Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AdwCleaner keeps running into Conduit


  • This topic is locked This topic is locked
11 replies to this topic

#1 riktata332

riktata332

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 03 July 2017 - 04:08 PM

I used to have this issue before when AdwCleaner kept finding registry entries titled:

HKU\S-1-5-21-771431622-1385493591-2671224800-1000\Software\Conduit
HKCU\Software\Conduit
HKLM\SOFTWARE\Conduit
[x64] HKCU\Software\Conduit 
Even after they were removed, a few days later they would appear again. Today I did a complete system wipe (only saved a few important files, nothing special or suspicious) and the problem appeared again.
These four registry keys are the only things AdwCleaner is finding. What do I do?


BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 04 July 2017 - 04:52 AM

Hello riktata332 and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested

===================================================

Note: Please run these in the order given in the instructions.

===================================================

Download and run Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.

  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
  • the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next message.

===================================================

Download zoek.exe to your Desktop:

Important: Disable your AntiVirus and AntiSpyware programs, so they do not interfere with the running of Zoek.exe. You can find instructions how to disable your security applications here.

  • on Windows Vista, 7/8,10, right-click Zoek.exe and select: Run as Administrator
  • give it a few seconds to appear
  • copy/paste the entire script inside the codebox below into the input field of Zoek:
    createsrpoint;
    autoclean;
    emptyalltemp;
    ipconfig /flushdns;b
    
  • close any open programs.
  • click the Run script button, and wait. It takes a few minutes to run.
  • when the tool finishes, the zoek-results.log is opened in Notepad: the log can also be found on the systemdrive, normally C:\
  • if a reboot is needed, the log will be opened after the reboot.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes

Download AdwCleaner again from here and save it to your desktop.

  • run AdwCleaner
  • when it has finished, allow AdwCleaner to delete everything it found, then click on Clean
  • if it asks to reboot, allow the reboot
  • on reboot a log will be produced; please attach the content of the log to your next reply.

Logs to include with next post:

JRT.txt
zoek-results.log
AdwCleaner log


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 riktata332

riktata332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2017 - 06:20 AM

I've done as you asked. Here are the results:

 

JRT.txt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 7 Ultimate x64 
Ran by Tarik (Administrator) on uto 04.07.2017 at 12:57:15,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on uto 04.07.2017 at 12:58:46,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

zoek-results.txt

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Tarik on uto 04.07.2017 at 13:00:59,58.
Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Tarik\Downloads\zoek.exe [Scan all users] [Script inserted] 
 
==== System Restore Info ======================
 
4.7.2017 13:01:22 Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~2\ATI Technologies deleted successfully
C:\Users\Tarik\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
 
==== Batch Command(s) Run By Tool======================
 
 
==== Deleting Files \ Folders ======================
 
C:\PROGRA~2\ATI Technologies not found
C:\PROGRA~2\Skillbrains deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Tarik\AppData\Local\updater.log deleted
 
==== Chromium Look ======================
 
 
Chrome Media Router - Tarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="about:newtab"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tarik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Tarik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=93 folders=39 36116199 bytes)
 
==== Empty Temp Folders ======================
 
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Tarik\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Tarik\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on uto 04.07.2017 at 13:10:30,86 ======================
 
AdwCleaner[S0].txt
 
# AdwCleaner v6.047 - Logfile created 04/07/2017 at 13:14:22
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-29.3 [Server]
# Operating System : Windows 7 Ultimate Service Pack 1 (X64)
# Username : Tarik - TARIK-PC
# Running from : C:\Users\Tarik\Downloads\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
No malicious folders found.
 
 
***** [ Files ] *****
 
No malicious files found.
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
No malicious registry entries found.
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
No malicious Chromium based browser items found.
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [1009 Bytes] - [04/07/2017 13:14:22]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1082 Bytes] ##########
 
It seems like AdwCleaner and JRT haven't found anything malicious. I think it's because I ran an AdwCleaner scan last night before logging off, right when I found the Conduit registry keys again.


#4 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 04 July 2017 - 07:57 AM

Let’s just make sure there’s nothing else.

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called Frst.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the Frst.txt into your reply.

Logs to include with next post:

Frst.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 riktata332

riktata332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2017 - 09:10 AM

I ran Farbar, and here are the results:

 

FRST.txt

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 03-07-2017 01

Ran by Tarik (administrator) on TARIK-PC (04-07-2017 16:05:40)
Running from C:\Users\Tarik\Downloads
Loaded Profiles: Tarik (Available Profiles: Tarik)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 8 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Advanced Micro Devices) C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Skillbrains) C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.10\Lightshot.exe
() C:\Users\Tarik\Desktop\Tarik\OHM\OpenHardwareMonitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9197568 2017-01-11] (Realtek Semiconductor)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2017-04-11] ()
HKU\S-1-5-21-771431622-1385493591-2671224800-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3042592 2017-06-08] (Valve Corporation)
HKU\S-1-5-21-771431622-1385493591-2671224800-1000\...\MountPoints2: {50ea629d-5ffd-11e7-ae4b-806e6f6e6963} - E:\DVDSetup.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 77.78.192.20 94.140.66.194
Tcpip\..\Interfaces\{57EB2968-44D1-4E4F-8F27-A38EF3EE974A}: [DhcpNameServer] 77.78.192.20 94.140.66.194
 
Internet Explorer:
==================
HKU\S-1-5-21-771431622-1385493591-2671224800-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-771431622-1385493591-2671224800-1000 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll [2012-02-14] (Advanced Micro Devices)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\system32\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter-x32: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\Windows\SysWOW64\urlmon.dll [2010-11-21] (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll [2011-06-08] (Advanced Micro Devices)
 
