Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PC will shutdown unless you press a key, Router and Networking issues


  • This topic is locked This topic is locked
30 replies to this topic

#1 -Cobra-

-Cobra-

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 10 September 2017 - 12:27 PM

https://www.bleepingcomputer.com/forums/t/654628/something-is-altering-my-networking-and-router-password-plus-other-stuff/#entry4312860

 

I have had more than a month of computer problems, system hangs/lockups, Router passwords being changed, Networking changing to Public unidentified network with no internet access and the latest a black box in the centre of my screen telling me that My PC will shutdown unless I press a key which occurred yesterday.

 

Firstly I am using Windows 7 x64 SP1. A wired (ethernet) router connected to my PC's. The only connection between the 2 PC's are a few flash drives which were NTFS formatted but one has since been erased (MBR), re-partitioned and formatted in Fat32. The flash drives are only used to transfer fairly small files so Fat32 is adequate and provides less avenue for exploitation.

 

I noticed some problems with my PC many weeks ago and I have tried to solve it without success. I am reluctant to make any online purchases such as replacement PC parts (see later) or anything else while malware could be present. I do have several images of the current windows partition which I could restore but until I know how this malware has spread from one PC to the other I do not want to waste time doing that because the chances are the restored windows could become infected. My idea is that it could be due to flash drives as that was the only connection between the PC's.

 

I have 2 PC's and I am now having to use my older PC because the others hard drive died. I lost 2 HDD's in one day! The one was down to an error I made but the other seemed to work fine until the day the other hard drive died, it then developed serious read errors when any checks were attempted. The SMART details for that drive show no problems and there are no unusual noises from the drive such as head knocking etc. This drive contained all my software, drivers and windows updates. Please note that I did not install anything from this drive to the older PC because it could not access the drive. The older PC software was getting quite old so I did have to update it. This was mainly browsers and email clients plus a few other things. These were all downloaded from the internet and the browsers such as Firefox, Waterfox and Thunderbird are pretty much 100% guaranteed malware free from their respective sites. Besides, the problems I am getting now are almost identical to what I was experiencing on my newer PC so I would say that the malware is identical which does not seem likely if it was something that I downloaded.

 

The failed drive is an internal 3.5" SATA drive housed in a Startech USB3.0 dual bay hard drive docking station SDOCK2U33HFW.

http://www.startech.com/HDD/Docking/USB-3-Dual-Hard-Drive-Docking-Station~SDOCK2U33HFW

I have contacted Startech asking them whether it was possible for the firmware of this docking station to be compromised and they told me that the firmware is not updatable at home. I did read about usb flash drives where the firmware could be compromised by malware, it seems a long shot but might explain both the compromise by the flash drives and the problems with the drive in the docking station if malware saw the drive as some large usb flash drive. Flashing firmware is probably manufacturer specific so that might not be possible.

 

I was having problems with my newer PC with problems with networking to my router which stopped internet access. This also affected my VOIP telephone which is only plugged into my router and not my PC's. I first noticed a problem when my router disconnected from the internet while I was trying to use VOIP. I did install some VPN software TrustVPN and a newer OpenVPN around the time these problems started but it could be totally unrelated. The ethernet connected not wifi etc router password was also changed and the logins were coming from my PC local network ie just the ethernet between my PC and router. I did change the 2 admin usernames to ones which are not so easy to guess previously Administrator which did seem to stop it. After I did that the problems with my router stopped but then other things started happening. Then I started losing internet access where the Network and Sharing page shows a Public Network under Network rather than Home Network. When this happens I lose internet access. This is happened on a number of occasions on both PC's.

 

I have done scans on the older PC with Malwarebytes AntiMalware 3 trial. I have also scanned with Microsoft security essentials and 360Total Security Essentials with Avira and Bitdefender engines and nothing was found. I have now uninstalled 360Total Security in case it is contributing to some of the problems. I tried installing MS Windows Malicious software removal tool and it failed to install from windows update with an unknown error. I did manage to download that and install it but it did not find anything. I have also scanned the new PC with eset online scanner but apart from finding PUP toolbars which I avoid installing, nothing relevant was found.

 

My PC seems to connect to some unusual IP addresses and urls. I include a list of them below:

These are all found by Outpost firewall Pro which I run in rules mode which prompts for every new application wanting internet access so I can see what is being connected to. It shows a popup asking for net access with port, direction, TCP, UDP, IP and or url. The problems still exist if Outpost firewall is disabled.

 

1/ Waterfox browser listening to port 55522 before the browser even starts, I use the profile selection and this port is listened to at the profile screen.

2/ Waterfox localhost loopback Port 54190

3/ Port 54940 but did not note the application

4/ Port 55453 and various ports around 55000-55008/9

5/ Listening to Port 55456 by localhost

5/ a95-101-128-232.deploy.akamaitechnologies.com (95.101.128.232) This came up when starting Waterfox but on the profile selection screen.

6/ a95-101-128-227.deploy.akamaitechnologies.com (95.101.128.227) Another which came up while on the profile screen of Waterfox

7/ 2.21.246.58 (HTTP) again while on the Waterfox profile select dialogue An IP lookup says this is Akamai Technologies

8/ 27-109-105-109.akamai-cluster-tug.nordu.net (HTTP)

There are many more connected to Akamai

9/ Port 54940 localhost loopback

10/ Some from China and Korea which is why I did uninstall 360Total to see if that stopped these accesses. ATM I cannot find the IP addresses that I noted down.

 

I did use sfc which found some problem files which it could not restore. I know that shellstyle and related was one because I altered this file to allow window colors to be altered because I dislike looking at white screens so I use more eye friendly colors including browser extensions to force dark colors on some websites such as google etc. This has made things worse in terms of windows use with many things not working correctly. MSE will no longer download updates and they have to be received from windows update. BTW windows update no longer works and microsoft windows update fixing tool makes no difference.

 

Further sfc scans in safe mode did fix some problems and then left my PC unusable. I had no option but to restore the partition from an image just to get back into windows.

 

The older PC X48 chipset Core 2 Quad is totally unstable and unusable for more than a short time, it frequently hangs. It did enode video successfully and temperatures are fine. It is currently using 3 unmatched memory modules 2x1GB and 1x2GB as the other 2GB died. I have run 15 passes of a cdrom booted memtest without errors. I do know that Gigabyte motherboards are very fussy with memory but it does seem to be running okay ATM. I was using a PCI-e v2 x4 2x6Gb SATA 3 card with 2xUSB 3.0 ports because the X48 chipset does not provide SATA 6Gb or USB3.0 which was used in one of the 2 PCI-e v2 ports on the motherboard which is a PCI-e x16 port usually used for graphics cards. A new USB3.0 cable blew the SATA/USB3.0 card and ruined my PCI-e slot. This might be contributing to the stability problems, there was not stability problems before that. I have tried altering the voltages in the Bios, raising chipset, PCI-e, CPU, RAM voltages with no improvement in stability.

 

After the harddrive was destroyed for my main PC Z77 chipset, I decided to try reinstalling Windows. I did have an installl which would not boot because the SATA ports got shorted by a cable that pulled out of a sensor. I was previously using Win 7 on the harddrive which died in IDE mode, AHCI mode will not work or install. I installed to the 30GB SSD on the motherboard which is designed to cache the hard drive and started setting things up how I like it. I did a few searches on bootkits and how to prevent them from running and how they can hide themselves and malware on flash drives. Sometime later a black rectangle came up on my screen saying "Your PC will shutdown in x (forgotten) minutes unless you press a key". There was also a dirty white screen which looked like a canvas texture which appeared early during boot. I think it suggests keylogging/monitoring and determining whether somone was using the PC. I pulled the network cable out and shutdown the PC. Searches suggest that this could be malware related because I have never seen Windows do this before. Normal windows update restart notifications work differently and nothing else I have is enabled to allow any shutdowns.

 

What I would like is to know what this malware is and how to stop it reinfecting my PC's. I really need to order some supplies online because I have been unable to do so for well over a month, mid August. My bank told me on the telephone that there have been no unauthorized payments which was a concern. The USB flash drives seems the obvious route to me. One is a 128GB USB 3.0 flash drive and I do not want to dispose of it because they are not inexpensive.

 

Could this be something which gets run before windows boots such as a bootkit? It seems strange that there could be what appears to be Malware activity on two PC's with very little shared between them apart from flash drives and software which has only been downloaded after I lost all the install files from my hard drive. Most of the software has digital certificates so should be clean.

 

BTW no one else has personal access to my PC's so I know with 100% certainty that no one has altered anything.

 

FRST and Addition scans for Older PC I will add scans from my newer PC ASAP.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-09-2017
Ran by TURB0 (administrator) on SENTINEL (10-09-2017 14:51:09)
Running from G:\Data Backup 2017-08-21\New Stuff Not Backed Up\FarBar
Loaded Profiles: TURB0 (Available Profiles: TURB0)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\psxss.exe
(Code Sector) C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
() C:\Program Files\Utilities\Task Managers\Prio\prio_svc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Microsoft Corporation) C:\Windows\System32\mqtgsvc.exe
(Microsoft Corporation) C:\Windows\System32\nfsclnt.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IvoSoft) C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicStartMenu.exe
(RaMMicHaeL) C:\Users\TURB0\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(f.lux Software LLC) C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe
(Hyperionics Technology LLC) C:\Program Files\Utilities\Windows Explorer Ext\FileBox eXtender\FileBX.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Pierre-Marie DEVIGNE) C:\Program Files (x86)\Utilities\Shell + Taskbar etc\Taskbar Activate\TaskbarActivate.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
() C:\Program Files\Utilities\Windows Explorer Ext\FileBox eXtender\Fbx32helper.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Utilities\Text Type Editors +Viewers\Notepad++\notepad++.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [00000000 0000-00-00] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => "C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicStartMenu.exe" -autorun
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\Utilities\Security\KeePass Password Safe 2\KeePass.exe [0000000 0000-00-00] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [000000 0000-00-00] (Oracle Corporation)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [000000 0000-00-00] (Renesas Electronics Corporation)
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Run: [SandboxieControl] => C:\Program Files\Utilities\Security\Sandboxie\SbieCtrl.exe [000000 0000-00-00] (Sandboxie Holdings, LLC)
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Run: [7 Taskbar Tweaker] => C:\Users\TURB0\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe [000000 0000-00-00] (RaMMicHaeL)
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Run: [NetMeter Evo] => C:\Users\TURB0\AppData\Roaming\NetMeter\NetMeterEvo.exe [0000000 0000-00-00] ()
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Run: [f.lux] => C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe [0000000 0000-00-00] (f.lux Software LLC)
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Policies\Explorer: [HideClock] 0
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [000000 0000-00-00] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
AppInit_DLLs: prio.dll => c:\program files\utilities\task managers\prio\prio.dll [00000 0000-00-00] (O&K Software)
AppInit_DLLs-x32: prio32.dll => c:\program files\utilities\task managers\prio\prio32.dll [00000 0000-00-00] (O&K Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk [2015-12-18]
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\Utilities\Windows Explorer Ext\FileBox eXtender\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk [2015-12-19]
ShortcutTarget: ClipCache Pro.lnk -> C:\Program Files\Utilities\Shell + Taskbar etc\ClipCache\clipc.exe (XRayz Software)
Startup: C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskbar Activate.lnk [2017-09-05]
ShortcutTarget: Taskbar Activate.lnk -> C:\Program Files (x86)\Utilities\Shell + Taskbar etc\Taskbar Activate\TaskbarActivate.exe (Pierre-Marie DEVIGNE)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{7FA2DE79-31AF-49BC-A0F8-610C196CECDF}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{A058418D-E4AC-4736-8EBF-21465A236209}: [NameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Internet\Java\bin\ssv.dll [2017-09-05] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Internet\Java\bin\jp2ssv.dll [2017-09-05] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicIEDLL_64.dll [2015-11-12] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicIEDLL_32.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer32.dll [2015-11-12] (IvoSoft)

