina uruchomienia aplikacji powodującej błąd: 0x01d29ab13183aaaa
Ścieżka aplikacji powodującej błąd: C:\Program Files\KMSpico\Service_KMS.exe
Ścieżka modułu powodującego błąd: unknown
Identyfikator raportu: 8cde4965-06a4-11e7-8289-8086f230fc04
Pełna nazwa pakietu powodującego błąd:
Identyfikator aplikacji względem pakietu powodującego błąd:


System errors:
=============
Error: (03/13/2017 10:16:45 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa NVIDIA LocalSystem Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:54 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: Menedżer sterowania usługami próbował podjąć akcję korekcyjną (Restart the service) po nieoczekiwanym zakończeniu usługi Windows Search, ale ta akcja nie powiodła się przy następującym błędzie:
Jedno wystąpienie usługi już działa.
.

Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Search niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Intel® Dynamic Platform and Thermal Framework Critical Service Application niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Media Player Network Sharing Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 30000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:19 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Usługa Office Software Protection Platform niespodziewanie zakończyła pracę. Wystąpiło to razy: 1.

Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Windows Presentation Foundation Font Cache 3.0.0.0 niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 0 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa Spybot-S&D 2 Security Center Service niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 60000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa NVIDIA LocalSystem Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.

Error: (03/13/2017 10:12:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Usługa NVIDIA Telemetry Container niespodziewanie zakończyła pracę. Wystąpiło to razy: 1. W przeciągu 1000 milisekund zostanie podjęta następująca czynność korekcyjna: Restart the service.


==================== Memory info ===========================

Processor: Intel® Core™ i7-4500U CPU @ 1.80GHz
Percentage of memory in use: 20%
Total physical RAM: 12171.04 MB
Available physical RAM: 9673.96 MB
Total Virtual: 24459.04 MB
Available Virtual: 20648.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:390.28 GB) (Free:288.22 GB) NTFS
Drive d: (MAGAZYN) (Fixed) (Total:390.62 GB) (Free:363.63 GB) NTFS
Drive g: (IRM_CCSA_X64FRE_EN-US_DV5) (Removable) (Total:29.31 GB) (Free:25.82 GB) NTFS
Drive i: (DATA) (Fixed) (Total:150.26 GB) (Free:149.36 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 4DD2E4FF)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=390.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=390.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=150.3 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 29.3 GB) (Disk ID: 076AAB53)
Partition 1: (Active) - (Size=29.3 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 16 March 2017 - 08:26 PM.
Posted shortened reports


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 16 March 2017 - 08:35 PM

Greetings Michal and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Please describe what you see when you attempt to Clean via AdwCleaner.

Please consider and do this.

===================================================

Peer to Peer (P2P) Warning

--------------------

Going over your logs I noticed that you have Peer 2 Peer (torrent) program(s) installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Peer 2 Peer programs, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about CryptoLocker Ransomware, a type of Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities.

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.


===================================================

Use of Registry Cleaner Not Recommended

--------------------

BleepingComputer DOES NOT recommend the use of registry cleaners/optimizers or the registry cleaner component of software for several reasons:
  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.
    • The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
  • Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.
If you persist in using a registry cleaner you should always backup the registry before doing so.

===================================================

Virustotal Online Virus Scanner

--------------------
  • Please go to Virustotal
  • Select Choose File
  • Navigate to the following file (if multiple files then one at a time), double click on it so the file name is populated, then click Scan it!
  • IMPORTANT! If the file is listed as already analyzed, click on Reanalyse file now button.

C:\Windows\system32\lic2tmp.xml253

  • Once completed, highlight the information in the address bar and copy then paste the link in your reply
virustotal.jpg

===================================================

Please boot into Safe Mode with Networking and check your computer performance.

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner
  • Virustotal link
  • Performance in Safe Mode

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 19 March 2017 - 08:19 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,792 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:18 AM

Posted 21 March 2017 - 09:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users