FireFox:
========
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-07-03] (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default [2017-07-04]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-07-03]
CHR Extension: (Chrome Media Router) - C:\Users\Tarik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-07-03]
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-08-19] (Advanced Micro Devices, Inc.) [File not signed]
R2 amdacpusrsvc; C:\Program Files\AMD\{920DEC42-4CA5-4d1d-9487-67BE645CDDFC}\amdacpusrsvc.exe [121856 2017-06-12] (Advanced Micro Devices) [File not signed]
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [383016 2017-07-03] (EasyAntiCheat Ltd)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 amdacpksd; C:\Windows\system32\drivers\amdacpksd.sys [305544 2017-06-12] (Advanced Micro Devices)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 16:05 - 2017-07-04 16:05 - 00006723 _____ C:\Users\Tarik\Downloads\FRST.txt
2017-07-04 16:05 - 2017-07-04 16:05 - 00000000 ____D C:\FRST
2017-07-04 16:04 - 2017-07-04 16:05 - 02436096 _____ (Farbar) C:\Users\Tarik\Downloads\FRST64.exe
2017-07-04 14:20 - 2017-07-04 14:20 - 00000000 ____D C:\Users\Tarik\AppData\LocalLow\Facepunch Studios LTD
2017-07-04 14:20 - 2017-07-03 19:34 - 00383016 _____ (EasyAntiCheat Ltd) C:\Windows\SysWOW64\EasyAntiCheat.exe
2017-07-04 14:19 - 2017-07-04 14:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-07-04 13:55 - 2017-07-04 13:55 - 10563576 _____ C:\Users\Tarik\Downloads\bsplayer271.setup.exe
2017-07-04 13:50 - 2017-07-04 13:50 - 00000000 ____D C:\Users\Tarik\AppData\Local\ElevatedDiagnostics
2017-07-04 13:49 - 2017-07-04 13:50 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2017-07-04 13:49 - 2017-07-04 13:49 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2017-07-04 13:49 - 2017-07-04 13:49 - 00000000 ____D C:\Windows\system32\DAX3
2017-07-04 13:49 - 2017-07-04 13:49 - 00000000 ____D C:\Windows\system32\DAX2
2017-07-04 13:49 - 2017-07-04 13:49 - 00000000 ____D C:\ProgramData\Audyssey Labs
2017-07-04 13:49 - 2017-07-04 13:49 - 00000000 ____D C:\Program Files\Realtek
2017-07-04 13:49 - 2017-01-11 11:38 - 72520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-07-04 13:49 - 2017-01-11 11:38 - 23547544 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRenderAVX64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 23447352 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRender64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 17398616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioCapture64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 15202032 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 14057248 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioRealtek64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 13122576 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO3064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 12988344 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO4064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 10536160 _____ (Intel Corporation) C:\Windows\system32\IntelSSTAPO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 09124224 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-07-04 13:49 - 2017-01-11 11:38 - 07172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 06244200 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV3apo.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 05922376 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICV2apo.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-07-04 13:49 - 2017-01-11 11:38 - 05593608 _____ (Nahimic Inc) C:\Windows\system32\NAHIMICAPOlfx.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 05545472 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2017-07-04 13:49 - 2017-01-11 11:38 - 03503048 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03410832 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03203584 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03203424 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 03014144 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-07-04 13:49 - 2017-01-11 11:38 - 02830480 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 02291304 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO7064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 02201600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 02190984 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 02110592 _____ (Waves Audio Ltd.) C:\Windows\system32\WavesGUILib64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01920870 _____ C:\Windows\system32\Drivers\rtkSSTsetting.dat
2017-07-04 13:49 - 2017-01-11 11:38 - 01435136 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01422920 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO6064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01353824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaeapo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01334376 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxSpeechAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01213656 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO5064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01186840 _____ (Intel Corporation) C:\Windows\system32\IntelSstCApoPropPage.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01166152 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO4064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01003856 _____ (Nahimic Inc) C:\Windows\system32\NahimicAPONSControl.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 01003512 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00999848 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVoiceAPO2064.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00962128 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tosasfapo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00931616 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPOShell64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00923736 _____ (Sony Corporation) C:\Windows\system32\MISS_APO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00873464 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00866096 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00859912 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00854208 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00726112 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00689880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00678176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00618184 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00601144 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\tossaemaxapo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00588032 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00571376 _____ (Intel Corporation) C:\Windows\system32\tbb_waves.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00514872 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00467152 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows\system32\toseaeapo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00426568 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00366120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00330560 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00192976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00190928 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-07-04 13:49 - 2017-01-11 11:38 - 00023688 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 07096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 06264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 05347000 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 03302272 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 02993720 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 02444688 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01615656 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64APO.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01529136 _____ (Conexant Systems Inc.) C:\Windows\system32\CX64Proxy.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01516896 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01363096 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 01133584 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00785608 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00574752 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00514520 _____ (DTS) C:\Windows\system32\DTSU2PLFX64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00500552 _____ (DTS) C:\Windows\system32\DTSU2PGFX64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00438688 _____ (Conexant Systems, Inc.) C:\Windows\system32\CAF64APO2.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00428224 _____ (DTS) C:\Windows\system32\DTSU2PREC64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00327448 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00310416 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00118592 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00112488 _____ (Conexant Systems, Inc.) C:\Windows\system32\Caf64api.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00105304 _____ C:\Windows\system32\audioLibVc.dll