FireFox:
========
FF DefaultProfile: profile.default
FF DefaultProfile: w55vy6b4.default
FF ProfilePath: C:\Users\TURB0\AppData\Roaming\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default [2015-12-18]
FF Extension: (HTTPS-Everywhere) - C:\Users\TURB0\AppData\Roaming\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\Extensions\https-everywhere@eff.org [2015-12-18] [not signed]
FF Extension: (TorLauncher) - C:\Users\TURB0\AppData\Roaming\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\Extensions\tor-launcher@torproject.org.xpi [2000-01-01] [not signed]
FF Extension: (Torbutton) - C:\Users\TURB0\AppData\Roaming\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\Extensions\torbutton@torproject.org.xpi [2000-01-01] [not signed]
FF Extension: (NoScript) - C:\Users\TURB0\AppData\Roaming\Tor Browser\Browser\TorBrowser\Data\Browser\profile.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2000-01-01]
FF ProfilePath: C:\Users\TURB0\AppData\Roaming\Moonchild Productions\Pale Moon\Profiles\w55vy6b4.default [2015-12-16]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Internet\Java\bin\dtplugin\npDeployJava1.dll [2017-09-05] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Internet\Java\bin\plugin2\npjp2.dll [2017-09-05] (Oracle Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [000000 0000-00-00] (Microsoft Corporation)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [00000 0000-00-00] (Microsoft Corporation)
R2 iprip; C:\Windows\System32\iprip.dll [00000 0000-00-00] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [00000 0000-00-00] (Microsoft Corporation)
R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [000000 0000-00-00] (Microsoft Corporation)
R2 NfsClnt; C:\Windows\system32\nfsclnt.exe [00000 0000-00-00] (Microsoft Corporation)
S3 PAExec; C:\Windows\PAExec.exe [000000 0000-00-00] (Power Admin LLC)
R2 prio_svc; C:\Program Files\Utilities\Task Managers\Prio\prio_svc.exe [00000 0000-00-00] ()
R2 SbieSvc; C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe [000000 0000-00-00] (Sandboxie Holdings, LLC)
R2 SNMP; C:\Windows\System32\snmp.exe [00000 0000-00-00] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [00000 0000-00-00] (Microsoft Corporation)
R2 TeraCopyService; C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyService.exe [000000 0000-00-00] (Code Sector)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [00000 0000-00-00] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [0000000 0000-00-00] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [00000 0000-00-00] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [00000 0000-00-00] (Asmedia Technology)
S3 cpuz143; C:\Windows\temp\cpuz143\cpuz143_x64.sys [00000 0000-00-00] (CPUID)
S3 EtronSTOR; C:\Windows\System32\Drivers\EtronSTOR.sys [00000 0000-00-00] (Etron Technology Inc) [File not signed]
R3 NfsRdr; C:\Windows\System32\drivers\nfsrdr.sys [000000 0000-00-00] (Microsoft Corporation)
S3 PinnacleRoyalTS; C:\Windows\System32\DRIVERS\RoyalTS64.sys [000000 0000-00-00] (Pinnacle Systems GmbH)
R3 PsxDrv; C:\Windows\System32\drivers\psxdrv.sys [00000 0000-00-00] (Microsoft Corporation)
R3 RpcXdr; C:\Windows\System32\drivers\rpcxdr.sys [000000 0000-00-00] (Microsoft Corporation)
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [000000 0000-00-00] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [000000 0000-00-00] (Renesas Electronics Corporation)
R3 SbieDrv; C:\Program Files\Utilities\Security\Sandboxie\SbieDrv.sys [000000 0000-00-00] (Sandboxie Holdings, LLC)
U5 UnlockerDriver5; C:\Program Files\Utilities\Windows Explorer Ext\Unlocker\UnlockerDriver5.sys [00000 0000-00-00] ()
S3 ALSysIO; \??\C:\Users\TURB0\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 EtronHub3; System32\Drivers\EtronHub3.sys [X]
S3 EtronXHCI; System32\Drivers\EtronXHCI.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 14:08 - 2017-09-10 14:51 - 000000000 ____D C:\FRST
2017-09-09 22:59 - 2017-09-09 22:59 - 000006576 ____N C:\bootsqm.dat
2017-09-08 22:36 - 2017-09-08 22:44 - 000000000 ____D C:\Temp
2017-09-08 21:54 - 2017-09-09 23:01 - 000002031 _____ C:\Users\TURB0\Desktop\XP_SystemUptime.exe.lnk
2017-09-06 15:54 - 2017-09-06 15:54 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Oracle
2017-09-06 15:47 - 2017-08-30 17:43 - 000189112 _____ (Power Admin LLC) C:\Windows\PAExec.exe
2017-09-06 11:31 - 2017-09-06 11:31 - 000000000 ____D C:\Users\TURB0\Documents\OCCT
2017-09-06 10:07 - 2017-09-06 10:07 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\LibreOffice
2017-09-06 10:07 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-09-06 10:07 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-09-06 01:49 - 2017-09-06 01:49 - 000001170 _____ C:\Users\TURB0\Desktop\FileBox eXtender.lnk
2017-09-05 21:55 - 2017-09-10 13:56 - 001001060 _____ C:\Windows\ntbtlog.txt
2017-09-05 20:54 - 2017-09-05 20:54 - 000000000 ____D C:\26fd54d16687322332b9a7b8c2e92e
2017-09-05 20:05 - 2017-09-05 20:05 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-05 19:57 - 2017-09-05 19:57 - 000002315 _____ C:\Users\Public\Desktop\72-10415 v4.01.lnk
2017-09-05 19:57 - 2017-09-05 19:57 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM
2017-09-05 19:54 - 2017-09-05 19:54 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-05 19:54 - 2017-09-05 19:54 - 000000000 ____D C:\Program Files (x86)\AGEIA Technologies
2017-09-05 19:53 - 2017-09-05 19:53 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-05 19:53 - 2015-10-13 18:26 - 006783280 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2017-09-05 19:53 - 2015-10-13 18:26 - 003522168 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2017-09-05 19:53 - 2015-10-13 18:26 - 002557616 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2017-09-05 19:53 - 2015-10-13 18:26 - 000933168 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2017-09-05 19:53 - 2015-10-13 18:26 - 000384176 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2017-09-05 19:53 - 2015-10-13 18:26 - 000062584 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2017-09-05 19:53 - 2015-10-13 17:19 - 005972783 _____ C:\Windows\system32\nvcoproc.bin
2017-09-05 19:52 - 2015-10-13 20:00 - 031514288 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 024199344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 022993200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 018634072 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 017559432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 016128576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 015293104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 014497568 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 013916600 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 013828224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 012898992 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2017-09-05 19:52 - 2015-10-13 20:00 - 011272048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 011209376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 004245624 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 003986608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 003209920 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 002823992 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 001908528 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434192.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 001556656 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434192.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 001515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000944304 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000907440 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000903472 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000869040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2017-09-05 19:52 - 2015-10-13 20:00 - 000031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2017-09-05 19:52 - 2015-10-13 20:00 - 000026155 _____ C:\Windows\system32\nvinfo.pb
2017-09-05 19:51 - 2017-09-05 19:53 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-05 16:11 - 2017-09-05 16:11 - 000001756 _____ C:\Users\Public\Desktop\LibreOffice 5.4.lnk
2017-09-05 16:11 - 2017-09-05 16:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.4
2017-09-05 15:07 - 2017-09-05 15:07 - 000001478 _____ C:\Users\TURB0\Desktop\Moo0 Window Menu Plus 1.20.lnk
2017-09-05 15:07 - 2017-09-05 15:07 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
2017-09-05 15:02 - 2017-09-05 15:02 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ser2pl64_01009.Wdf
2017-09-05 15:02 - 2017-03-03 15:36 - 000202016 _____ (Prolific Technology Inc.) C:\Windows\system32\Drivers\ser2pl64.sys
2017-09-05 15:02 - 2017-03-01 15:07 - 000043520 _____ (Windows (R) Codename Longhorn DDK provider) C:\Windows\system32\ser2pl.dll
2017-09-05 15:02 - 2009-07-14 14:21 - 001721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\2C0A
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0C0A
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0C04
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0816
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0804
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0424
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\041F
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\041E
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\041D
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\041B
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0419
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0416
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0415
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0414
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0413
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0412
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0411
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0410
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\040E
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\040D
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\040C
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\040B
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\040A
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0408
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0407
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0406
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0405
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0404
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Windows\system32\0401
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\ProgramData\Downloaded Installations
2017-09-05 14:56 - 2017-09-05 14:56 - 000000000 ____D C:\Program Files (x86)\Renesas Electronics
2017-09-05 14:53 - 2017-09-10 14:49 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\TeraCopy
2017-09-05 14:53 - 2017-09-05 14:54 - 000001360 _____ C:\Users\TURB0\Desktop\TeraCopy.lnk
2017-09-05 14:53 - 2017-09-05 14:53 - 000002145 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
2017-09-05 14:53 - 2017-09-05 14:53 - 000000000 ___HD C:\Users\TURB0\AppData\Roaming\Obsidium
2017-09-05 14:53 - 2017-09-05 14:53 - 000000000 ___HD C:\Users\TURB0\.obs32
2017-09-05 14:51 - 2017-09-05 14:51 - 000002095 _____ C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-09-05 14:51 - 2017-09-05 14:51 - 000000000 ____D C:\Users\TURB0\AppData\Local\FluxSoftware
2017-09-05 14:49 - 2017-09-05 14:49 - 000000000 ____D C:\Windows\System32\Tasks\UltraSearch
2017-09-05 14:48 - 2017-09-10 14:08 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\UltraSearch
2017-09-05 14:45 - 2017-09-05 14:45 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Sun
2017-09-05 14:44 - 2017-09-05 14:44 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-09-05 14:44 - 2017-09-05 14:44 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Sun
2017-09-05 14:44 - 2017-09-05 14:44 - 000000000 ____D C:\ProgramData\Oracle
2017-09-05 14:44 - 2017-09-05 14:44 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-05 14:42 - 2017-09-05 14:42 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-09-05 14:39 - 2017-09-05 14:39 - 000000000 ____D C:\Windows\system32\appmgmt
2017-09-05 14:19 - 2017-09-05 14:19 - 000000017 _____ C:\Users\TURB0\AppData\Local\resmon.resmoncfg
2017-08-30 04:16 - 2017-08-30 04:20 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\PDFXchange Viewer
2017-08-24 07:54 - 2008-11-04 18:21 - 000098144 _____ (JMicron Technology Corp.) C:\Windows\system32\Drivers\jraid.sys
2017-08-21 10:40 - 2017-09-05 15:17 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\DesktopOK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 14:47 - 2015-12-18 16:51 - 000000000 ____D C:\Users\TURB0\AppData\Local\ClassicShell
2017-09-10 14:43 - 2009-07-14 06:13 - 000832286 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-10 14:43 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-10 14:38 - 2015-12-16 10:21 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-10 14:26 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 14:26 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 14:05 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\inetsrv
2017-09-10 14:03 - 2015-12-16 11:36 - 000025640 _____ (Windows (R) Server 2003 DDK provider) C:\Windows\gdrv.sys
2017-09-10 14:03 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-10 14:01 - 2015-12-17 06:14 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\KeePass
2017-09-06 15:48 - 2009-07-14 06:08 - 000009434 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2017-09-06 15:35 - 2015-12-16 20:39 - 000007734 _____ C:\Windows\Sandboxie.ini
2017-09-05 21:59 - 2015-12-16 10:14 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-05 20:05 - 2015-12-16 12:43 - 000078280 _____ C:\Users\TURB0\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-05 20:05 - 2009-07-14 05:45 - 000351208 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-05 19:57 - 2015-12-16 22:48 - 000000000 ____D C:\Program Files (x86)\Utilities
2017-09-05 19:53 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Help
2017-09-05 19:50 - 2015-12-16 10:00 - 000802354 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-05 16:55 - 2015-12-17 02:29 - 000000000 ____D C:\Users\TURB0\AppData\Local\ElevatedDiagnostics
2017-09-05 16:11 - 2015-12-16 10:34 - 000000000 ____D C:\Program Files\Utilities
2017-09-05 16:03 - 2015-12-16 13:08 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-09-05 16:03 - 2015-12-16 12:25 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2017-09-05 14:56 - 2011-04-12 09:17 - 000000000 ____D C:\Windows\system32\0409
2017-09-05 14:53 - 2015-12-16 10:07 - 000000000 ____D C:\Users\TURB0
2017-09-05 14:44 - 2015-12-16 10:35 - 000000000 ____D C:\Program Files\Internet
2017-09-05 14:38 - 2015-12-16 22:56 - 000001428 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-09-05 14:35 - 2015-12-17 04:53 - 000001400 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-09-05 14:35 - 2015-12-17 04:53 - 000001388 _____ C:\Users\TURB0\Desktop\KeePass 2.lnk

==================== Files in the root of some directories =======

2017-09-05 14:19 - 2017-09-05 14:19 - 000000017 _____ () C:\Users\TURB0\AppData\Local\resmon.resmoncfg

Some files in TEMP:
====================
2015-08-03 00:58 - 2015-08-03 00:58 - 000118784 _____ () C:\Users\TURB0\AppData\Local\Temp\xmlUpdater.exe
2017-09-10 14:39 - 2015-11-17 10:56 - 002535376 _____ (Paramount Software UK Ltd) C:\Users\TURB0\AppData\Local\Temp\xReflect.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-05 16:48

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-09-2017
Ran by TURB0 (10-09-2017 14:51:27)
Running from G:\Data Backup 2017-08-21\New Stuff Not Backed Up\FarBar
Windows 7 Ultimate Service Pack 1 (X64) (2015-12-16 09:07:31)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-0-0-00-0000000000-3822384890-0000000000-000 - Administrator - Disabled)
Guest (S-0-0-00-0000000000-3822384890-0000000000-000 - Limited - Disabled)
HomeGroupUser$ (S-0-0-00-0000000000-3822384890-0000000000-0000 - Limited - Enabled)
TURB0 (S-0-0-00-0000000000-3822384890-0000000000-0000 - Administrator - Enabled) => C:\Users\TURB0

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.1 (HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\7 Taskbar Tweaker) (Version: 5.1 - RaMMicHaeL)
72-10415 Interface Program Ver 4.01 (HKLM-x32\...\{65E02FF0-2D48-4975-B3C5-1ED361D0539F}) (Version: 4.01 -  )
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{DF6C3726-7E53-4772-9763-E9F147769F51}) (Version: 3.1.8.0000 - Asmedia Technology)
Classic Shell (HKLM\...\{D4B3454F-7529-4F5F-851D-2C36933F7D64}) (Version: 4.2.5 - IvoSoft)
ClipCache Pro 3.5.3 (HKLM\...\ClipCache_is1) (Version:  - XRayz Software)
DVBViewer Pro (HKLM-x32\...\DVBViewer Pro_is1) (Version: 5.5.2.0 - CM&V)
f.lux (HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\...\Flux) (Version:  - f.lux Software LLC)
FileBox eXtender (HKLM\...\{23236FC2-648D-4ACF-AD16-68492D0F0AC9}) (Version: 2.1.0 - Hyperionics Technology LLC) Hidden
FileBox eXtender (HKLM-x32\...\FileBox eXtender) (Version:  - Hyperionics Technology LLC)
GetDiz (HKLM-x32\...\GetDiz) (Version: 4.9 - Outertech)
HashTab 5.2.0.14 (HKLM\...\HashTab) (Version: 5.2.0.14 - Implbits Software)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
Intel(R) Chipset Device Software (HKLM-x32\...\{98f335cd-0a32-4b3f-b74c-ef9480e834f0}) (Version: 10.0.27 - Intel(R) Corporation) Hidden
IrfanView (uninstall) (HKLM\...\IrfanView) (Version:  - )
IrfanView 64 (remove only) (HKLM\...\IrfanView64) (Version: 4.41 - Irfan Skiljan)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JD's Proxomitron Config Set (remove only) (HKLM-x32\...\JDList) (Version:  - )
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
LibreOffice 5.4.0.3 (HKLM\...\{992C4FE4-C278-4B62-A8B1-6FACB8E62980}) (Version: 5.4.0.3 - The Document Foundation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft OpenType Font File Properties Extension (HKLM-x32\...\{45EA11B5-874D-480E-89B9-2545505BBE3E}) (Version: 2.30.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215 (HKLM-x32\...\{e2803110-78b3-4664-a479-3611a381656a}) (Version: 14.0.24215.1 - Microsoft Corporation)
Moo0 Window Menu Plus 1.20 (HKLM-x32\...\Moo0 WindowMenuPlus) (Version:  - )
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
NVIDIA Graphics Driver 341.92 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.92 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
Pale Moon 25.8.1 (x64 en-US) (HKLM\...\Pale Moon 25.8.1 (x64 en-US)) (Version: 25.8.1 - Moonchild Productions)
PL2303 USB-to-Serial Driver (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.18.0 - Prolific Technology INC)
Prio (HKLM\...\Prio) (Version: 2.0.0.2960 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6438 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.9 - Samsung Electronics)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Taskbar Activate (HKLM-x32\...\Taskbar Activate) (Version:  - )
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
The Proxomitron Ver. Naoko-4.5 (HKLM-x32\...\The Proxomitron - Universal Web Filter_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Utilities\Windows Explorer Ext\Classic Shell\ClassicExplorer64.dll [2015-11-12] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-0000-000000000000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Utilities\Text Type Editors +Viewers\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Windows Explorer Ext\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-0000-000000000000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\Windows\system32\nvshext.dll [2015-10-13] (NVIDIA Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-0000-000000000000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2015-11-12] (IvoSoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Windows Explorer Ext\Unlocker\UnlockerCOM.dll [2010-07-15] ()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0AF1EA44-87F6-4B35-B88A-688468C3361F} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Utilities\Files + Folders + Drives\Samsung Magician\Samsung Magician.exe [2015-11-06] (Samsung Electronics.)
Task: {687D33F5-EF57-4048-9F27-E3E7FBD1180A} - System32\Tasks\UltraSearch\UltraSearch_SkipUAC_TURB0 => C:\Users\TURB0\AppData\Roaming\UltraSearch\UltraSearch.exe [2016-07-19] (JAM Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-05 19:53 - 2015-10-13 18:26 - 000125616 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 000020032 _____ () C:\Program Files\Utilities\Windows Explorer Ext\Unlocker\UnlockerCOM.dll
2017-09-05 14:53 - 2016-12-07 15:40 - 003681104 _____ () C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopyExt.dll
2012-11-08 20:30 - 2012-11-08 20:30 - 000012656 _____ () C:\Program Files\Utilities\Task Managers\Prio\prio_svc.exe
2017-06-18 22:44 - 2017-06-18 22:44 - 000230064 _____ () C:\Program Files (x86)\Utilities\Text Type Editors +Viewers\Notepad++\NppShell_06.dll
2017-09-05 14:53 - 2017-03-14 15:51 - 001714688 _____ () C:\Program Files\Utilities\Files + Folders + Drives\TeraCopy\TeraCopy64.dll
2011-02-23 16:04 - 2011-02-23 16:04 - 000080896 _____ () C:\Program Files\Utilities\Windows Explorer Ext\FileBox eXtender\FbxRes.dll
2011-02-23 16:09 - 2011-02-23 16:09 - 000007680 _____ () C:\Program Files\Utilities\Windows Explorer Ext\FileBox eXtender\Fbx32helper.exe
2017-06-18 22:44 - 2017-06-18 22:44 - 000021680 _____ () C:\Program Files (x86)\Utilities\Text Type Editors +Viewers\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-0-0-00-0000000000-3822384890-0000000000-0000\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TelnetServer-TlntSvr-TCP-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [TelnetServer-Tlntadmn-RPC-In] => (Allow) %systemroot%\system32\tlntsvr.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-UDP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [Microsoft-Windows-NFS-ClientCore-NfsClnt-TCP-Out] => (Allow) %systemroot%\system32\nfsclnt.exe
FirewallRules: [ScanManagement-RCWS-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [ScanManagement-WSD-Out-TCP] => (Allow) %SystemRoot%\System32\mmc.exe
FirewallRules: [{A947E3D3-58B7-4D3F-BF16-3E0EDEC614DD}] => (Allow) C:\Program Files (x86)\Graphics + Video\TV + Media Appz\DVBViewer\dvbviewer.exe
FirewallRules: [{07F9B0A6-29B3-4E91-94AB-A9DE2D5CAD35}] => (Allow) C:\Program Files (x86)\Graphics + Video\TV + Media Appz\DVBViewer\dvbviewer.exe

==================== Restore Points =========================

05-09-2017 15:52:18 Before dotNet install and nvidia driver install
05-09-2017 16:10:55 Installed LibreOffice 5.4.0.3
05-09-2017 19:57:38 Installed 72-10415 Interface Program Ver 4.01.
05-09-2017 20:36:34 Installed Microsoft Visual C++ 2005 Redistributable (x64)
05-09-2017 20:36:50 Installed Microsoft Visual C++ 2005 Redistributable
05-09-2017 20:38:48 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
05-09-2017 20:39:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
05-09-2017 20:40:39 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
05-09-2017 20:42:32 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660
05-09-2017 20:53:18 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
05-09-2017 21:31:48 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
05-09-2017 21:36:41 Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24215
05-09-2017 21:37:04 Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24215
06-09-2017 10:07:31 Windows Update
06-09-2017 15:41:07 RAPID
10-09-2017 14:38:43 Removed Energy Saver Advance B9.0904.1
10-09-2017 14:39:14 Removed Macrium Reflect Free Edition

==================== Faulty Device Manager Devices =============

Name: LG 24GM77(HDMI)
Description: LG 24GM77(HDMI)
Class Guid: {4d36e96e-e325-11ce-bfc1-08002be10318}
Manufacturer: LG
Service: monitor
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Realtek PCIe GBE Family Controller #2
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2017 02:51:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:51:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:49:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:49:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.