2017-07-04 13:49 - 2017-01-11 11:37 - 00005604 _____ C:\Windows\system32\cxapo.lncs
2017-07-04 13:49 - 2017-01-11 11:37 - 00000736 _____ C:\Windows\system32\cxapo.prop
2017-07-04 13:48 - 2017-07-04 13:50 - 00000000 ___HD C:\Program Files (x86)\Temp
2017-07-04 13:48 - 2016-09-22 14:55 - 02839520 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-07-04 13:30 - 2017-07-04 13:30 - 00000000 ____D C:\Users\Tarik\AppData\Local\VirtualStore
2017-07-04 13:30 - 2017-07-04 13:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2017-07-04 13:30 - 2017-07-04 13:30 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2017-07-04 13:13 - 2017-07-04 13:14 - 00000000 ____D C:\AdwCleaner
2017-07-04 13:09 - 2017-07-04 13:00 - 00024064 _____ C:\Windows\zoek-delete.exe
2017-07-04 13:00 - 2017-07-04 13:12 - 00000000 ____D C:\zoek_backup
2017-07-04 02:38 - 2017-07-03 16:48 - 00000000 ____D C:\Windows\Panther
2017-07-03 23:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2017-07-03 23:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2017-07-03 23:14 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2017-07-03 23:14 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2017-07-03 23:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2017-07-03 23:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2017-07-03 23:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2017-07-03 23:14 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2017-07-03 23:14 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2017-07-03 23:14 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2017-07-03 23:14 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2017-07-03 23:14 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2017-07-03 23:14 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2017-07-03 23:14 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2017-07-03 23:14 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2017-07-03 23:14 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2017-07-03 23:14 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2017-07-03 23:14 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2017-07-03 23:14 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2017-07-03 23:14 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2017-07-03 23:14 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2017-07-03 23:14 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2017-07-03 23:14 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2017-07-03 23:14 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2017-07-03 23:14 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2017-07-03 23:14 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2017-07-03 23:14 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2017-07-03 23:14 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2017-07-03 23:14 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2017-07-03 23:14 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2017-07-03 23:14 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2017-07-03 23:14 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2017-07-03 23:14 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2017-07-03 23:14 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2017-07-03 23:14 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2017-07-03 23:14 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2017-07-03 23:14 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2017-07-03 23:14 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2017-07-03 23:14 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2017-07-03 23:14 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2017-07-03 23:14 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2017-07-03 23:14 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2017-07-03 23:14 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2017-07-03 23:14 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2017-07-03 23:14 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2017-07-03 23:14 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2017-07-03 23:14 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2017-07-03 23:14 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2017-07-03 23:14 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2017-07-03 23:14 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2017-07-03 23:14 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2017-07-03 23:14 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2017-07-03 23:14 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2017-07-03 23:14 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2017-07-03 23:14 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2017-07-03 23:14 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2017-07-03 23:14 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2017-07-03 23:14 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2017-07-03 23:14 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2017-07-03 23:14 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2017-07-03 23:14 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2017-07-03 23:14 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2017-07-03 23:14 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2017-07-03 23:14 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2017-07-03 23:14 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2017-07-03 23:14 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2017-07-03 23:14 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2017-07-03 23:14 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2017-07-03 23:14 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2017-07-03 23:14 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2017-07-03 23:14 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2017-07-03 23:14 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2017-07-03 23:14 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2017-07-03 23:14 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2017-07-03 23:14 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2017-07-03 23:14 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2017-07-03 23:14 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2017-07-03 23:14 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2017-07-03 23:14 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2017-07-03 23:14 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2017-07-03 23:14 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2017-07-03 23:14 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2017-07-03 23:14 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2017-07-03 23:14 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2017-07-03 23:14 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2017-07-03 23:14 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2017-07-03 23:14 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2017-07-03 23:14 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2017-07-03 23:14 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2017-07-03 23:14 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2017-07-03 23:14 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2017-07-03 23:14 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2017-07-03 23:14 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2017-07-03 23:14 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2017-07-03 23:14 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2017-07-03 23:14 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2017-07-03 23:14 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2017-07-03 23:14 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2017-07-03 23:14 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2017-07-03 23:14 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2017-07-03 23:14 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2017-07-03 23:14 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2017-07-03 23:14 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2017-07-03 23:14 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2017-07-03 23:14 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2017-07-03 23:14 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2017-07-03 23:14 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2017-07-03 23:14 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2017-07-03 23:14 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2017-07-03 23:14 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2017-07-03 23:14 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2017-07-03 23:14 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2017-07-03 23:14 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2017-07-03 23:14 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2017-07-03 23:14 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2017-07-03 20:49 - 2017-07-03 20:49 - 00000000 ____D C:\Users\Tarik\Documents\Telltale Games
2017-07-03 20:37 - 2017-07-03 21:10 - 00000000 ____D C:\Users\Tarik\Documents\My games
2017-07-03 20:34 - 2017-07-03 20:35 - 00000000 ____D C:\Program Files (x86)\PhotoScape
2017-07-03 20:34 - 2017-07-03 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
2017-07-03 20:25 - 2017-07-03 20:25 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-03 20:25 - 2017-07-03 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-07-03 20:25 - 2017-07-03 20:25 - 00000000 ____D C:\Program Files\WinRAR
2017-07-03 20:23 - 2017-07-03 20:23 - 00000000 ____D C:\Program Files (x86)\Webteh
2017-07-03 20:22 - 2017-07-03 20:22 - 00000425 _____ C:\Users\Tarik\AppData\Local\UserProducts.xml
2017-07-03 19:56 - 2017-07-03 19:56 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Google
2017-07-03 19:52 - 2017-07-03 19:52 - 00000222 _____ C:\Users\Tarik\Desktop\The Walking Dead.url
2017-07-03 19:52 - 2017-07-03 19:52 - 00000222 _____ C:\Users\Tarik\Desktop\Rocket League.url
2017-07-03 19:51 - 2017-07-03 19:51 - 00000222 _____ C:\Users\Tarik\Desktop\Age of Empires III Complete Collection.url
2017-07-03 19:51 - 2017-07-03 19:51 - 00000221 _____ C:\Users\Tarik\Desktop\Borderlands 2.url
2017-07-03 19:20 - 2017-07-03 19:24 - 00000000 ___RD C:\Users\Tarik\Desktop\Meliha i Emci
2017-07-03 18:03 - 2017-07-03 18:32 - 00000000 ____D C:\Users\Tarik\Documents\Overwatch
2017-07-03 18:02 - 2017-07-04 14:17 - 00000000 ___RD C:\Users\Tarik\Desktop\Tarik
2017-07-03 18:02 - 2017-07-03 18:02 - 00000222 _____ C:\Users\Tarik\Desktop\Rust.url
2017-07-03 18:01 - 2017-07-03 18:01 - 00000221 _____ C:\Users\Tarik\Desktop\Grand Theft Auto San Andreas.url
2017-07-03 18:00 - 2017-07-03 18:00 - 00000876 _____ C:\Users\Public\Desktop\Overwatch.lnk
2017-07-03 18:00 - 2017-07-03 18:00 - 00000219 _____ C:\Users\Tarik\Desktop\Counter-Strike Global Offensive.url
2017-07-03 18:00 - 2017-07-03 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Overwatch
2017-07-03 17:34 - 2017-07-03 17:34 - 00000000 ____D C:\Users\Tarik\AppData\Local\Steam
2017-07-03 17:25 - 2017-07-04 15:32 - 00000000 ____D C:\Program Files (x86)\Steam
2017-07-03 17:25 - 2017-07-03 17:25 - 00000963 _____ C:\Users\Public\Desktop\Steam.lnk
2017-07-03 17:25 - 2017-07-03 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2017-07-03 17:21 - 2017-07-03 17:22 - 00000000 ____D C:\Users\Tarik\AppData\Local\AMD
2017-07-03 17:21 - 2017-07-03 17:21 - 00000000 ____D C:\Users\Tarik\AppData\LocalLow\AMD
2017-07-03 17:20 - 2017-07-04 13:50 - 00065536 _____ C:\Windows\system32\spu_storage.bin
2017-07-03 17:19 - 2017-07-03 18:03 - 00000000 ____D C:\Program Files (x86)\Overwatch
2017-07-03 17:18 - 2017-07-03 17:18 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2017-07-03 17:17 - 2017-07-03 17:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Problem Report Wizard
2017-07-03 17:16 - 2017-07-03 17:16 - 00003146 _____ C:\Windows\System32\Tasks\StartCN
2017-07-03 17:16 - 2017-07-03 17:16 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\ATI
2017-07-03 17:16 - 2017-07-03 17:16 - 00000000 ____D C:\Users\Tarik\AppData\Local\ATI
2017-07-03 17:16 - 2017-07-03 17:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings
2017-07-03 17:16 - 2017-07-03 17:16 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2017-07-03 17:15 - 2017-07-03 17:15 - 00000000 ____D C:\Users\Tarik\AppData\Local\CEF
2017-07-03 17:15 - 2017-07-03 17:15 - 00000000 ____D C:\Users\Tarik\AppData\Local\Blizzard Entertainment
2017-07-03 17:15 - 2017-07-03 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blizzard App
2017-07-03 17:15 - 2017-07-03 17:15 - 00000000 ____D C:\Program Files (x86)\VulkanRT
2017-07-03 17:15 - 2017-01-28 00:05 - 00103936 _____ C:\Windows\SysWOW64\vulkaninfo.exe
2017-07-03 17:15 - 2017-01-28 00:04 - 00326656 _____ C:\Windows\SysWOW64\vulkan-1.dll
2017-07-03 17:15 - 2017-01-28 00:02 - 00118272 _____ C:\Windows\system32\vulkaninfo.exe
2017-07-03 17:15 - 2017-01-28 00:01 - 00322560 _____ C:\Windows\system32\vulkan-1.dll
2017-07-03 17:14 - 2017-07-03 22:56 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Battle.net
2017-07-03 17:14 - 2017-07-03 22:56 - 00000000 ____D C:\Users\Tarik\AppData\Local\Battle.net
2017-07-03 17:14 - 2017-07-03 22:54 - 00000000 ____D C:\Program Files (x86)\Blizzard App
2017-07-03 17:14 - 2015-07-18 15:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-07-03 17:14 - 2015-07-18 15:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-07-03 17:13 - 2017-07-03 17:14 - 00000000 ____D C:\ProgramData\Battle.net
2017-07-03 17:12 - 2017-07-03 17:12 - 00749404 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-07-03 17:09 - 2017-07-03 17:10 - 00000000 ____D C:\AMD
2017-07-03 17:02 - 2017-07-03 17:17 - 00000000 ____D C:\Program Files\AMD
2017-07-03 17:02 - 2017-07-03 17:16 - 00000000 ____D C:\Program Files (x86)\AMD
2017-07-03 17:02 - 2017-07-03 17:02 - 00002267 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-07-03 17:00 - 2017-07-03 17:01 - 00000000 ____D C:\Program Files (x86)\Google
2017-07-03 17:00 - 2017-07-03 17:00 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2017-07-03 17:00 - 2017-07-03 17:00 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2017-07-03 16:59 - 2017-07-03 17:47 - 00000000 ____D C:\Users\Tarik\AppData\Local\Google
2017-07-03 16:59 - 2017-07-03 16:59 - 00000000 ____D C:\ProgramData\AMD
2017-07-03 16:59 - 2013-06-27 17:50 - 00082240 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_sata.sys
2017-07-03 16:59 - 2013-06-27 17:50 - 00042304 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amd_xata.sys
2017-07-03 16:59 - 2012-08-28 14:27 - 00058536 ____R (Advanced Micro Devices) C:\Windows\system32\Drivers\usbfilter.sys
2017-07-03 16:58 - 2017-07-03 16:59 - 00000000 ____D C:\Users\Tarik\AppData\Local\Deployment
2017-07-03 16:58 - 2017-07-03 16:58 - 00057560 _____ C:\Users\Tarik\AppData\Local\GDIPFONTCACHEV1.DAT
2017-07-03 16:58 - 2017-07-03 16:58 - 00000000 ____D C:\Users\Tarik\AppData\Local\Apps\2.0
2017-07-03 16:57 - 2017-07-03 19:54 - 00000000 ___RD C:\Users\Tarik\Desktop\Medina
2017-07-03 16:56 - 2017-07-03 16:56 - 00000000 ____D C:\Program Files\ATI
2017-07-03 16:55 - 2017-07-03 17:02 - 00000000 ____D C:\Program Files\ATI Technologies
2017-07-03 16:53 - 2017-07-04 13:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-07-03 16:53 - 2017-07-04 13:49 - 00000000 ____D C:\Program Files (x86)\Realtek
2017-07-03 16:53 - 2013-04-10 05:09 - 00849992 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2017-07-03 16:53 - 2013-04-10 05:09 - 00108104 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2017-07-03 16:53 - 2013-04-10 05:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2017-07-03 16:52 - 2017-07-03 16:52 - 00000000 ____D C:\MSI
2017-07-03 16:48 - 2017-07-03 16:48 - 00001443 _____ C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-07-03 16:48 - 2017-07-03 16:48 - 00001409 _____ C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2017-07-03 16:48 - 2017-07-03 16:48 - 00000020 ___SH C:\Users\Tarik\ntuser.ini
2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 _SHDL C:\Users\Tarik\My Documents
2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 _SHDL C:\Users\Tarik\Documents\My Videos
2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 _SHDL C:\Users\Tarik\Documents\My Pictures
2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 _SHDL C:\Users\Tarik\Documents\My Music
2017-07-03 16:48 - 2017-07-03 16:48 - 00000000 ____D C:\Users\Tarik
2017-07-03 16:48 - 2010-11-21 09:16 - 00000000 ____D C:\Users\Tarik\AppData\Roaming\Media Center Programs