Error: (09/10/2017 02:49:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 4107) (User: )
Description: Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.


System errors:
=============
Error: (09/10/2017 02:35:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2017 02:35:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The GEST Service for program management. service terminated unexpectedly.  It has done this 1 time(s).

Error: (09/10/2017 02:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lavalys EVEREST Kernel Driver service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/10/2017 02:24:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Lavalys EVEREST Kernel Driver service failed to start due to the following error: 
Windows cannot verify the digital signature for this file. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Error: (09/10/2017 02:03:58 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (09/10/2017 01:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 01:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 01:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 01:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 01:31:01 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.


CodeIntegrity:
===================================
  Date: 2017-09-10 14:24:07.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TURB0\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-10 14:24:07.170
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\TURB0\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-10 14:24:07.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Data Backup 2017-08-21\New Stuff Not Backed Up\everesthome220\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-10 14:24:07.154
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume6\Data Backup 2017-08-21\New Stuff Not Backed Up\everesthome220\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 Quad CPU Q9450 @ 2.66GHz
Percentage of memory in use: 27%
Total physical RAM: 4094.48 MB
Available physical RAM: 2957.23 MB
Total Virtual: 12219.68 MB
Available Virtual: 10977.13 MB

==================== Drives ================================

Drive c: (Windows #3) (Fixed) (Total:130 GB) (Free:107.54 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive d: (Source) (Fixed) (Total:105 GB) (Free:104.88 GB) NTFS
Drive e: (Encodes) (Fixed) (Total:72.81 GB) (Free:50.26 GB) NTFS
Drive f: (SWAP) (Fixed) (Total:8 GB) (Free:0.01 GB) NTFS
Drive g: (SeagateData) (Fixed) (Total:224.87 GB) (Free:20.04 GB) NTFS
Drive i: (KING4) (Removable) (Total:3.62 GB) (Free:3.61 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 622460D0)
Partition 1: (Not Active) - (Size=130 GB) - (Type=17)
Partition 2: (Active) - (Size=130 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=205.8 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: 74892B2A)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 3.6 GB) (Disk ID: 368A2BEA)
Partition 1: (Active) - (Size=3.6 GB) - (Type=0B)

==================== End of Addition.txt ============================


BC AdBot (Login to Remove)

 


#2 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 10 September 2017 - 03:41 PM

These are from my newer PC and this has the strange screen when my PC boots. I have included one jpeg of a picture that I took but it does not show what is happening. The screen changes in an animation type way where the patterns change and brightness alters. I did create a tiny movie of it with my camera, very low resolution about 640x480 the highest my camera will do and 2 or 3 seconds but it does show the effect better than the still image. I encoded it to XVid but I have been unable to attach the video to this post, not even compressed with 7zip. If there is a way of me to attach it in some way then tell me and I will upload it.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 10-09-2017
Ran by TURB0 (administrator) on SENTINEL_1 (10-09-2017 19:36:07)
Running from E:\Downloads\New 20170908\FarBar
Loaded Profiles: TURB0 (Available Profiles: TURB0)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe
(Agnitum Ltd.) C:\Program Files\Internet\Outpost Firewall Pro\acs.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Moo0) C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\WindowMenuPlus\WindowMenuPlus.exe
(Moo0) C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\WindowMenuPlus\WindowMenuPlus64.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Agnitum Ltd.) C:\Program Files\Internet\Outpost Firewall Pro\op_mon.exe
(IvoSoft) C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicStartMenu.exe
(f.lux Software LLC) C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe
(Sandboxie Holdings, LLC) C:\Program Files\Utilities\Security\Sandboxie\SbieCtrl.exe
(Nenad Hrg SoftwareOK) E:\Backups\Downloads\DesktopOK_4.74_x64\DesktopOK_x64.exe
(Hyperionics Technology LLC) C:\Program Files\Utilities\Explorer+TaskBar+Shell\FileBox eXtender\FileBX.exe
(Pierre-Marie DEVIGNE) C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\Taskbar Activate\TaskbarActivate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\Utilities\Explorer+TaskBar+Shell\FileBox eXtender\Fbx32helper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Groom-A-Zebu (tm) ) C:\Program Files (x86)\Internet\Browsers\Proxomitron Naoko-4\Proxomitron.exe
(Don HO don.h@free.fr) C:\Program Files (x86)\Utilities\Text+nfo+Office\Notepad++\notepad++.exe
(Farbar) E:\Downloads\New 20170908\FarBar\FRST64_20170910.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Internet\Outpost Firewall Pro\op_mon.exe [4544208 2015-11-30] (Agnitum Ltd.)
HKLM\...\Run: [Classic Start Menu] => "C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicStartMenu.exe" -autorun
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\Utilities\Security\KeePass Password Safe 2\KeePass.exe [3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07-21] (Oracle Corporation)
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\...\Run: [f.lux] => C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe [1661432 2017-08-04] (f.lux Software LLC)
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\...\Run: [SandboxieControl] => C:\Program Files\Utilities\Security\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\...\Run: [DesktopOK] => E:\Backups\Downloads\DesktopOK_4.74_x64\DesktopOK_x64.exe [578560 2017-08-03] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\internet\outpos~1\wl_hoo~1.dll => c:\Program Files\Internet\Outpost Firewall Pro\wl_hook64.dll [1431024 2015-11-26] (Agnitum Ltd.)
AppInit_DLLs-x32: c:\progra~1\internet\outpos~1\wl_hook.dll => c:\Program Files\Internet\Outpost Firewall Pro\wl_hook.dll [1056664 2015-11-26] (Agnitum Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk [2017-09-08]
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\Utilities\Explorer+TaskBar+Shell\FileBox eXtender\FileBX.exe (Hyperionics Technology LLC)
Startup: C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskbar Activate.lnk [2017-09-07]
ShortcutTarget: Taskbar Activate.lnk -> C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\Taskbar Activate\TaskbarActivate.exe (Pierre-Marie DEVIGNE)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{0759AB9F-5A67-4801-BCA9-39584710E10C}: [NameServer] 37.235.1.174,84.200.69.80,37.235.1.177,84.200.70.40,91.239.100.100