2017-07-03 16:41 - 2017-07-03 16:41 - 00001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-07-03 16:41 - 2017-07-03 16:41 - 00001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-06-12 23:14 - 2017-06-12 23:14 - 09446336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 07663888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00543112 _____ C:\Windows\system32\dgtrayicon.exe
2017-06-12 23:14 - 2017-06-12 23:14 - 00522632 _____ C:\Windows\system32\GameManager64.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00356744 _____ C:\Windows\SysWOW64\GameManager32.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00207760 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00185088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00143864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00020360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2017-06-12 23:14 - 2017-06-12 23:14 - 00020360 _____ (Microsoft Corporation) C:\Windows\system32\detoured.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 15728008 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 12578016 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 10448520 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 01654880 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 01347952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00768904 _____ (AMD) C:\Windows\system32\atieclxx.exe
2017-06-12 23:13 - 2017-06-12 23:13 - 00544136 _____ (AMD) C:\Windows\system32\atitmm64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00543112 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2017-06-12 23:13 - 2017-06-12 23:13 - 00537992 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Rapidfire64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00520584 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2017-06-12 23:13 - 2017-06-12 23:13 - 00475016 _____ C:\Windows\system32\atieah64.exe
2017-06-12 23:13 - 2017-06-12 23:13 - 00469384 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00325512 _____ C:\Windows\SysWOW64\atieah32.exe
2017-06-12 23:13 - 2017-06-12 23:13 - 00236424 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00194952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00155528 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00114056 _____ (AMD) C:\Windows\system32\atimuixx.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00078728 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\RapidFireServer64.dll
2017-06-12 23:13 - 2017-06-12 23:13 - 00033672 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 14414072 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 14318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 13254256 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 09899912 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 07955848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 01507720 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 01032072 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 01032072 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00855432 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdlvr64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00687496 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00402312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2017-06-12 23:12 - 2017-06-12 23:12 - 00349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODE.exe
2017-06-12 23:12 - 2017-06-12 23:12 - 00185600 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00182664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00161160 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00154152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00142216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00128968 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00121240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00121240 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00106248 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00092840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00092840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00072072 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\ATIODCLI.exe
2017-06-12 23:12 - 2017-06-12 23:12 - 00065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2017-06-12 23:12 - 2017-06-12 23:12 - 00060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 59237768 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 36562312 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2017-06-12 23:11 - 2017-06-12 23:11 - 28797832 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl12cl64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 26831240 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 10313608 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdvlk64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 08471432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 02527624 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amfrt64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 02189704 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00915848 _____ (AMD) C:\Windows\system32\coinst_17.10.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00505736 _____ C:\Windows\system32\amdgfxinfo64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00351624 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00305544 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2017-06-12 23:11 - 2017-06-12 23:11 - 00269704 _____ C:\Windows\system32\clinfo.exe
2017-06-12 23:11 - 2017-06-12 23:11 - 00166280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amduve64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00159112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00135560 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00112520 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2017-06-12 23:11 - 2017-06-12 23:11 - 00103304 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 46457736 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 32738184 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 22739336 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 00082824 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmcl64.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 00066952 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 00066440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2017-06-12 23:10 - 2017-06-12 23:10 - 00054664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2017-06-12 22:33 - 2017-06-12 22:33 - 03437632 _____ C:\Windows\system32\atiumd6a.cap
2017-06-12 22:31 - 2017-06-12 22:31 - 00204952 _____ C:\Windows\SysWOW64\ativvsvl.dat
2017-06-12 22:31 - 2017-06-12 22:31 - 00204952 _____ C:\Windows\system32\ativvsvl.dat
2017-06-12 22:31 - 2017-06-12 22:31 - 00157144 _____ C:\Windows\SysWOW64\ativvsva.dat
2017-06-12 22:31 - 2017-06-12 22:31 - 00157144 _____ C:\Windows\system32\ativvsva.dat
2017-06-12 22:30 - 2017-06-12 22:30 - 00798552 _____ C:\Windows\SysWOW64\atiapfxx.blb
2017-06-12 22:30 - 2017-06-12 22:30 - 00798552 _____ C:\Windows\system32\atiapfxx.blb
2017-06-12 22:27 - 2017-06-12 22:27 - 03471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2017-06-12 16:39 - 2017-06-12 16:39 - 02428928 _____ C:\Windows\system32\amdacpusl.pdb
2017-06-12 16:34 - 2017-06-12 16:34 - 00364544 _____ (Advanced Micro Devices) C:\Windows\system32\amdacpusl.dll
2017-06-12 16:34 - 2017-06-12 16:34 - 00306176 _____ C:\Windows\system32\amdacpusl.pdb.pub
2017-06-12 16:34 - 2017-06-12 16:34 - 00248832 _____ (Advanced Micro Devices) C:\Windows\SysWOW64\amdacpusl.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-07-04 13:58 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-07-04 13:58 - 2009-07-14 06:45 - 00021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-07-04 13:57 - 2009-07-14 07:13 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-07-04 13:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\inf
2017-07-04 13:51 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2017-07-04 02:38 - 2009-07-14 07:32 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2017-07-03 16:57 - 2009-07-14 05:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-07-03 16:47 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2017-07-03 16:41 - 2009-07-14 07:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-07-03 16:41 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\system32\sysprep
2017-07-03 16:39 - 2010-11-21 09:16 - 00000000 ____D C:\Windows\CSC
2017-07-03 16:39 - 2009-07-14 06:45 - 00274320 _____ C:\Windows\system32\FNTCACHE.DAT
 