Internet Explorer:
==================
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-gb
HKU\S-1-5-21-1321973777-391666854-3262775668-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/en-gb/?ocid=iehp
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Utilities\Programming\Java\bin\ssv.dll [2017-09-07] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Utilities\Programming\Java\bin\jp2ssv.dll [2017-09-07] (Oracle Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicIEDLL_64.dll [2017-08-13] (IvoSoft)
BHO-x32: IeCatch5 Class -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\Internet\Downloaders\FlashGet\Jccatch.dll [2006-05-16] (FlashGet)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicIEDLL_32.dll [2017-08-13] (IvoSoft)
BHO-x32: gFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\Internet\Downloaders\FlashGet\getflash.dll [2006-09-12] ()
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
Toolbar: HKLM-x32 - FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\Internet\Downloaders\FlashGet\fgiebar.dll [2005-06-07] (Amaze Soft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer32.dll [2017-08-13] (IvoSoft)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Utilities\Programming\Java\bin\dtplugin\npDeployJava1.dll [2017-09-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Utilities\Programming\Java\bin\plugin2\npjp2.dll [2017-09-07] (Oracle Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 acssrv; C:\Program Files\Internet\Outpost Firewall Pro\acs.exe [3421008 2015-11-30] (Agnitum Ltd.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-04-24] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 SbieSvc; C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
R2 TeraCopyService; C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code Sector)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [52904 2015-07-21] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [465072 2015-07-21] (Agnitum Ltd.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R1 SandBox; C:\Windows\system32\drivers\SandBox64.sys [1712168 2015-11-18] (Agnitum Ltd.)
R3 SbieDrv; C:\Program Files\Utilities\Security\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
U5 UnlockerDriver5; C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 ALSysIO; \??\C:\Users\TURB0\AppData\Local\Temp\ALSysIO64.sys [X] <==== ATTENTION
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 19:27 - 2017-09-10 19:27 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2017-09-10 19:10 - 2017-09-10 19:36 - 000000000 ____D C:\FRST
2017-09-10 18:59 - 2017-09-10 18:59 - 000003288 ____N C:\bootsqm.dat
2017-09-10 18:58 - 2017-09-10 18:58 - 000188156 _____ C:\Windows\ntbtlog.txt
2017-09-08 16:21 - 2017-09-08 16:21 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\WinRAR
2017-09-08 16:21 - 2017-09-08 16:21 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-08 16:21 - 2017-09-08 16:21 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2017-09-08 16:09 - 2017-09-08 16:09 - 000051564 _____ C:\Users\TURB0\Documents\ESET Scan log.txt
2017-09-08 15:17 - 2017-09-08 15:17 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\MPC-HC
2017-09-08 14:55 - 2017-09-08 14:55 - 000002241 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2017-09-08 14:55 - 2017-09-08 14:55 - 000000000 ____D C:\Program Files\Graphics+Video
2017-09-08 13:38 - 2017-09-08 14:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics+Video
2017-09-08 11:11 - 2017-09-08 11:11 - 000000000 ____D C:\Users\TURB0\AppData\Local\ESET
2017-09-08 04:00 - 2017-09-08 04:00 - 000000000 ____D C:\Windows\rescache
2017-09-08 02:09 - 2017-09-08 02:09 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Hyperionics
2017-09-08 02:08 - 2017-09-08 02:08 - 000001173 _____ C:\Users\Public\Desktop\FileBox eXtender.lnk
2017-09-08 02:08 - 2017-09-08 02:08 - 000000000 ___HD C:\ProgramData\{7A94EF79-C34B-444E-BECC-25AB7D77AA78}
2017-09-08 02:01 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2017-09-08 02:01 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2017-09-08 01:16 - 2017-09-08 01:16 - 000003588 _____ C:\Windows\System32\Tasks\Moo0 Window Menu Plus 1.20
2017-09-08 00:02 - 2017-09-08 00:02 - 000000000 ____D C:\Windows\RegBak
2017-09-08 00:01 - 2017-09-08 00:02 - 000000078 _____ C:\Windows\system32\SENTINEL_1.Windows 7 Ultimate, 64-bit Service Pack 1 (build 7601).txt
2017-09-07 22:21 - 2017-09-07 22:56 - 000000655 _____ C:\Users\TURB0\Desktop\XMPlay.lnk
2017-09-07 21:52 - 2017-09-07 21:52 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2017-09-07 21:27 - 2017-09-07 21:27 - 000001314 _____ C:\Users\TURB0\Desktop\Moo0 World Time 1.18.lnk
2017-09-07 21:21 - 2017-09-07 21:21 - 000000000 ____D C:\Users\TURB0\AppData\Local\CrashDumps
2017-09-07 21:02 - 2017-09-07 21:02 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-07 21:00 - 2017-09-07 21:13 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-07 21:00 - 2017-09-07 21:00 - 000000861 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2017-09-07 21:00 - 2017-09-07 21:00 - 000000000 ____D C:\Program Files\RogueKiller
2017-09-07 20:45 - 2017-09-07 21:27 - 000003284 _____ C:\Windows\System32\Tasks\RunAsStdUser Task
2017-09-07 20:45 - 2017-09-07 20:45 - 000000000 ____D C:\Windows\system32\ShellExtBridge
2017-09-07 20:41 - 2017-09-07 21:27 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
2017-09-07 20:41 - 2017-09-07 20:41 - 000001451 _____ C:\Users\TURB0\Desktop\Moo0 Window Menu Plus 1.20.lnk
2017-09-07 20:19 - 2017-09-07 20:25 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\DesktopOK
2017-09-07 20:12 - 2017-09-07 20:17 - 000194574 _____ C:\TDSSKiller.3.1.0.15_07.09.2017_20.12.33_log.txt
2017-09-07 20:01 - 2017-09-07 20:01 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-09-07 20:01 - 2017-09-07 20:01 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Sun
2017-09-07 20:01 - 2017-09-07 20:01 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Sun
2017-09-07 20:01 - 2017-09-07 20:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2017-09-07 20:00 - 2017-09-07 20:00 - 000000000 ____D C:\ProgramData\Oracle
2017-09-07 19:57 - 2017-09-07 19:57 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\LibreOffice
2017-09-07 19:53 - 2017-09-10 19:17 - 000000146 _____ C:\Windows\system32\config\rules.rdb
2017-09-07 19:53 - 2017-09-08 02:08 - 000006196 _____ C:\Windows\system32\config\afw_db.conf
2017-09-07 19:53 - 2017-09-08 02:08 - 000000796 _____ C:\Windows\system32\config\afw_hm.conf
2017-09-07 19:53 - 2017-09-07 21:32 - 000115712 _____ C:\Windows\system32\config\sscan.xas
2017-09-07 19:53 - 2017-09-07 19:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Agnitum
2017-09-07 19:53 - 2015-11-18 01:05 - 001712168 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\SandBox64.sys
2017-09-07 19:53 - 2015-07-21 22:11 - 000465072 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afwcore.sys
2017-09-07 19:53 - 2015-07-21 20:24 - 000052904 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afw.sys
2017-09-07 19:52 - 2017-09-07 19:53 - 000000000 ____D C:\Program Files\Internet
2017-09-07 19:51 - 2017-09-07 19:51 - 000000000 ____D C:\ProgramData\Agnitum
2017-09-07 19:45 - 2017-09-07 19:46 - 000375302 _____ C:\TDSSKiller.3.1.0.15_07.09.2017_19.45.05_log.txt
2017-09-07 19:02 - 2017-09-08 03:14 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\KeePass
2017-09-07 18:45 - 2017-09-07 18:45 - 000000000 ____D C:\Windows\system32\appmgmt
2017-09-07 18:18 - 2017-09-08 13:38 - 000000000 ____D C:\Program Files (x86)\Graphics+Video
2017-09-07 18:18 - 2017-09-07 18:18 - 000001282 _____ C:\Users\Public\Desktop\IrfanView.lnk
2017-09-07 18:18 - 2017-09-07 18:18 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\IrfanView
2017-09-07 18:18 - 2017-09-07 18:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2017-09-07 16:12 - 2017-09-07 16:12 - 000000138 _____ C:\Users\TURB0\Documents\Explorer Settings.xml
2017-09-07 16:10 - 2012-07-26 04:08 - 000744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2017-09-07 16:10 - 2012-07-26 04:08 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2017-09-07 16:10 - 2012-07-26 04:08 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-09-07 16:10 - 2012-07-26 04:08 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2017-09-07 16:10 - 2012-07-26 04:08 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2017-09-07 16:10 - 2012-07-26 03:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2017-09-07 16:10 - 2012-07-26 03:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2017-09-07 16:10 - 2012-06-02 15:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2017-09-07 16:05 - 2014-05-14 17:23 - 002477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-09-07 16:05 - 2014-05-14 17:23 - 000700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-09-07 16:05 - 2014-05-14 17:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-09-07 16:05 - 2014-05-14 17:23 - 000058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-09-07 16:05 - 2014-05-14 17:23 - 000044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-09-07 16:05 - 2014-05-14 17:23 - 000038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-09-07 16:05 - 2014-05-14 17:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-09-07 16:05 - 2014-05-14 17:21 - 002620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-09-07 16:05 - 2014-05-14 17:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-09-07 16:05 - 2014-05-14 17:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-09-07 16:05 - 2014-05-14 09:23 - 000198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-09-07 16:05 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-09-07 16:05 - 2014-05-14 09:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-09-07 16:05 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-09-07 16:02 - 2017-09-10 19:35 - 000000000 ____D C:\Users\TURB0\AppData\Local\ClassicShell
2017-09-07 16:02 - 2017-09-07 16:02 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\ClassicShell
2017-09-07 16:02 - 2017-09-07 16:02 - 000000000 ____D C:\ProgramData\ClassicShell
2017-09-07 15:19 - 2017-05-01 19:07 - 000151416 _____ (ASMedia Technology Inc) C:\Windows\system32\Drivers\asmthub3.sys
2017-09-07 15:09 - 2017-09-07 15:09 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2017-09-07 14:57 - 2017-09-07 14:57 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2017-09-07 14:57 - 2013-09-17 06:47 - 000041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2017-09-07 14:51 - 2017-09-10 19:10 - 000001852 _____ C:\Windows\Sandboxie.ini
2017-09-07 14:51 - 2017-09-07 14:51 - 000001130 _____ C:\Users\TURB0\Desktop\Sandboxed Web Browser.lnk
2017-09-07 14:51 - 2017-09-07 14:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2017-09-07 14:47 - 2017-09-07 14:47 - 000001600 _____ C:\Users\Public\Desktop\LibreOffice 5.2.lnk
2017-09-07 14:47 - 2017-09-07 14:47 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 5.2
2017-09-07 14:42 - 2017-09-07 14:42 - 000001389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2017-09-07 14:42 - 2017-09-07 14:42 - 000001377 _____ C:\Users\TURB0\Desktop\KeePass 2.lnk
2017-09-07 14:31 - 2017-09-07 14:31 - 000001409 _____ C:\Users\TURB0\Desktop\FirefoxPortable.lnk
2017-09-07 14:25 - 2017-09-07 14:25 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Utilities
2017-09-07 14:23 - 2017-09-07 14:23 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Adobe
2017-09-07 14:15 - 2017-09-07 14:15 - 000001265 _____ C:\Users\TURB0\Desktop\FlashGet.lnk
2017-09-07 14:15 - 2017-09-07 14:15 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet
2017-09-07 14:13 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-09-07 14:12 - 2017-09-07 14:12 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-09-07 14:11 - 2017-09-07 14:11 - 024917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 019607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 014404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 012829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 006026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 005549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 004305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 003969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 003914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 002885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-07 14:11 - 2017-09-07 14:11 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-07 14:11 - 2017-09-07 14:11 - 002426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 002278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 002125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-07 14:11 - 2017-09-07 14:11 - 002052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-07 14:11 - 2017-09-07 14:11 - 001950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2017-09-07 14:11 - 2017-09-07 14:11 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-09-07 14:11 - 2017-09-07 14:11 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-07 14:11 - 2017-09-07 14:11 - 000389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-07 14:11 - 2017-09-07 14:11 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-07 14:11 - 2017-09-07 14:11 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-07 14:11 - 2017-09-07 14:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-07 14:11 - 2017-09-07 14:11 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2017-09-07 14:11 - 2017-09-07 14:11 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-07 14:10 - 2017-09-07 14:10 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 002776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 002284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-09-07 14:10 - 2017-09-07 14:10 - 001682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-09-07 14:10 - 2017-09-07 14:10 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-09-07 14:10 - 2017-09-07 14:10 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-09-07 14:10 - 2017-09-07 14:10 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2017-09-07 14:10 - 2017-09-07 14:10 - 000010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-09-07 14:10 - 2017-09-07 14:10 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2017-09-07 14:09 - 2017-09-07 14:09 - 001887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-09-07 14:09 - 2017-09-07 14:09 - 001505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-09-07 14:07 - 2017-09-07 21:00 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-09-07 14:07 - 2017-09-07 14:07 - 000002205 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-09-07 14:07 - 2017-09-07 14:07 - 000002193 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2017-09-07 13:59 - 2017-09-08 02:10 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-07 13:49 - 2017-09-07 18:02 - 000075896 _____ C:\Users\TURB0\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-07 13:46 - 2017-09-10 19:15 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Mozilla
2017-09-07 13:26 - 2017-09-07 13:26 - 000001085 _____ C:\Users\TURB0\Desktop\Documents - Shortcut.lnk
2017-09-07 12:49 - 2017-09-07 12:49 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\KC Softwares
2017-09-07 12:48 - 2017-09-07 14:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2017-09-07 12:48 - 2017-09-07 14:15 - 000000000 ____D C:\Program Files (x86)\Internet
2017-09-07 12:48 - 2017-09-07 12:48 - 000001242 _____ C:\Users\TURB0\Desktop\The Proxomitron.lnk
2017-09-07 11:34 - 2017-09-07 11:34 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
2017-09-07 11:20 - 2017-09-07 11:20 - 000000000 ____D C:\Windows\System32\Tasks\UltraSearch
2017-09-07 11:18 - 2017-09-07 11:18 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-07 11:01 - 2017-09-07 11:17 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Notepad++
2017-09-07 11:01 - 2017-09-07 11:01 - 000001340 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-09-07 11:01 - 2017-09-07 11:01 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2017-09-07 11:00 - 2017-09-07 21:27 - 000000000 ____D C:\Program Files (x86)\Utilities
2017-09-07 10:55 - 2017-09-07 10:55 - 000002085 _____ C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\f.lux.lnk
2017-09-07 10:55 - 2017-09-07 10:55 - 000000000 ____D C:\Users\TURB0\AppData\Local\FluxSoftware
2017-09-07 10:54 - 2017-09-07 10:54 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2017-09-07 10:50 - 2017-09-08 10:56 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\TeraCopy
2017-09-07 10:50 - 2017-09-07 20:00 - 000000000 ____D C:\Program Files\Utilities
2017-09-07 10:50 - 2017-09-07 10:50 - 000002102 _____ C:\ProgramData\Microsoft\Windows\Start Menu\TeraCopy.lnk
2017-09-07 10:50 - 2017-09-07 10:50 - 000000000 ___HD C:\Users\TURB0\AppData\Roaming\Obsidium
2017-09-07 10:50 - 2017-09-07 10:50 - 000000000 ___HD C:\Users\TURB0\.obs32
2017-09-07 09:35 - 2017-09-10 19:00 - 000000000 __SHD C:\Users\TURB0\IntelGraphicsProfiles
2017-09-07 09:35 - 2017-09-07 09:35 - 000019576 _____ C:\Windows\system32\results.xml
2017-09-07 09:35 - 2017-09-07 09:35 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-09-07 09:27 - 2011-12-06 15:55 - 000053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2017-09-07 09:26 - 2017-09-07 09:26 - 000000700 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2017-09-07 09:26 - 2017-04-24 09:34 - 000081408 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-09-07 09:26 - 2017-04-24 09:34 - 000077824 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-09-07 09:25 - 2017-04-24 09:35 - 000191476 _____ C:\Windows\system32\resTHA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000184036 _____ C:\Windows\system32\resELL.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000179828 _____ C:\Windows\system32\resRUS.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000165460 _____ C:\Windows\system32\resARA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000164948 _____ C:\Windows\system32\resJPN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000164884 _____ C:\Windows\system32\resHEB.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000160260 _____ C:\Windows\system32\resHUN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000160196 _____ C:\Windows\system32\resFRA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158532 _____ C:\Windows\system32\resKOR.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158388 _____ C:\Windows\system32\resDEU.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158356 _____ C:\Windows\system32\resITA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158148 _____ C:\Windows\system32\resROM.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158052 _____ C:\Windows\system32\resESN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157652 _____ C:\Windows\system32\resPLK.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157492 _____ C:\Windows\system32\resSKY.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157332 _____ C:\Windows\system32\resNLD.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156708 _____ C:\Windows\system32\resPTB.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156628 _____ C:\Windows\system32\resCSY.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156596 _____ C:\Windows\system32\resTRK.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156420 _____ C:\Windows\system32\resPTG.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155972 _____ C:\Windows\system32\resFIN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155540 _____ C:\Windows\system32\resHRV.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155124 _____ C:\Windows\system32\resSVE.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000154964 _____ C:\Windows\system32\resSLV.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000154004 _____ C:\Windows\system32\resNOR.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000153508 _____ C:\Windows\system32\resDAN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000152164 _____ C:\Windows\system32\resENU.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000150404 _____ C:\Windows\system32\resCHT.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000149524 _____ C:\Windows\system32\resCHS.cui
2017-09-07 09:25 - 2017-04-24 09:34 - 022922752 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 017854976 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 012442968 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 012007928 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 011158160 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 010676400 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 008530944 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 006518272 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 004710224 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 004382840 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 004379256 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 003811816 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2017-09-07 09:25 - 2017-04-24 09:34 - 003733488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 002813952 _____ C:\Windows\system32\iglhxa64.cpa
2017-09-07 09:25 - 2017-04-24 09:34 - 002044416 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 002003968 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001803264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001775616 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001174824 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001170632 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000959608 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000689664 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000626688 _____ (Intel Corporation) C:\Windows\system32\MetroIntelGenericUIFramework.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000545912 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000545400 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000530552 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000480584 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000463112 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2017-09-07 09:25 - 2017-04-24 09:34 - 000399992 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000399480 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000394240 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000390920 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000389120 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000383488 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000372856 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000338944 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000319096 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000316245 _____ C:\Windows\system32\DisplayAudiox64.cab
2017-09-07 09:25 - 2017-04-24 09:34 - 000304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000302080 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000280696 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000272896 _____ C:\Windows\system32\igfxCPL.cpl
2017-09-07 09:25 - 2017-04-24 09:34 - 000269824 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000247416 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000240424 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000238592 _____ C:\Windows\system32\igdde64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000226816 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000212480 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4653.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000209640 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000204840 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000202240 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000200192 _____ C:\Windows\SysWOW64\igdde32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000195192 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000179712 _____ C:\Windows\system32\igdail64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000179592 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000172544 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000161280 _____ C:\Windows\SysWOW64\igdail32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000156280 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000111616 _____ C:\Windows\system32\IccLibDll_x64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000103936 _____ C:\Windows\system32\igfxCUIServicePS.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000087040 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000081408 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000077824 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000077312 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000049928 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000048128 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000044025 _____ C:\Windows\system32\iglhxo64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043494 _____ C:\Windows\system32\iglhxc64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043256 _____ C:\Windows\system32\iglhxg64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000028160 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000028160 _____ ( ) C:\Windows\system32\igfxDILib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000027648 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000027648 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000022528 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000022528 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000002582 _____ C:\Windows\system32\iglhxs64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000001125 _____ C:\Windows\system32\iglhxa64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2017-09-07 05:48 - 2017-09-06 20:54 - 000000000 ____D C:\Windows\Panther
2017-09-07 02:10 - 2017-09-07 13:59 - 000000000 ____D C:\Program Files\Intel
2017-09-07 02:10 - 2017-09-07 02:10 - 000000000 ____D C:\ProgramData\Intel
2017-09-07 02:10 - 2013-09-16 12:17 - 000016344 _____ (Intel Corporation) C:\Windows\system32\Drivers\IntelMEFWVer.dll
2017-09-07 02:09 - 2017-09-07 14:57 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-07 02:09 - 2017-09-07 13:24 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-07 02:09 - 2017-09-07 02:09 - 000000000 ____H C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Coinstaller_Critical.Wdf
2017-09-07 02:09 - 2017-09-07 02:09 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2017-09-07 02:09 - 2013-09-16 12:17 - 001795952 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01011.dll
2017-09-07 02:09 - 2013-09-16 12:17 - 000099288 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverx64.sys
2017-09-07 02:09 - 2012-07-26 05:55 - 000785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-09-07 02:09 - 2012-07-26 05:55 - 000054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2017-09-07 02:09 - 2012-07-26 03:36 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2017-09-07 02:09 - 2012-06-02 15:35 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-09-06 23:10 - 2017-04-24 22:57 - 000430656 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-09-06 23:08 - 2017-09-06 23:08 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-09-06 23:01 - 2017-09-07 09:26 - 000000000 ____D C:\Intel
2017-09-06 20:54 - 2017-09-07 14:23 - 000001416 _____ C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2017-09-06 20:54 - 2017-09-07 14:16 - 000000000 ____D C:\Users\TURB0\AppData\Local\VirtualStore
2017-09-06 20:54 - 2017-09-07 10:50 - 000000000 ____D C:\Users\TURB0
2017-09-06 20:54 - 2017-09-06 20:54 - 000000020 ___SH C:\Users\TURB0\ntuser.ini
2017-09-06 20:54 - 2011-04-12 09:28 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Media Center Programs
2017-09-06 20:50 - 2017-09-06 20:50 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-09-06 20:50 - 2017-09-06 20:50 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2017-09-05 05:40 - 2017-09-05 09:11 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\PDFXchange_Viewer
2017-09-05 00:58 - 2016-03-29 12:52 - 000003114 _____ C:\Windows\system32\e1c62x64.din
2017-09-05 00:58 - 2016-03-29 08:46 - 000498640 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2017-09-05 00:58 - 2015-06-05 23:23 - 000076784 _____ (Intel Corporation) C:\Windows\system32\e1qmsg.dll
2017-09-05 00:58 - 2015-05-27 01:39 - 000498672 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1q62x64.sys
2017-09-05 00:58 - 2015-02-25 12:37 - 000089144 _____ (Intel Corporation) C:\Windows\system32\NicInstQ.dll
2017-09-05 00:58 - 2013-07-25 11:08 - 000073480 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2017-09-05 00:58 - 2013-07-11 11:27 - 000089888 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2017-09-05 00:58 - 2013-01-12 01:17 - 000003097 _____ C:\Windows\system32\e1q62x64.din
2017-09-05 00:58 - 2009-05-26 18:05 - 000036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2017-08-26 10:21 - 2017-09-08 03:14 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\UltraSearch-x64
2017-08-13 08:49 - 2017-08-13 08:49 - 000291128 _____ (IvoSoft) C:\Windows\system32\StartMenuHelper64.dll
2017-08-13 08:49 - 2017-08-13 08:49 - 000248120 _____ (IvoSoft) C:\Windows\SysWOW64\StartMenuHelper32.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-10 19:20 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2017-09-10 19:20 - 2009-07-14 05:45 - 000026352 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2017-09-10 19:06 - 2009-07-14 06:13 - 000713888 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-10 19:06 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-10 19:00 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-08 02:11 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-09-07 21:55 - 2009-07-14 06:32 - 000000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2017-09-07 21:55 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2017-09-07 21:55 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-07 18:28 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2017-09-07 15:17 - 2009-07-14 05:45 - 000345232 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-07 05:48 - 2009-07-14 06:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-09-06 23:42 - 2009-07-14 04:20 - 000000000 __RHD C:\Users\Public\Libraries
2017-09-06 20:50 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\sysprep
2017-09-06 20:49 - 2011-04-12 09:28 - 000000000 ____D C:\Windows\CSC