==================== Files in the root of some directories =======
 
2017-07-03 20:22 - 2017-07-03 20:22 - 0000425 _____ () C:\Users\Tarik\AppData\Local\UserProducts.xml
2017-07-04 13:49 - 2017-07-04 13:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-07-04 08:48
 
==================== End of FRST.txt ============================
 
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-07-2017 01
Ran by Tarik (04-07-2017 16:06:11)
Running from C:\Users\Tarik\Downloads
Windows 7 Ultimate Service Pack 1 (X64) (2017-07-03 14:48:23)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-771431622-1385493591-2671224800-500 - Administrator - Disabled)
Guest (S-1-5-21-771431622-1385493591-2671224800-501 - Limited - Disabled)
Tarik (S-1-5-21-771431622-1385493591-2671224800-1000 - Administrator - Enabled) => C:\Users\Tarik
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
ACP Application (HKLM\...\{C8FFDBDA-6AC3-8930-9C64-F573ADFF291B}) (Version: 2017.0612.1633.42 - Advanced Micro Devices, Inc.) Hidden
Age of Empires® III: Complete Collection (HKLM\...\Steam App 105450) (Version:  - Ensemble Studios)
AMD Software (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.8 - Advanced Micro Devices, Inc.)
Blizzard App (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Borderlands 2 (HKLM\...\Steam App 49520) (Version:  - Gearbox Software)
Catalyst Control Center Next Localization BR (HKLM\...\{5CD729EF-176B-E0D4-52A6-5ED6CBC88520}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (HKLM\...\{5EB4E2AE-AC5E-2977-817F-9A5A0505367A}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (HKLM\...\{37C16D90-A5F9-63D1-ECCA-F7910802D01F}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (HKLM\...\{0ACA2B4F-0424-D68C-367D-C955920B7075}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (HKLM\...\{C67E6B85-8B16-635B-73A0-E2CDAFAED94B}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (HKLM\...\{A353AA66-92A5-C78A-9ACB-2D5DEE034586}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (HKLM\...\{C508BBBF-D0AB-3AD6-F64A-60B134E765F5}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (HKLM\...\{5A1F456F-F35F-FAF4-62E1-CBBE468FDB7C}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (HKLM\...\{B185C2D3-9396-72C4-97DD-7D8D3079C549}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (HKLM\...\{AC38A6EA-F40B-4A44-5CEB-D6FE1955289D}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (HKLM\...\{94D76FFE-B4BA-3997-9634-33ADCC722207}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (HKLM\...\{D556E147-7130-7B59-CCF7-489A02EE82D3}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (HKLM\...\{6BC655E2-6D19-F1B9-49B6-056676F8B2BF}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (HKLM\...\{DB0B66AD-D4E8-9C5A-6018-7E0F5C077DF8}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (HKLM\...\{F9E832F4-8FC7-2B20-6C9E-CA5E1BF463EB}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (HKLM\...\{485CC700-71A5-F7FF-A9B0-E03E1C7C628B}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (HKLM\...\{9B319932-2A29-29E8-7E65-3CAF1C161D2B}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (HKLM\...\{10671AF2-1285-FBB8-A478-219EE15E12E7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (HKLM\...\{D3497ED2-6CD3-BFFB-8C29-1AF02201EBC7}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (HKLM\...\{AFB0BC0D-B426-C3B6-0330-16AB1E8B8394}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (HKLM\...\{A2CB08E7-C06A-907A-6797-2BFF8E444222}) (Version: 2017.0612.1651.28496 - Advanced Micro Devices, Inc.) Hidden
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 59.0.3071.115 - Google Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.33.5 - Google Inc.) Hidden
Grand Theft Auto: San Andreas (HKLM\...\Steam App 12120) (Version:  - Rockstar Games)
Lightshot-5.4.0.10 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.4.0.10 - Skillbrains)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123 (HKLM-x32\...\{2cbcedbb-f38c-48a3-a3e1-6c6fd821a7f4}) (Version: 14.0.24123.0 - Microsoft Corporation)
Overwatch (HKLM-x32\...\Overwatch) (Version:  - Blizzard Entertainment)
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8036 - Realtek Semiconductor Corp.)
Rocket League (HKLM\...\Steam App 252950) (Version:  - Psyonix, Inc.)
Rust (HKLM\...\Steam App 252490) (Version:  - Facepunch Studios)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Walking Dead (HKLM\...\Steam App 207610) (Version:  - Telltale Games)
Vulkan Run Time Libraries 1.0.39.1 (HKLM\...\VulkanRT1.0.39.1) (Version: 1.0.39.1 - LunarG, Inc.)
WinRAR 5.50 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.5 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
ContextMenuHandlers01: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-03] (Alexander Roshal)
ContextMenuHandlers01: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
ContextMenuHandlers05: [ACE] -> {5E2121EE-0300-11D4-8D3B-444553540000} => C:\Program Files\AMD\CNext\CNext\atiacm64.dll [2017-06-12] (Advanced Micro Devices, Inc.)
ContextMenuHandlers06: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\WinRAR\rarext.dll [2017-07-03] (Alexander Roshal)
ContextMenuHandlers06: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} =>  -> No File
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {2B169D3E-CA6F-435B-8C69-C33CD156495F} - System32\Tasks\StartCN => C:\Program Files\AMD\CNext\CNext\cncmd.exe [2017-06-12] (Advanced Micro Devices, Inc.)
Task: {2BC76966-4AB7-403B-86E7-4544D4C22A38} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)
Task: {C8639E54-AEEC-4631-ABC8-D3B0E9B258F3} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2017-07-03] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts & WMI ========================
 