Some files in TEMP:
====================
2017-09-07 21:00 - 2017-09-07 14:11 - 001732032 _____ (Microsoft Corporation) C:\Users\TURB0\AppData\Local\Temp\dllnt_dump.dll
2017-09-07 19:51 - 2015-11-26 17:55 - 000265728 _____ (Agnitum Ltd.) C:\Users\TURB0\AppData\Local\Temp\w7_gui32.dll
2017-09-07 02:09 - 2006-05-24 05:10 - 000455600 _____ (Macrovision Corporation) C:\Users\TURB0\AppData\Local\Temp\_is9F5D.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-06 21:54

==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2017
Ran by TURB0 (10-09-2017 19:36:19)
Running from E:\Downloads\New 20170908\FarBar
Windows 7 Ultimate Service Pack 1 (X64) (2017-09-06 19:54:11)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1321973777-391666854-3262775668-500 - Administrator - Disabled)
Guest (S-1-5-21-1321973777-391666854-3262775668-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1321973777-391666854-3262775668-1002 - Limited - Enabled)
TURB0 (S-1-5-21-1321973777-391666854-3262775668-1000 - Administrator - Enabled) => C:\Users\TURB0

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Firewall Pro (Disabled) {BFD97B08-B281-A36A-4414-803D4491AB1D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.48.1 - Asmedia Technology)
Classic Shell (HKLM\...\{CABCE573-0A86-42FA-A52A-C7EA61D5BE08}) (Version: 4.3.1 - IvoSoft)
f.lux (HKU\S-1-5-21-1321973777-391666854-3262775668-1000\...\Flux) (Version:  - f.lux Software LLC)
FileBox eXtender (HKLM\...\{23236FC2-648D-4ACF-AD16-68492D0F0AC9}) (Version: 2.1.0 - Hyperionics Technology LLC) Hidden
FileBox eXtender (HKLM-x32\...\FileBox eXtender) (Version:  - Hyperionics Technology LLC)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
HashTab 6.0.0.34 (HKLM\...\HashTab) (Version: 6.0.0.34 - Implbits Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Chipset Device Software (HKLM-x32\...\{7237f6c4-bcae-41b5-8f4b-ec446f5c115f}) (Version: 10.1.2.8 - Intel(R) Corporation) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Network Connections Drivers (HKLM\...\PROSet) (Version: 22.4 - Intel)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JD's Proxomitron Config Set (remove only) (HKLM-x32\...\JDList) (Version:  - )
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
LibreOffice 5.2.5.1 (HKLM\...\{94F6F085-DBB7-4992-8F73-2CD09D3C8670}) (Version: 5.2.5.1 - The Document Foundation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{58b3beca-b999-4f6f-a48c-81681136a620}) (Version: 14.10.25017.0 - Microsoft Corporation)
Moo0 Window Menu Plus 1.20 (HKLM-x32\...\Moo0 WindowMenuPlus) (Version:  - )
Moo0 World Time 1.18 (HKLM-x32\...\Moo0 WorldTime) (Version:  - )
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.4.2 - Notepad++ Team)
Outpost Firewall Pro 9.3 (HKLM\...\Agnitum Outpost Firewall Pro_is1) (Version: 9.3 - Agnitum, Ltd.)
PL2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.18.1 - Prolific Technology INC)
RogueKiller version 12.11.13.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.11.13.0 - Adlice Software)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
Taskbar Activate (HKLM-x32\...\Taskbar Activate) (Version:  - )
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
The Proxomitron Ver. Naoko-4.5 (HKLM-x32\...\The Proxomitron - Universal Web Filter_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
WinRAR 5.50 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.50.0 - win.rar GmbH)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1321973777-391666854-3262775668-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Utilities\Explorer+TaskBar+Shell\Classic Shell\ClassicExplorer64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Utilities\Text+nfo+Office\Notepad++\NppShell_06.dll [2017-06-18] ()
ContextMenuHandlers1: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers1: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\Utilities\Compression Tools\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers1: [~ShellExtBridge118] -> {CACD94AB-314B-4792-A34F-B5902F7E8750} => C:\Windows\System32\ShellExtBridge\ShellExtBridge118.dll [2010-10-22] (Moo0)
ContextMenuHandlers2: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers4: [~ShellExtBridge118] -> {CACD94AB-314B-4792-A34F-B5902F7E8750} => C:\Windows\System32\ShellExtBridge\ShellExtBridge118.dll [2010-10-22] (Moo0)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-04-24] (Intel Corporation)
ContextMenuHandlers5: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers5: [~ShellExtBridge118] -> {CACD94AB-314B-4792-A34F-B5902F7E8750} => C:\Windows\System32\ShellExtBridge\ShellExtBridge118.dll [2010-10-22] (Moo0)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [StartMenuExt] -> {E595F05F-903F-4318-8B0A-7F633B520D2B} => C:\Windows\system32\StartMenuHelper64.dll [2017-08-13] (IvoSoft)
ContextMenuHandlers6: [TeraCopy] -> {A8005AF0-D6E8-48AF-8DFA-023B1CF660A7} => C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll [2016-12-07] ()
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerCOM.dll [2010-07-15] ()
ContextMenuHandlers6: [WinRAR] -> {B41DB860-64E4-11D2-9906-E49FADC173CA} => C:\Program Files\Utilities\Compression Tools\WinRAR\rarext.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [WinRAR32] -> {B41DB860-8EE4-11D2-9906-E49FADC173CA} => C:\Program Files\Utilities\Compression Tools\WinRAR\rarext32.dll [2017-08-11] (Alexander Roshal)
ContextMenuHandlers6-x32: [~ShellExtBridge118] -> {CACD94AB-314B-4792-A34F-B5902F7E8750} => C:\Windows\System32\ShellExtBridge\ShellExtBridge118.dll [2010-10-22] (Moo0)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {6CA7E922-2B80-4B0E-BFD8-25A44944185C} - System32\Tasks\UltraSearch\UltraSearch_SkipUAC_TURB0 => C:\Users\TURB0\AppData\Roaming\UltraSearch-x64\UltraSearch.exe [2016-07-19] (JAM Software)
Task: {90749F05-EDCE-48DB-9718-59EFC0495BD4} - System32\Tasks\Moo0 Window Menu Plus 1.20 => C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\WindowMenuPlus\WindowMenuPlus.exe -startup
Task: {977028D6-D812-4AFE-8908-987998277715} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Utilities\Alarms+Time\WorldTime\WorldTime.exe [2013-08-12] (Moo0)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-07 19:53 - 2015-11-18 14:07 - 000241664 _____ () C:\Program Files\Internet\Outpost Firewall Pro\zlib.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 000020032 _____ () C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerCOM.dll
2017-09-07 10:50 - 2016-12-07 15:40 - 003681104 _____ () C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyExt.dll
2011-02-23 16:04 - 2011-02-23 16:04 - 000080896 _____ () C:\Program Files\Utilities\Explorer+TaskBar+Shell\FileBox eXtender\FbxRes.dll
2011-02-23 16:09 - 2011-02-23 16:09 - 000007680 _____ () C:\Program Files\Utilities\Explorer+TaskBar+Shell\FileBox eXtender\Fbx32helper.exe
2017-09-07 10:50 - 2017-03-14 15:51 - 001714688 _____ () C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopy64.dll
2017-06-18 22:44 - 2017-06-18 22:44 - 000230064 _____ () C:\Program Files (x86)\Utilities\Text+nfo+Office\Notepad++\NppShell_06.dll
2017-09-07 02:09 - 2013-09-16 12:17 - 001242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2017-06-18 22:44 - 2017-06-18 22:44 - 000021680 _____ () C:\Program Files (x86)\Utilities\Text+nfo+Office\Notepad++\plugins\NppExport.dll

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acssrv => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1321973777-391666854-3262775668-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.235.1.174 - 84.200.69.80
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================


==================== Faulty Device Manager Devices =============

Name: Marvell Console ATA Device
Description: Marvell Console ATA Device
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/10/2017 07:00:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2017 04:37:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program mpc-hc64.exe version 1.7.13.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: af0

Start Time: 01d328b854a2e149

Termination Time: 0

Application Path: C:\Program Files\Graphics+Video\Media Players\MediaPlayerClassic-HC\mpc-hc64.exe

Report Id: 97ed2b50-94ab-11e7-9d1a-10bf48e37cf3

Error: (09/08/2017 02:09:40 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2017 01:48:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/08/2017 01:46:45 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10007) (User: Sentinel_1)
Description: Application or service 'Intel(R) Management and Security Application Local Management Service' could not be restarted.

Error: (09/07/2017 11:59:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "E:\Downloads\regbak1.5\regbak.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/07/2017 09:56:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/07/2017 09:21:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Faulting module name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Exception code: 0xc000041d
Fault offset: 0x00000000000a3138
Faulting process id: 0xe4c
Faulting application start time: 0x01d32816ce1292ea
Faulting application path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Faulting module path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Report Id: 11807f76-940a-11e7-9d31-10bf48e37cf3

Error: (09/07/2017 09:21:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Faulting module name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Exception code: 0xc0000005
Fault offset: 0x00000000000a3138
Faulting process id: 0xe4c
Faulting application start time: 0x01d32816ce1292ea
Faulting application path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Faulting module path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Report Id: 0fc868c4-940a-11e7-9d31-10bf48e37cf3

Error: (09/07/2017 08:45:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Faulting module name: RightClicker.exe, version: 1.0.0.1, time stamp: 0x5211d455
Exception code: 0xc000041d
Fault offset: 0x00000000000a3138
Faulting process id: 0xeec
Faulting application start time: 0x01d32811dd9ca71f
Faulting application path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Faulting module path: C:\Program Files (x86)\Utilities\Explorer+TaskBar+Shell\RightClicker\RightClicker.exe
Report Id: 1dccef36-9405-11e7-9d31-10bf48e37cf3


System errors:
=============
Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:38 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:37 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: 
The dependency service or group failed to start.

Error: (09/10/2017 06:58:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (09/10/2017 06:58:37 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server:
{A47979D2-C419-11D9-A5B4-001185AD2B89}


CodeIntegrity:
===================================
  Date: 2017-09-07 15:17:44.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 15:17:44.772
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 15:09:43.788
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 15:09:43.772
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 15:09:43.569
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2017-09-07 15:09:43.554
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\asmthub3.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 9%
Total physical RAM: 24257.28 MB
Available physical RAM: 21975.93 MB
Total Virtual: 25295.46 MB
Available Virtual: 22931.7 MB

==================== Drives ================================

Drive c: (SSD) (Fixed) (Total:29.81 GB) (Free:18.35 GB) NTFS
Drive d: (Windows 7 x64) (Fixed) (Total:115 GB) (Free:69.24 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Data2) (Fixed) (Total:110 GB) (Free:15.43 GB) NTFS
Drive f: (FAT32) (Fixed) (Total:7.87 GB) (Free:3.17 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 000242AC)
Partition 1: (Active) - (Size=115 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=117.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 29.8 GB) (Disk ID: 40A06A51)
Partition 1: (Active) - (Size=29.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:50 AM

Posted 15 September 2017 - 12:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/656845 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 15 September 2017 - 05:21 PM

Please be aware that I have two PC's, Z77 chipset which is the newer PC and an older PC with X48 Chipset and both have been/are infected by Malware. Malware which I believe is connected as there have been very similar experiences on both PC's with a few variations.

 

1] Here is a video the boot up showing the changes to the screen before the welcome screen shows. It's quick and does not last long and shows at around 7 to 9 seconds. Unfortunately my digital camera can only record video at very low resolutions so the quality is not very good. It is far more noticeable when watching the real thing. It should not be doing this!

http://www.mediafire.com/file/wlvx07qez7kgyb3/DSCF1209.mkv

 

I have done a scan with RogueKiller which shows an unknown MBR on my install drive -> Liteon LMT-32L3M & on the 4GB flash drive that I wiped, wrote the MBR and re-partitioned a few days ago.

 

I have scanned the programs that I have installed on VirtusTotal and most are clean with a few that have toolbars etc but those are avoided when installing. I have attached the scans to this post.

My other older PC (X48) which has been very unstable has been running in Safe mode for 103.5 hours without issue but locks up in normal windows after random times. Linux is also very stable.

 

2] See attachments

3] Yes I do

 

RogueKiller partial log of the MBR of my boot drive and a flash drive that I wiped a few days ago.

 

+++++ PhysicalDrive1: LITEONIT LMT-32L3M ATA Device +++++
--- User ---
[MBR] 463ef44d2f8d501e1609fa17ad53365c
[BSP] fb2297dc4b3f3684a28012654046853d : Legit.Unknown MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 30528 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive2: Kingston DT 100 G2 USB Device +++++
--- User ---
[MBR] 77ca7bd021889360bb0a4843f7994ec7
[BSP] 1a4e468698d97931c5d34444362656bd : Standard|VT.Unknown MBR Code
Partition table:
0 - [ACTIVE] FAT32 (0xb) [VISIBLE] Offset (sectors): 63 | Size: 3710 MB
User = LL1 ... OK
Error reading LL2 MBR! ([32] The request is not supported. )

Attached Files


Edited by -Cobra-, 15 September 2017 - 05:41 PM.


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 19 September 2017 - 01:21 PM

Greetings -Cobra- and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please resist the temptation to provide information overload as is the case in your opening post.

We can only work on one computer per topic. Decide which one you would like to address here then run a fresh FRST scan. Do not post the report information in code boxes but rather simply copy/paste the information in your reply. If the content is too long you may use multiple posts.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 22 September 2017 - 06:46 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 23 September 2017 - 07:06 AM

Hi Gary

My name is Carl. I appologise for not replying sooner but there has been so many issues that I have been offline for most of the time except for brief periods.

I have had a lot of problems with PC's which I have had enough of because I cannot keep spending this amount of time when far more pressing health problems need addressing. All these malware problems have meant that I have made little progress on resolving big health problems.

A rundown on what has happened since this topic began:

The video that I posted with the unusual screen before the windows welcome screen I have now eliminated. I found aswMBR to fix the MBR and that stopped it, previous attempts had failed. I immediately rebooted and the screen was gone. I did run a number of different malware scanners but fixing the MBR is the only fix that I have applied.

Unfortunately just after that I disconnecting a hard drive which was linked in the boot process which left my PC unbootable, it just sat at flashing prompt. The windows 7 DVD should of been able to fix that and it tried and claimed that my PC had successfully booted which it had not. I could not allow this setup to continue so I wiped the drive which I installed very recently and re-installed windows without the hard drive connected to avoid the same problem with windows putting files on the first drive. I installed to the SSD and everything seemed okay. The boot sectors seemed to be standard. I installed MBRFilter to prevent them being infected but later found that the boot sectors were not normal and still showed as unknown, boot sector shadowing? Infected boot sectors and no way to write to them except for safe mode. I did attempt to disable MBRFilter but my PC rebooted. I still suspect the flash drives and external hard drives as being infected which is how the infection got from one PC to the other which is why I believe I have had similar problems with both PCs. I simple do not have enough storage space after 1TB (failed)+0.5TB(failed)+0.5TB which is showing bad sectors which I have so far been unable to correct. I attempted to reinstall windows again without MBRFilter.

Unfortunately with the extra small partition created the setup process failed which I think might of been caused by lack of drive space as it created a 18GB hibernation file on a 30GB SSD. I did have a similar problem previously but managed to get around it but this time I was unable to disable hibernation so that the hibernation file could be deleted to free the space. I therefore had to install to the hard drive which has more space but is slower to boot and more time consuming.

 

I do have a few more applications which I need to install before I can do any scans with Farbar. You did say not to make any changes so I do need to get everything into a working state so I can continue without installing any other software or making any extra changes. Registry scans and reboots take time.



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 23 September 2017 - 12:20 PM

Hi Carl.

Set up your system then touch base.

Edited by Oh My!, 24 September 2017 - 05:41 PM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 26 September 2017 - 04:48 PM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 28 September 2017 - 08:01 AM

HI Gary,

 

Yes I do still require some help. I have had to try and locate the software that I use which has been difficult seeing as I have lost 3 hard drives, 2 of which contained the software which I use. My bookmarks are not very helpful unfortunately. The hard drive which had the bad sector can no longer be accessed. Plus a 128GB flash drive has also developed a partition problem and I am trying to find something which can recover/check the files on it to see if there is anything I need. If you can recommend anything which might work then I would appreciate knowing about it. So far testdisk has failed to recover the partition on the drive. It reports the partitions found as being incorrect indicating larger than the flash drive size with overlapping partitions.

Add to all this my router, which I mentioned had had one of the admin passwords altered, after checking the web interface for internet connecivity, shows the default gateway as not working, it shows no internet which is not true. The ISP DNS servers on the router also do not work and I have had to enter DNS servers in windows networking to get an internet connection. My thoughts are that maybe the admin password change and problems with the router could be connected and settings on the router might of been altered. So I thought that I should reset the router to defaults to restore everything. I tried that twice, once with the reset button on the router and once with the web interface and both have reset the router but both have created 2 admin accounts, one without a password and one with an unknown password. I am almost certain that there should only be one admininstrator account which on this router should have a blank password which it did. After reset the default gateway and DNS issues have not changed. My thoughts are that maybe somehow the gateway might of been changed to redirect my internet. The router logs do show a different gateway but from what I can tell, they do seem to be ISP related. I will have to get some advice on how to verify what is being used is normal and hopefully how to correct it. I did see a post by someone who stated that the DNS in the router was not working for him and that he had to setup windows networking to get any DNS working. I did have some router configs backup up but I also lost those on the hard drive. So far I have not had time to look for any backups any I have would be very old.

I do have another ISP router which I want to temporarily replace my preferred router. I dislike it but I am far more certain that it is working normally so I can try it in order to do some testing only after my current PC is verified to be clean. There were other issues present on the previous windows install with imported registries from the partition were I re-installed windows. I found this because previous Farbar Recovery Scan Tool scans showed installed applications which I had never installed onto that windows but they were present on the partition which I have overwritten and therefore would of been in the registry.



Something which concerned me was ALSysIO64.sys and a registry key which Farbar tool originally found but now cannot find, however the file in the Temp folder is no longer there. Rogue killer also  found and flagged this on the previous install. I was running a search with regedit after every install which was time consuming to check for any references to the item "ALSysIO". Internet searches on ALSysIO suggests that it is probably related to CoreTemp CPU temperature software which I have ran but not on this windows install. It might be worth passing this info to the author of the tool because this driver might be okay and it would clear another false positive warning.
ALSysIO64 stands for Arthur Liberman System Input Output Driver (64-bit)
https://www.file.net/process/alsysio64.sys.html

I will follow up with a new scan shortly.


Edited by -Cobra-, 28 September 2017 - 01:33 PM.


#11 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 28 September 2017 - 01:27 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 26-09-2017 01
Ran by TURB0 (administrator) on SENTINEL1 (28-09-2017 18:53:06)
Running from E:\Downloads\New 20170908\System Testing\Malware Detection+Removal
Loaded Profiles: TURB0 (Available Profiles: TURB0)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Code Sector) C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe
(Agnitum Ltd.) C:\Program Files\Internet\Outpost Firewall Pro\acs.exe
() C:\Program Files (x86)\Internet\NetTime\NetTimeService.exe
(Moo0) C:\Program Files (x86)\Utilities\Explorer+Shell+TaskBar\WindowMenuPlus\WindowMenuPlus.exe
() C:\Program Files\Utilities\Prio\prio_svc.exe
(Moo0) C:\Program Files (x86)\Utilities\Explorer+Shell+TaskBar\WindowMenuPlus\WindowMenuPlus64.exe
(Agnitum Ltd.) C:\Program Files\Internet\Outpost Firewall Pro\op_mon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(f.lux Software LLC) C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe
(RaMMicHaeL) C:\Users\TURB0\AppData\Roaming\7+ Taskbar Tweaker\7+ Taskbar Tweaker.exe
(Nenad Hrg SoftwareOK) C:\Users\TURB0\AppData\Roaming\DesktopOK\DesktopOK_x64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application

\iusb3mon.exe
(Pierre-Marie DEVIGNE) C:\Program Files (x86)\Utilities\Explorer+Shell+TaskBar\Taskbar Activate\TaskbarActivate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Internet\NetTime\NetTime.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Farbar) E:\Downloads\New 20170908\System Testing\Malware Detection+Removal\FRST64_20170928.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be

moved.)

HKLM\...\Run: [OutpostMonitor] => C:\Program Files\Internet\Outpost Firewall Pro\op_mon.exe [4544208 2015-11-30] (Agnitum

Ltd.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [9235944 2017-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_DTS] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1493992 2017-08-30] (Realtek Semiconductor)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [961024 2009-07-14] (Microsoft

Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application

\iusb3mon.exe [292088 2013-09-17] (Intel Corporation)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\Utilities\Security\KeePass Password Safe 2\KeePass.exe

[3191728 2017-06-09] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2017-07

-21] (Oracle Corporation)
HKLM-x32\...\Run: [NetTime] => C:\Program Files (x86)\Internet\NetTime\NetTime.exe [772096 2012-05-12] ()
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Run: [f.lux] => C:\Users\TURB0\AppData\Local\FluxSoftware\Flux\flux.exe

[1663480 2017-09-10] (f.lux Software LLC)
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Run: [7 Taskbar Tweaker] => C:\Users\TURB0\AppData\Roaming\7+ Taskbar

Tweaker\7+ Taskbar Tweaker.exe [425472 2017-09-17] (RaMMicHaeL)
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Run: [SandboxieControl] => C:\Program Files\Utilities\Security

\Sandboxie\SbieCtrl.exe [799368 2017-06-05] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Run: [DesktopOK] => C:\Users\TURB0\AppData\Roaming\DesktopOK

\DesktopOK_x64.exe [581120 2017-08-25] (Nenad Hrg SoftwareOK)
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Run: [NetMeter Evo] => C:\Users\TURB0\AppData\Roaming\NetMeterEvo

\NetMeterEvo.exe [1192448 2013-08-12] ()
HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-314370064-738425275-644545302-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr

[333824 2010-11-21] (Microsoft Corporation)
AppInit_DLLs: c:\progra~1\internet\outpos~1\wl_hoo~1.dll => c:\Program Files\Internet\Outpost Firewall Pro\wl_hook64.dll

[1431024 2015-11-26] (Agnitum Ltd.)
AppInit_DLLs:  prio.dll => C:\Program Files\Utilities\Prio\prio.dll [16800 2017-01-15] (O&K Software)
AppInit_DLLs-x32: c:\progra~1\internet\outpos~1\wl_hook.dll => c:\Program Files\Internet\Outpost Firewall Pro\wl_hook.dll

[1056664 2015-11-26] (Agnitum Ltd.)
AppInit_DLLs-x32:  prio32.dll => C:\Program Files\Utilities\Prio\prio32.dll [15264 2017-01-15] (O&K Software)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FileBox eXtender.lnk [2017-09-22]
ShortcutTarget: FileBox eXtender.lnk -> C:\Program Files\Utilities\Explorer+Shell+TaskBar\FileBox eXtender\FileBX.exe

(Hyperionics Technology LLC)
Startup: C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ClipCache Pro.lnk [2017-09-24]
ShortcutTarget: ClipCache Pro.lnk -> C:\Program Files\Utilities\Explorer+Shell+TaskBar\ClipCachePro\clipc.exe (XRayz

Software)
Startup: C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Taskbar Activate.lnk [2017-09-22]
ShortcutTarget: Taskbar Activate.lnk -> C:\Program Files (x86)\Utilities\Explorer+Shell+TaskBar\Taskbar Activate

\TaskbarActivate.exe (Pierre-Marie DEVIGNE)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\..\Interfaces\{14DA0874-8116-49EC-BD08-F47E17DC5F45}: [NameServer]

37.235.1.174,84.200.69.80,91.239.100.100,37.235.1.177,84.200.70.40

Internet Explorer:
==================
HKU\S-1-5-21-314370064-738425275-644545302-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <==== ATTENTION
HKU\S-1-5-21-314370064-738425275-644545302-1000\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.msn.com/?pc=U453&ocid=U453DHP&osmkt=en-gb
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\bin\ssv.dll [2017-09-

22] (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\bin\jp2ssv.dll [2017

-09-22] (Oracle Corporation)
BHO-x32: IeCatch5 Class -> {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} -> C:\Program Files (x86)\Internet\Downloaders\FlashGet

\Jccatch.dll [2006-05-16] (FlashGet)
BHO-x32: gFlash Class -> {F156768E-81EF-470C-9057-481BA8380DBA} -> C:\Program Files (x86)\Internet\Downloaders\FlashGet

\getflash.dll [2006-09-12] ()
Toolbar: HKLM-x32 - FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files (x86)\Internet\Downloaders

\FlashGet\fgiebar.dll [2005-06-07] (Amaze Soft)

FireFox:
========
FF DefaultProfile: ztnzbku2.Default
FF ProfilePath: C:\Users\TURB0\AppData\Roaming\Mozilla\Firefox\Profiles\3xknz2nn.Warez [2017-09-23]
FF ProfilePath: C:\Users\TURB0\AppData\Roaming\Mozilla\Firefox\Profiles\ztnzbku2.Default [2017-09-24]
FF ProfilePath: C:\Users\TURB0\AppData\Roaming\kompozer.net\KompoZer\Profiles\lr3yhr8z.default [2017-09-23]
FF Plugin: @java.com/DTPlugin,version=11.144.2 -> C:\Program Files\Java\bin\dtplugin\npDeployJava1.dll [2017-09-22] (Oracle

Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.144.2 -> C:\Program Files\Java\bin\plugin2\npjp2.dll [2017-09-22] (Oracle

Corporation)
StartMenuInternet: FIREFOX.EXE - E:\Downloads\B_Downloads\FirefoxPortable52.3.0ESR\App\Firefox64\firefox.exe

Opera:
=======
OPR Session Restore: -> is enabled.
OPR Extension: (Dark Mode) - C:\Users\TURB0\AppData\Roaming\Opera Software\Opera Stable\Extensions

\jabpfojepndedlelamfloejfoopkogcf [2017-09-24]
OPR Extension: (Opera Welcome Page) - C:\Users\TURB0\AppData\Roaming\Opera Software\Opera Stable\Extensions

\khmbgihnlknbjgjhmekjeoidpfimabpp [2017-09-28]
StartMenuInternet: (HKLM) OperaStable - C:\Program Files (x86)\Internet\Browsers\Opera\Launcher.exe

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)

R2 acssrv; C:\Program Files\Internet\Outpost Firewall Pro\acs.exe [3421008 2015-11-30] (Agnitum Ltd.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2017-04-24] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
R2 NetTimeSvc; C:\Program Files (x86)\Internet\NetTime\NetTimeService.exe [473088 2012-05-12] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
R2 prio_svc; C:\Program Files\Utilities\Prio\prio_svc.exe [12704 2017-01-15] ()
R2 SbieSvc; C:\Program Files\Utilities\Security\Sandboxie\SbieSvc.exe [198792 2017-06-05] (Sandboxie Holdings, LLC)
R2 TeraCopyService; C:\Program Files\Utilities\Files+Folders+Drives\TeraCopy\TeraCopyService.exe [110416 2017-05-05] (Code

Sector)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-14] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)

R1 afw; C:\Windows\System32\DRIVERS\afw.sys [52904 2015-07-21] (Agnitum Ltd.)
R3 afwcore; C:\Windows\System32\drivers\afwcore.sys [465072 2015-07-21] (Agnitum Ltd.)
R1 ISODrive; C:\Program Files (x86)\Utilities\Files+Folders+Drives\Optical Drive Appz\UltraISO\drivers\ISODrv64.sys [115448

2013-11-21] (EZB Systems, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
R1 RegHiveRecovery; C:\Windows\system32\drivers\RegHiveRecovery.sys [48304 2014-02-20] (Microsoft Corporation)
S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [31328 2012-10-30] (Resplendence Software Projects Sp.)
R1 SandBox; C:\Windows\system32\drivers\SandBox64.sys [1712168 2015-11-18] (Agnitum Ltd.)
R3 SbieDrv; C:\Program Files\Utilities\Security\Sandboxie\SbieDrv.sys [207496 2017-06-05] (Sandboxie Holdings, LLC)
U5 UnlockerDriver5; C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.1\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys

[40552 2013-08-22] (Microsoft Corporation)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed

separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 12:39 - 2017-09-28 12:40 - 000002249 _____ C:\Users\TURB0\Desktop\JDownloader.lnk
2017-09-28 11:37 - 2017-09-28 11:37 - 000228818 _____ C:\Users\TURB0\Documents\lost partition_128gb_flash_09-28-2017 at

11_35_48.rsf
2017-09-28 02:21 - 2017-09-28 02:21 - 000000000 ____D C:\ProgramData\SystemAcCrux
2017-09-27 22:35 - 2017-09-27 22:35 - 422701056 _____ C:\Users\TURB0\Documents\rm_27_09_2017.iso
2017-09-27 22:24 - 2017-09-27 22:24 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2017-09-27 22:24 - 2017-09-27 22:24 - 000000000 ____D C:\Program Files (x86)\Windows Kits
2017-09-27 20:41 - 2014-02-20 05:52 - 000048304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers

\RegHiveRecovery.sys
2017-09-27 18:16 - 2017-09-27 18:23 - 000000000 ____D C:\Users\TURB0\AppData\Local\Thunderbird
2017-09-27 18:16 - 2017-09-27 18:16 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Thunderbird
2017-09-27 18:14 - 2017-09-27 18:14 - 000000000 ____D C:\ProgramData\rmbwizard
2017-09-27 18:13 - 2017-09-27 18:13 - 000000000 ____D C:\ProgramData\explauncher
2017-09-27 15:38 - 2017-09-27 15:38 - 000002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft

Security Essentials.lnk
2017-09-27 15:38 - 2017-09-27 15:38 - 000001945 _____ C:\Windows\epplauncher.mif
2017-09-27 15:38 - 2017-09-27 15:38 - 000000000 ____D C:\Program Files\Microsoft Security Client
2017-09-27 15:38 - 2017-09-27 15:38 - 000000000 ____D C:\Program Files (x86)\Microsoft Security Client
2017-09-27 15:22 - 2015-07-18 14:08 - 000984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-

multibyte-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-

multibyte-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1

-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1

-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

localization-l1-2-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

localization-l1-2-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-

filesystem-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-

filesystem-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1

-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1

-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-

environment-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1

-2-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

processthreads-l1-1-1.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-

l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1

-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-

environment-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1

-2-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

processthreads-l1-1-1.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-

provider-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-

l2-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

timezone-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-

2-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-

provider-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-

l2-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

timezone-l1-1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-

1-0.dll
2017-09-27 15:22 - 2015-07-18 14:08 - 000011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-

2-0.dll
2017-09-27 15:15 - 2017-09-27 15:15 - 000001575 _____ C:\Users\Public\Desktop\UltraISO.lnk
2017-09-27 15:15 - 2017-09-27 15:15 - 000000000 ____D C:\Users\TURB0\Documents\My ISO Files
2017-09-27 14:50 - 2017-09-27 14:50 - 000000000 ____D C:\Windows\system32\appmgmt
2017-09-26 22:45 - 2017-09-26 22:45 - 000001427 _____ C:\Users\TURB0\Desktop\Internet Explorer.lnk
2017-09-26 22:42 - 2017-09-26 22:42 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2017-09-26 22:39 - 2017-09-26 22:39 - 000001492 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla

Thunderbird.lnk
2017-09-26 22:39 - 2017-09-26 22:39 - 000001480 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2017-09-26 21:59 - 2017-09-26 21:59 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Attribute

Changer
2017-09-26 10:32 - 2017-09-26 10:32 - 000000000 ____D C:\Users\TURB0\AppData\Local\ElevatedDiagnostics
2017-09-25 20:35 - 2017-09-26 02:50 - 000000000 ____D C:\Users\TURB0\AppData\Local\CrashDumps
2017-09-24 23:02 - 2017-09-28 01:33 - 000008555 _____ C:\Users\TURB0\AppData\Local\Temp26.html
2017-09-24 22:43 - 2017-09-24 22:43 - 000001161 _____ C:\Users\TURB0\Desktop\WhoCrashed.lnk
2017-09-24 22:36 - 2017-09-28 01:33 - 000001293 _____ C:\Users\TURB0\AppData\Local\Temp1.html
2017-09-24 22:35 - 2017-09-24 22:35 - 000001108 _____ C:\Users\TURB0\Desktop\SanityCheck.lnk
2017-09-24 22:35 - 2012-10-30 03:11 - 000031328 _____ (Resplendence Software Projects Sp.) C:\Windows\system32\Drivers