(The entries could be listed to be restored or removed.)
 
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-09-13 14:37 - 2016-09-13 14:37 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2016-09-13 14:36 - 2016-09-13 14:36 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-09-13 14:37 - 2016-09-13 14:37 - 00191488 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Dialogs\dialogplugin.dll
2017-07-03 18:02 - 2016-11-06 18:15 - 00494592 _____ () C:\Users\Tarik\Desktop\Tarik\OHM\OpenHardwareMonitor.exe
2017-07-03 18:02 - 2016-11-06 11:59 - 00149504 _____ () C:\Users\Tarik\Desktop\Tarik\OHM\Aga.Controls.dll
2017-07-03 18:02 - 2016-11-06 18:15 - 00266752 _____ () C:\Users\Tarik\Desktop\Tarik\OHM\OpenHardwareMonitorLib.dll
2017-07-03 17:02 - 2017-06-23 05:21 - 02692440 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libglesv2.dll
2017-07-03 17:02 - 2017-06-23 05:21 - 00137048 _____ () C:\Program Files (x86)\Google\Chrome\Application\59.0.3071.115\swiftshader\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 _____ C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-771431622-1385493591-2671224800-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tarik\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 77.78.192.20 - 94.140.66.194
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{99A81E51-C5B6-4143-84DD-9A2820E758FD}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{896E4C82-98F7-4B0A-AD87-FE766A743A85}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55CC79B7-BC54-4014-A1F8-836BD9121FE2}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{A08BC81D-F546-418B-882D-1074878E3800}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [{8940242A-81B6-4BC7-A461-FCC9D57D1B9D}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
FirewallRules: [TCP Query User{8BCB6247-B0F5-4E25-8019-2633EC434D58}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [UDP Query User{5C88E149-8879-420F-9756-C9121151D676}C:\program files (x86)\overwatch\overwatch.exe] => (Allow) C:\program files (x86)\overwatch\overwatch.exe
FirewallRules: [{89F44A43-F8A1-4153-A16A-9DA841FD4F6B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{EEAB09B5-EB68-4506-8721-52D8D8FF80B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{C58A79CD-F302-4B42-AED6-A54C6D3F8617}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{E47D5484-CB9D-4BA0-82F7-0EB78DDCA344}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto San Andreas\gta-sa.exe
FirewallRules: [{FDE2070A-A59F-4A10-AF08-E90DE6BB1562}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{78373FB9-3A74-456A-AA93-6B9305CD52FC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{713E4300-ADC6-42D8-A15E-AD8BD94F84B6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{4D429D90-DA7F-4ECA-8AE5-702608A81D65}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3.exe
FirewallRules: [{58F364BA-61E1-42CB-9C85-C406E7F2E393}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{E72EF73A-13E5-40B3-9301-EE592F4BA12A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3x.exe
FirewallRules: [{0DF8315A-F4FF-4B7B-BEAE-09037B8B795B}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{4D685EBF-BD22-424E-A532-DACEB13A1C74}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Age Of Empires 3\bin\age3y.exe
FirewallRules: [{3AA5C060-2280-4FC8-A4D1-EAA4D73F0675}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{800782B4-3CA7-4A51-8142-5826125A0979}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Borderlands 2\Binaries\Win32\Launcher.exe
FirewallRules: [{63C3A777-04F9-40D8-B38E-B3998EEFA72F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{45EFA64C-E1E8-427D-8D8E-8019DDC9B54F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{0BA36FC5-2F78-463B-9063-57E40B8F2D75}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{3B1B7DD6-1B63-4388-8C48-56112B88A788}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
 
==================== Restore Points =========================
 
03-07-2017 16:53:04 Instalirano Realtek Ethernet Controller Driver
03-07-2017 16:56:40 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
03-07-2017 16:57:14 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
03-07-2017 17:14:00 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24123
03-07-2017 17:14:19 Windows Update
03-07-2017 17:14:43 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
03-07-2017 17:15:25 Device Driver Package Install: Advanced Micro Devices, Inc. Display adapters
03-07-2017 23:13:46 Installed DirectX
04-07-2017 00:04:22 JRT Pre-Junkware Removal
04-07-2017 12:57:15 JRT Pre-Junkware Removal
04-07-2017 13:01:16 zoek.exe restore point
04-07-2017 13:48:47 Instalirano Realtek High Definition Audio Driver
04-07-2017 14:18:50 Installed DirectX
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (07/04/2017 03:13:42 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program UNKNOWN version 0.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 798
 
Start Time: 01d2f4bfe4b1f3ff
 
Termination Time: 384
 
Application Path: UNKNOWN
 
Report Id: 97c1ff35-60ba-11e7-bf86-448a5b2c57bb
 
Error: (07/04/2017 01:53:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/04/2017 01:12:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/04/2017 12:57:31 PM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (07/04/2017 08:48:30 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "C:\Program Files\AMD\CIM\Bin64\SetACL64.exe".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (07/04/2017 07:40:13 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/04/2017 12:09:26 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (07/04/2017 12:06:45 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (07/04/2017 12:04:38 AM) (Source: ATIeRecord) (EventID: 16387) (User: )
Description: ATI EEU Service event error
 
Error: (07/03/2017 10:55:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (07/04/2017 01:08:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/04/2017 01:08:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/04/2017 01:08:24 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/04/2017 01:08:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/04/2017 01:08:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (07/03/2017 10:52:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Steam Client Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/03/2017 10:52:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/03/2017 10:52:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (07/03/2017 10:52:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The ACP User Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (07/03/2017 10:52:58 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The AMD FUEL Service service terminated unexpectedly.  It has done this 1 time(s).
 
 
==================== Memory info =========================== 
 
Processor: AMD Athlon™ X4 750 Quad Core Processor 
Percentage of memory in use: 17%
Total physical RAM: 8152.18 MB
Available physical RAM: 6706.52 MB
Total Virtual: 16302.57 MB
Available Virtual: 14692.51 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:390.53 GB) (Free:269.38 GB) NTFS
Drive d: () (Fixed) (Total:540.89 GB) (Free:514.77 GB) NTFS
 
==================== MBR & Partition Table ==================
 
==================== End of Addition.txt ============================


#6 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 04 July 2017 - 10:11 AM

Your log is clean but shows two things that concern me: you have no antivirus installed and appear to have run ComboFix at some point.

 

Antivirus

You must get one straight away!

The old version of Windows Defender was pretty useless and generally only looked for spyware. It’s using up resources so I suggest you turn it off.

To turn real-time protection off:

  • open Windows Defender, (Start > Programs > Windows Defender)
  • click Tools and then General Settings
  • under ‘Real-time protection’, uncheck the Turn on real-time protection (recommended) check box
  • click Save.

If you use the Internet without an antivirus your computer will certainly become infected again. It is also imperative that you update your Antivirus software at least once a week, (even more if you wish). If you do not update it, it will not be able to catch any of the new variants of malware that come out on a daily basis.

Download and install one of these recommended and free antivirus programs:


Free Avast Home Edition
Microsoft Security Essentials

 

Do NOT install more than one or they will fight against each other and render both ineffective.

===================================================

I can see from your logs that you have Combofix on your computer. This is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

I’ll give you instructions on uninstalling it if you're happy that your computer is clean.

Satchfan

 

 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 riktata332

riktata332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2017 - 05:43 PM

If it is malicious, I'd be happy to remove ComboFix. I never used it, nor do I remember installing it.

Could you please instruct me on how to uninstall it?



#8 riktata332

riktata332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2017 - 06:07 PM

I just tried uninstalling it by following the instructions from https://www.bleepingcomputer.com/combofix/how-to-use-combofix, but I can't even find the combofix /uninstall file. I searched the entire system and there are no files related to Combofix on my machine.



#9 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 04 July 2017 - 06:36 PM

If it is malicious, I'd be happy to remove ComboFix

ComboFix is far from being malicious and is an excellent programme but only if used by those who know its potential and the dangers of mis-using it
 

I just tried uninstalling it by following the instructions from https://www.bleepingcomputer.com/combofix/how-to-use-combofix, but I can't even find the combofix /uninstall file. I searched the entire system and there are no files related to Combofix on my machine.

The following instruction will ensure that all ComboFix traces are removed.


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up your computer and decrease the likelihood of getting infected again:

Antivirus

Please follow my previous advice and install an antivirus.

===================================================

Uninstall Combofix

Follow these steps to uninstall Combofix

  • click START then RUN
  • now type Combofix /uninstall in the runbox and click OK.

Note the space between the X and the /, it needs to be there.

CFuninstall.jpg

  • please follow the prompts to uninstall Combofix.
  • once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

======================

Download Malwarebytes Anti-Malware]. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

======================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

======================

Download WOT

Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:


green if it's safe
yellow for caution
red for unsafe
 

You can download the WOT add-on for Firefox, Chrome, Internet Explorer, Opera, and Safari browsers. It does not slow down your browsing experience, it is easy to use and free. Just click “Download” and you are ready to go!

======================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

======================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .

===================================================

I also recommend that you read the following:

Best Practices for Safe Computing - Prevention of Malware Infection by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#10 riktata332

riktata332
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 July 2017 - 07:06 PM

As I said earlier, I can't find any traces of Combofix on my computer. I'm 100% sure I followed the instructions right (included a space between x and /).

I ran Delfix, it did it's job, and I removed it.

I will download Avast, first thing in the morning.

I will also use some of the tools you recommended to prevent stuff like this from happening, and I'll be a lot more careful when browsing and downloading things.

Thank you for helping this paranoid nerd keep his computer safe and clean. :D



#11 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 05 July 2017 - 02:10 AM

I will download Avast, first thing in the morning.

I will also use some of the tools you recommended to prevent stuff like this from happening, and I'll be a lot more careful when browsing and downloading things.

:thumbup2:

 

Thank you for helping this paranoid nerd keep his computer safe and clean.

 

You're welcome.


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#12 satchfan

satchfan

  • Malware Response Team
  • 2,668 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:01:47 PM

Posted 05 July 2017 - 04:48 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users