\rspSanity64.sys
2017-09-24 14:35 - 2017-09-24 14:35 - 000003874 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1506260152
2017-09-24 14:35 - 2017-09-24 14:35 - 000001411 _____ C:\Users\Public\Desktop\Opera browser.lnk
2017-09-24 14:35 - 2017-09-24 14:35 - 000001411 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera

browser.lnk
2017-09-24 14:35 - 2017-09-24 14:35 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Opera Software
2017-09-24 14:35 - 2017-09-24 14:35 - 000000000 ____D C:\Users\TURB0\AppData\Local\Opera Software
2017-09-24 13:32 - 2017-09-24 23:17 - 000008895 _____ C:\Users\TURB0\Documents\speed tests.txt.bak
2017-09-24 13:30 - 2017-09-25 00:30 - 000009108 _____ C:\Users\TURB0\Documents\speed tests.txt
2017-09-24 13:03 - 2017-09-24 13:03 - 000000027 _____ C:\Users\TURB0\Documents\windows internet connection commands.txt
2017-09-23 21:34 - 2017-09-23 21:34 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Mael
2017-09-23 21:27 - 2017-09-23 21:29 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\MediaInfoXP
2017-09-23 20:12 - 2017-09-28 15:13 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\JDownloader
2017-09-23 19:26 - 2017-09-23 19:26 - 005902070 _____ C:\Users\TURB0\Documents\bookmarks-2017-09-23.json
2017-09-23 18:09 - 2017-09-23 18:09 - 000003636 _____ C:\Users\TURB0\Documents\Warez Bookmarks.html
2017-09-23 18:02 - 2017-09-23 18:02 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\kompozer.net
2017-09-23 18:02 - 2017-09-23 18:02 - 000000000 ____D C:\Users\TURB0\AppData\Local\kompozer.net
2017-09-23 17:48 - 2017-09-23 17:49 - 000001276 _____ C:\Users\TURB0\Desktop\FlashGet.lnk
2017-09-23 17:38 - 2017-09-23 17:38 - 000001122 _____ C:\Users\TURB0\Documents\bookmarks test.html
2017-09-23 17:36 - 2017-09-27 18:25 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Mozilla
2017-09-23 17:36 - 2017-09-24 14:45 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Mozilla
2017-09-23 17:36 - 2017-09-23 21:20 - 000000000 ____D C:\Users\TURB0\AppData\Local\Mozilla
2017-09-23 17:35 - 2017-09-23 17:36 - 000001629 _____ C:\Users\TURB0\Desktop\Firefox.lnk
2017-09-23 13:54 - 2017-09-23 13:53 - 000000348 _____ C:\Users\TURB0\Documents\urls to add.txt.bak
2017-09-23 13:53 - 2017-09-23 13:54 - 000000414 _____ C:\Users\TURB0\Documents\urls to add.txt
2017-09-23 12:22 - 2017-09-23 12:22 - 000000218 _____ C:\Users\TURB0\.recently-used.xbel
2017-09-23 11:30 - 2017-09-23 11:30 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\MPC-HC
2017-09-23 00:36 - 2017-09-23 11:29 - 000000000 ____D C:\MeGUI
2017-09-23 00:36 - 2017-09-23 00:36 - 000000875 _____ C:\Users\TURB0\Desktop\MeGUI.lnk
2017-09-23 00:04 - 2017-09-23 12:22 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\audacity
2017-09-23 00:04 - 2017-09-23 00:04 - 000000000 ____D C:\Users\TURB0\AppData\Local\Audacity
2017-09-23 00:02 - 2017-09-23 00:02 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2017-09-23 00:02 - 2017-09-23 00:02 - 000001314 _____ C:\Users\Public\Desktop\Audacity.lnk
2017-09-23 00:02 - 2017-09-23 00:02 - 000000000 ____D C:\Program Files (x86)\Sound
2017-09-22 23:54 - 2017-09-23 00:06 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\gtk-2.0
2017-09-22 23:51 - 2017-09-23 12:22 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\AVINaptic2
2017-09-22 23:51 - 2017-09-22 23:51 - 000001257 _____ C:\Users\TURB0\Desktop\AVINaptic2.lnk
2017-09-22 23:12 - 2017-09-22 23:12 - 000000000 ____D C:\Users\TURB0\AppData\Local\bunkus.org
2017-09-22 23:07 - 2017-09-22 23:07 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Gpower2
2017-09-22 23:06 - 2017-09-22 23:06 - 000001957 _____ C:\Users\TURB0\Desktop\gMKVExtractGUI.lnk
2017-09-22 23:06 - 2017-09-22 23:06 - 000001930 _____ C:\Users\TURB0\Desktop\MKVInfo-GUI.lnk
2017-09-22 23:05 - 2017-09-22 23:05 - 000002368 _____ C:\Users\TURB0\Desktop\MKVToolNix GUI.lnk
2017-09-22 17:50 - 2017-09-24 13:22 - 000765280 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2017-09-22 17:43 - 2017-09-22 17:43 - 000002055 _____ C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\f.lux.lnk
2017-09-22 14:15 - 2015-07-30 14:13 - 000124624 _____ (Microsoft Corporation) C:\Windows

\system32\PresentationCFFRasterizerNative_v0300.dll
2017-09-22 14:15 - 2015-07-30 14:13 - 000103120 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2017-09-22 14:11 - 2012-07-26 05:55 - 000785512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2017-09-22 14:11 - 2012-07-26 05:55 - 000054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2017-09-22 14:11 - 2012-07-26 03:36 - 000009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2017-09-22 14:11 - 2012-06-02 15:35 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2017-09-22 14:10 - 2017-04-27 23:50 - 003550208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2017-09-22 14:10 - 2017-04-12 14:05 - 004296704 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2017-09-22 14:10 - 2012-07-26 04:08 - 000744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2017-09-22 14:10 - 2012-07-26 04:08 - 000229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2017-09-22 14:10 - 2012-07-26 04:08 - 000194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2017-09-22 14:10 - 2012-07-26 04:08 - 000084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2017-09-22 14:10 - 2012-07-26 04:08 - 000045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2017-09-22 14:10 - 2012-07-26 03:26 - 000198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2017-09-22 14:10 - 2012-07-26 03:26 - 000087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2017-09-22 14:10 - 2012-06-02 15:57 - 000000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2017-09-22 14:08 - 2014-06-30 23:24 - 000008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2017-09-22 14:08 - 2014-06-30 23:14 - 000008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2017-09-22 14:08 - 2014-06-06 07:16 - 000035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2017-09-22 14:08 - 2014-06-06 07:12 - 000035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2017-09-22 14:08 - 2014-03-09 22:48 - 001389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2017-09-22 14:08 - 2014-03-09 22:48 - 000171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2017-09-22 14:08 - 2014-03-09 22:47 - 000619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2017-09-22 14:08 - 2014-03-09 22:47 - 000099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 001943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 001131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 000156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 000156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 000081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2017-09-22 14:06 - 2014-06-18 23:23 - 000073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2017-09-22 13:57 - 2017-09-22 14:06 - 000000159 _____ C:\Users\TURB0\AppData\Roaming\prio.ini
2017-09-22 13:56 - 2017-09-22 13:57 - 000001259 _____ C:\Users\TURB0\Desktop\Task Manager.lnk
2017-09-22 13:54 - 2017-09-22 13:54 - 000001694 _____ C:\Users\TURB0\Desktop\DesktopOK.lnk
2017-09-22 11:15 - 2017-09-22 11:15 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Adobe
2017-09-22 11:11 - 2017-09-22 11:11 - 000000000 ___HD C:\Windows\msdownld.tmp
2017-09-22 11:11 - 2013-10-14 18:00 - 000028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2017-09-22 11:10 - 2017-09-22 11:10 - 024917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 019607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 014404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 012829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 006026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 004305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 002885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 002724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2017-09-22 11:10 - 2017-09-22 11:10 - 002724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2017-09-22 11:10 - 2017-09-22 11:10 - 002426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 002278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 002125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2017-09-22 11:10 - 2017-09-22 11:10 - 002052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2017-09-22 11:10 - 2017-09-22 11:10 - 001950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 001545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 001359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 001309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 001155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000940032 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2017-09-22 11:10 - 2017-09-22 11:10 - 000616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2017-09-22 11:10 - 2017-09-22 11:10 - 000584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2017-09-22 11:10 - 2017-09-22 11:10 - 000389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000342728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2017-09-22 11:10 - 2017-09-22 11:10 - 000316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000077824 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2017-09-22 11:10 - 2017-09-22 11:10 - 000076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2017-09-22 11:10 - 2017-09-22 11:10 - 000062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000060416 _____ (Microsoft Corporation) C:\Windows

\SysWOW64\JavaScriptCollectionAgent.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2017-09-22 11:10 - 2017-09-22 11:10 - 000013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2017-09-22 11:10 - 2017-09-22 11:10 - 000004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 005549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 003969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 003914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 001903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2017-09-22 11:09 - 2017-09-22 11:09 - 001732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 001292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 001161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2017-09-22 11:09 - 2017-09-22 11:09 - 000424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2017-09-22 11:09 - 2017-09-22 11:09 - 000362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 000327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2017-09-22 11:09 - 2017-09-22 11:09 - 000274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 000068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 000043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 000016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2017-09-22 11:09 - 2017-09-22 11:09 - 000006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-

base-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-

base-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

threadpool-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

processthreads-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

threadpool-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

processthreads-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1

-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

localregistry-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

localization-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1

-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

localregistry-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

localization-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

processenvironment-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

namedpipe-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

libraryloader-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

interlocked-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

rtlsupport-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

processenvironment-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

namedpipe-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

libraryloader-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

rtlsupport-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-

0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

errorhandling-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

delayload-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1

-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-

datetime-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-

1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-

0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

interlocked-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

errorhandling-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

delayload-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1

-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-

datetime-l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-

l1-1-0.dll
2017-09-22 11:09 - 2017-09-22 11:09 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2017-09-22 11:06 - 2017-09-22 11:06 - 003928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 003419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 002776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 002565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 002284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 001080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

advapi32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

advapi32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

shlwapi-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

shlwapi-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

shlwapi-l2-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

ole32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

shlwapi-l2-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

ole32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

user32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

user32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

advapi32-l2-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

advapi32-l2-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

version-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

shell32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

version-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

shell32-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-

normaliz-l1-1-0.dll
2017-09-22 11:06 - 2017-09-22 11:06 - 000002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-

normaliz-l1-1-0.dll
2017-09-22 11:05 - 2017-09-22 11:05 - 001887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2017-09-22 11:05 - 2017-09-22 11:05 - 001505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 002477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 000700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 000581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 000058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2017-09-22 10:58 - 2014-05-14 17:23 - 000044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 000038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2017-09-22 10:58 - 2014-05-14 17:23 - 000036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2017-09-22 10:58 - 2014-05-14 17:21 - 002620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2017-09-22 10:58 - 2014-05-14 17:20 - 000097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2017-09-22 10:58 - 2014-05-14 17:17 - 000092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2017-09-22 10:58 - 2014-05-14 09:23 - 000198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2017-09-22 10:58 - 2014-05-14 09:23 - 000179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2017-09-22 10:58 - 2014-05-14 09:20 - 000036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2017-09-22 10:58 - 2014-05-14 09:17 - 000033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2017-09-22 09:53 - 2017-09-22 09:53 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\smartmontools
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____H C:\ProgramData\DP45977C.lfl
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____D C:\Windows\SysWOW64\RTCOM
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____D C:\Windows\system32\DAX3
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____D C:\Windows\system32\DAX2
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____D C:\ProgramData\Audyssey Labs
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____D C:\Program Files\Realtek
2017-09-22 09:21 - 2017-08-30 23:05 - 015211624 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE3.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 003299816 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE2.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 003122656 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 002190984 _____ (Yamaha Corporation) C:\Windows\system32\YamahaAE.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 001435144 _____ (Synopsys, Inc.) C:\Windows\system32\SRRPTR64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 001382232 _____ (TOSHIBA Corporation) C:\Windows\system32\tosade.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 001337640 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows

\system32\tossaeapo64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000873456 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo264.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000852136 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows

\system32\tosasfapo64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000604800 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows

\system32\tossaemaxapo64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000532376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000467160 _____ (Synopsys, Inc.) C:\Windows\system32\SRAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000447176 _____ (Toshiba Client Solutions Co., Ltd.) C:\Windows

\system32\toseaeapo64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000381408 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000341144 _____ (Synopsys, Inc.) C:\Windows\SysWOW64\SRCOM.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000341144 _____ (Synopsys, Inc.) C:\Windows\system32\SRCOM.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000166200 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000158696 _____ (TOSHIBA Corporation) C:\Windows\system32\tadefxapo.dll
2017-09-22 09:21 - 2017-08-30 23:05 - 000075536 _____ (TOSHIBA CORPORATION.) C:\Windows\system32\tepeqapo64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 072520712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2017-09-22 09:21 - 2017-08-30 23:04 - 007172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 007096184 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 006264632 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64AF3.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 005921768 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers

\RTKVHD64.sys
2017-09-22 09:21 - 2017-08-30 23:04 - 005346992 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 003677160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2017-09-22 09:21 - 2017-08-30 23:04 - 003558272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 003509200 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 003410840 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 003205120 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 003132640 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 002444680 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv201.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 002211304 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001965808 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001959600 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64AF3.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001780616 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001591056 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001544256 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001508928 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001372384 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001348168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001259728 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001159184 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 001016928 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDHF64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000984912 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000965024 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000877424 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SEHDHF32.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000868176 _____ (Sound Research, Corp.) C:\Windows\system32\SECOMN64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000866640 _____ (Sound Research, Corp.) C:\Windows\system32\SEHDRA64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000743960 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000737968 _____ (Sound Research, Corp.) C:\Windows\SysWOW64\SECOMN32.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000727432 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000691680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000680552 _____ (ICEpower a/s) C:\Windows\system32\ICEsoundAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000526280 _____ (Sound Research, Corp.) C:\Windows\system32\SEAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000504304 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000447720 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000445400 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000441264 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000416504 _____ (Harman) C:\Windows\system32\HMUI.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000406456 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000387312 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000378384 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000366120 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\HMAPO.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000362048 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64AF3.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000360344 _____ (Harman) C:\Windows\system32\HMClariFi.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000343704 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000327456 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000321712 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000310424 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64F3.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000272712 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000258864 _____ (TODO: <Company name>) C:\Windows\system32\slprp64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000253896 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000252872 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000231912 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000214824 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000203840 _____ (Harman) C:\Windows\system32\HMHVS.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000192984 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000190936 _____ (Harman) C:\Windows\system32\HMEQ.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000190928 _____ (Harman) C:\Windows\system32\HMEQ_Voice.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000179592 _____ (Harman) C:\Windows\system32\HMLimiter.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000154360 _____ (Harman) C:\Windows\system32\HarmanAudioInterface.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000151784 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000134200 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000118592 _____ C:\Windows\system32\AcpiServiceVnA64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000105304 _____ C:\Windows\system32\audioLibVc.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000090912 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000088344 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000088320 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000083624 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows

\SysWOW64\SFCOM.dll
2017-09-22 09:21 - 2017-08-30 23:04 - 000023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2017-09-22 09:21 - 2017-08-30 23:03 - 002993720 _____ (Audyssey Labs) C:\Windows\system32\AudysseyEfx.dll
2017-09-22 09:21 - 2017-08-30 19:22 - 013325996 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2017-09-22 09:21 - 2017-08-30 19:22 - 005804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2017-09-22 09:20 - 2017-09-22 09:28 - 000000000 ___HD C:\Program Files (x86)\Temp
2017-09-22 09:20 - 2017-09-22 09:20 - 000000000 ____D C:\Program Files (x86)\Realtek
2017-09-22 09:20 - 2017-07-21 10:17 - 002839488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2017-09-22 09:11 - 2017-09-22 09:11 - 000002323 _____ C:\Users\Public\Desktop\72-10415 v4.01.lnk
2017-09-22 09:11 - 2017-09-22 09:11 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM
2017-09-22 09:04 - 2017-09-22 09:04 - 000001403 _____ C:\Users\TURB0\Desktop\FirefoxPortable.lnk
2017-09-22 08:46 - 2017-09-22 08:46 - 000001206 _____ C:\Users\TURB0\Desktop\ClipCache Pro.lnk
2017-09-22 08:46 - 2017-09-22 08:46 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\XRayz
2017-09-22 08:44 - 2017-09-21 23:59 - 000000000 ____D C:\Windows\Panther
2017-09-22 08:23 - 2017-09-22 09:28 - 000078280 _____ C:\Users\TURB0\AppData\Local\GDIPFONTCACHEV1.DAT
2017-09-22 08:14 - 2017-09-28 18:09 - 000002546 _____ C:\Windows\Sandboxie.ini
2017-09-22 08:14 - 2017-09-22 08:14 - 000001145 _____ C:\Users\TURB0\Desktop\Sandboxed Web Browser.lnk
2017-09-22 04:17 - 2017-09-26 15:58 - 000028272 _____ C:\Windows\system32\Drivers\TrueSight.sys
2017-09-22 04:17 - 2017-09-22 08:29 - 000000000 ____D C:\ProgramData\RogueKiller
2017-09-22 04:12 - 2017-09-28 18:53 - 000000000 ____D C:\FRST
2017-09-22 04:09 - 2017-09-22 09:20 - 000000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2017-09-22 03:59 - 2017-09-22 03:59 - 000110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2017-09-22 03:59 - 2017-09-22 03:59 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Sun
2017-09-22 03:59 - 2017-09-22 03:59 - 000000000 ____D C:\Users\TURB0\AppData\LocalLow\Sun
2017-09-22 03:59 - 2017-09-22 03:59 - 000000000 ____D C:\ProgramData\Oracle
2017-09-22 03:59 - 2017-09-22 03:59 - 000000000 ____D C:\Program Files\Java
2017-09-22 03:49 - 2017-09-22 03:49 - 000001388 _____ C:\Users\TURB0\Desktop\KeePass 2.lnk
2017-09-22 03:37 - 2017-09-22 03:37 - 000002545 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2017-09-22 03:32 - 2017-09-22 03:32 - 000001965 _____ C:\Users\TURB0\Desktop\7+ Taskbar Tweaker.lnk
2017-09-22 03:32 - 2017-09-22 03:32 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\7+ Taskbar Tweaker
2017-09-22 03:23 - 2017-09-28 15:58 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\TeraCopy
2017-09-22 03:23 - 2017-09-22 03:23 - 000000000 ___HD C:\Users\TURB0\AppData\Roaming\Obsidium
2017-09-22 03:23 - 2017-09-22 03:23 - 000000000 ___HD C:\Users\TURB0\.obs32
2017-09-22 03:22 - 2017-09-22 03:22 - 000001756 _____ C:\Users\Public\Desktop\LibreOffice 5.3.lnk
2017-09-22 03:18 - 2017-09-22 03:18 - 000000000 ____D C:\Users\TURB0\AppData\Local\FluxSoftware
2017-09-22 03:17 - 2017-09-26 22:39 - 000000000 ____D C:\Program Files (x86)\Internet
2017-09-22 03:17 - 2017-09-22 03:17 - 000001253 _____ C:\Users\TURB0\Desktop\The Proxomitron.lnk
2017-09-22 03:13 - 2017-09-22 03:13 - 000001600 _____ C:\Users\TURB0\Desktop\XMPlay.lnk
2017-09-22 03:12 - 2017-09-22 03:16 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\XMPlay
2017-09-22 03:11 - 2017-09-22 03:11 - 000000000 ____D C:\Windows\System32\Tasks\UltraSearch
2017-09-22 03:10 - 2017-09-28 12:36 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\UltraSearch-x64
2017-09-22 02:17 - 2017-09-22 02:17 - 000000144 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-22 02:14 - 2017-09-22 02:14 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Unlocker
2017-09-22 02:06 - 2015-06-21 16:09 - 000713216 _____ C:\Windows\system32\xvidcore.dll
2017-09-22 02:06 - 2015-06-21 16:09 - 000251392 _____ C:\Windows\system32\xvidvfw.dll
2017-09-22 02:06 - 2015-06-21 16:09 - 000171520 _____ C:\Windows\system32\xvid.ax
2017-09-22 02:06 - 2015-06-21 16:09 - 000147968 _____ C:\Windows\SysWOW64\xvid.ax
2017-09-22 02:06 - 2015-06-21 16:08 - 000638976 _____ C:\Windows\SysWOW64\xvidcore.dll
2017-09-22 02:06 - 2015-06-21 16:08 - 000235520 _____ C:\Windows\SysWOW64\xvidvfw.dll
2017-09-22 01:44 - 2017-09-22 01:44 - 000001188 _____ C:\Users\Public\Desktop\FileBox eXtender.lnk
2017-09-22 01:44 - 2017-09-22 01:44 - 000000000 ___HD C:\ProgramData\{7A94EF79-C34B-444E-BECC-25AB7D77AA78}
2017-09-22 01:44 - 2017-09-22 01:44 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Hyperionics
2017-09-22 01:42 - 2017-09-22 01:42 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\MediaInfo
2017-09-22 01:41 - 2017-09-22 01:41 - 000002256 _____ C:\Users\Public\Desktop\MPC-HC x64.lnk
2017-09-22 01:23 - 2017-09-22 01:23 - 000003586 _____ C:\Windows\System32\Tasks\Moo0 Window Menu Plus 1.20
2017-09-22 01:23 - 2017-09-22 01:23 - 000001462 _____ C:\Users\TURB0\Desktop\Moo0 Window Menu Plus 1.20.lnk
2017-09-22 01:22 - 2017-09-22 11:02 - 000000134 _____ C:\Users\TURB0\Desktop\Internet Explorer Troubleshooting.url
2017-09-22 01:07 - 2017-09-22 02:06 - 000000000 ____D C:\Program Files (x86)\Graphics+Video
2017-09-22 01:07 - 2017-09-22 01:07 - 000001333 _____ C:\Users\Public\Desktop\IrfanView.lnk
2017-09-22 01:07 - 2017-09-22 01:07 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\IrfanView
2017-09-22 01:01 - 2017-09-22 01:03 - 000001351 _____ C:\Users\Public\Desktop\Notepad++.lnk
2017-09-22 01:01 - 2017-09-22 01:02 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Notepad++
2017-09-22 01:01 - 2017-09-22 01:01 - 000000000 ____D C:\Users\TURB0\AppData\Local\Notepad++
2017-09-22 01:00 - 2017-09-27 20:37 - 000000000 ____D C:\Program Files (x86)\Utilities
2017-09-22 00:58 - 2017-09-22 00:58 - 000000000 ____D C:\Windows\RegBak
2017-09-22 00:50 - 2017-09-28 18:34 - 000000078 _____ C:\Windows\system32\SENTINEL1.Windows 7 Ultimate, 64-bit Service Pack

1 (build 7601).txt
2017-09-22 00:50 - 2017-09-28 18:29 - 000038894 _____ C:\Windows\system32\config\afw_db.conf
2017-09-22 00:50 - 2017-09-28 18:29 - 000000752 _____ C:\Windows\system32\config\afw_hm.conf
2017-09-22 00:44 - 2017-09-26 02:51 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet
2017-09-22 00:44 - 2017-09-24 22:43 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Utilities
2017-09-22 00:44 - 2017-09-23 21:26 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Utilities
2017-09-22 00:44 - 2017-09-23 17:47 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet
2017-09-22 00:44 - 2017-09-22 08:42 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Graphics+Video
2017-09-22 00:44 - 2017-09-22 08:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Graphics+Video
2017-09-22 00:43 - 2017-09-22 00:47 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\RegBak1.5
2017-09-22 00:38 - 2017-09-22 00:38 - 000002856 _____ C:\Users\TURB0\Documents\MBRFilter Registry BEFORE Install.reg
2017-09-22 00:33 - 2017-09-28 18:52 - 000152027 _____ C:\Windows\system32\config\rules.rdb
2017-09-22 00:32 - 2017-09-22 00:51 - 000014336 _____ C:\Windows\system32\config\sscan.xas
2017-09-22 00:32 - 2015-11-18 01:05 - 001712168 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\SandBox64.sys
2017-09-22 00:32 - 2015-07-21 22:11 - 000465072 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afwcore.sys
2017-09-22 00:32 - 2015-07-21 20:24 - 000052904 _____ (Agnitum Ltd.) C:\Windows\system32\Drivers\afw.sys
2017-09-22 00:31 - 2017-09-24 22:43 - 000000000 ____D C:\Program Files\Utilities
2017-09-22 00:30 - 2017-09-22 01:41 - 000000000 ____D C:\Program Files\Graphics+Video
2017-09-22 00:30 - 2017-09-22 00:32 - 000000000 ____D C:\Program Files\Internet
2017-09-22 00:30 - 2017-09-22 00:30 - 000000000 ____D C:\ProgramData\Agnitum
2017-09-22 00:24 - 2017-04-24 22:57 - 000430656 _____ (Intel Corporation) C:\Windows\system32\PROUnstl.exe
2017-09-22 00:23 - 2017-09-22 00:23 - 000000000 ____D C:\Program Files (x86)\ASM104xUSB3
2017-09-22 00:22 - 2017-09-28 18:31 - 000000000 __SHD C:\Users\TURB0\IntelGraphicsProfiles
2017-09-22 00:22 - 2017-09-22 00:22 - 000019574 _____ C:\Windows\system32\results.xml
2017-09-22 00:22 - 2017-09-22 00:22 - 000000451 _____ C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2017-09-22 00:21 - 2017-09-22 00:21 - 000000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iusb3hcs_01009.Wdf
2017-09-22 00:20 - 2017-09-22 00:20 - 000000696 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2017-09-22 00:20 - 2017-09-22 00:20 - 000000000 ____D C:\Program Files (x86)\Intel
2017-09-22 00:20 - 2017-04-24 09:34 - 000081408 _____ (Khronos Group) C:\Windows\system32\OpenCL.DLL
2017-09-22 00:20 - 2017-04-24 09:34 - 000077824 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.DLL
2017-09-22 00:20 - 2013-09-17 15:47 - 000041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll
2017-09-22 00:18 - 2017-09-22 00:18 - 000000000 ____D C:\Users\TURB0\Intel
2017-09-22 00:17 - 2017-09-22 00:19 - 000000000 ____D C:\Intel
2017-09-22 00:15 - 2017-09-22 00:20 - 000178448 _____ C:\Windows\ntbtlog.txt
2017-09-22 00:09 - 2017-09-27 22:24 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-22 00:09 - 2017-09-22 03:09 - 000000000 ____D C:\Program Files\Intel
2017-09-22 00:07 - 2017-09-22 00:07 - 000001059 _____ C:\Users\TURB0\Desktop\Documents.lnk
2017-09-21 23:59 - 2017-09-23 12:22 - 000000000 ____D C:\Users\TURB0
2017-09-21 23:59 - 2017-09-22 11:15 - 000001427 _____ C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Start Menu\Programs

\Internet Explorer.lnk
2017-09-21 23:59 - 2017-09-22 10:44 - 000000000 ____D C:\Users\TURB0\AppData\Local\VirtualStore
2017-09-21 23:59 - 2017-09-21 23:59 - 000000020 ___SH C:\Users\TURB0\ntuser.ini
2017-09-21 23:59 - 2011-04-12 09:28 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\Media Center Programs
2017-09-21 23:47 - 2017-09-21 23:47 - 000001345 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2017-09-21 23:47 - 2017-09-21 23:47 - 000001326 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD

Maker.lnk
2017-09-17 04:30 - 2013-10-10 21:36 - 000015872 _____ (Marvell Semiconductor Inc.) C:\Windows\system32\Drivers\mv91cons.sys
2017-09-10 23:54 - 2017-09-20 13:31 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\NetMeterEvo
2017-09-07 20:24 - 2017-09-22 13:55 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\DesktopOK
2017-09-07 09:25 - 2017-04-24 09:35 - 000191476 _____ C:\Windows\system32\resTHA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000184036 _____ C:\Windows\system32\resELL.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000179828 _____ C:\Windows\system32\resRUS.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000165460 _____ C:\Windows\system32\resARA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000164948 _____ C:\Windows\system32\resJPN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000164884 _____ C:\Windows\system32\resHEB.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000160260 _____ C:\Windows\system32\resHUN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000160196 _____ C:\Windows\system32\resFRA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158532 _____ C:\Windows\system32\resKOR.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158388 _____ C:\Windows\system32\resDEU.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158356 _____ C:\Windows\system32\resITA.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158148 _____ C:\Windows\system32\resROM.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000158052 _____ C:\Windows\system32\resESN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157652 _____ C:\Windows\system32\resPLK.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157492 _____ C:\Windows\system32\resSKY.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000157332 _____ C:\Windows\system32\resNLD.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156708 _____ C:\Windows\system32\resPTB.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156628 _____ C:\Windows\system32\resCSY.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156596 _____ C:\Windows\system32\resTRK.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000156420 _____ C:\Windows\system32\resPTG.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155972 _____ C:\Windows\system32\resFIN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155540 _____ C:\Windows\system32\resHRV.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000155124 _____ C:\Windows\system32\resSVE.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000154964 _____ C:\Windows\system32\resSLV.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000154004 _____ C:\Windows\system32\resNOR.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000153508 _____ C:\Windows\system32\resDAN.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000152164 _____ C:\Windows\system32\resENU.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000150404 _____ C:\Windows\system32\resCHT.cui
2017-09-07 09:25 - 2017-04-24 09:35 - 000149524 _____ C:\Windows\system32\resCHS.cui
2017-09-07 09:25 - 2017-04-24 09:34 - 022922752 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 017854976 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 012442968 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 012007928 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 011158160 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 010676400 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 008530944 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 006518272 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 004710224 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 004382840 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 004379256 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 003811816 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2017-09-07 09:25 - 2017-04-24 09:34 - 003733488 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 002813952 _____ C:\Windows\system32\iglhxa64.cpa
2017-09-07 09:25 - 2017-04-24 09:34 - 002044416 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 002003968 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001803264 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001775616 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001174824 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 001170632 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000959608 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000689664 _____ (Intel Corporation) C:\Windows\system32\igfxDH.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000626688 _____ (Intel Corporation) C:\Windows

\system32\MetroIntelGenericUIFramework.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000545912 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000545400 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000530552 _____ (Intel Corporation) C:\Windows\system32\igfxEM.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000480584 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000463112 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2017-09-07 09:25 - 2017-04-24 09:34 - 000399992 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000399480 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000394240 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000390920 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000389120 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000383488 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000372856 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000338944 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000319096 _____ (Intel Corporation) C:\Windows\system32\igfxCUIService.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000316245 _____ C:\Windows\system32\DisplayAudiox64.cab
2017-09-07 09:25 - 2017-04-24 09:34 - 000304128 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000302080 _____ (Intel Corporation) C:\Windows\system32\igfxDI.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000280696 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000272896 _____ C:\Windows\system32\igfxCPL.cpl
2017-09-07 09:25 - 2017-04-24 09:34 - 000269824 _____ (Intel Corporation) C:\Windows\system32\igfxLHM.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000247416 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000240424 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000238592 _____ C:\Windows\system32\igdde64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000226816 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000212480 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4653.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000209640 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000204840 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000202240 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000200192 _____ C:\Windows\SysWOW64\igdde32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000195192 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000179712 _____ C:\Windows\system32\igdail64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000179592 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000172544 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000161280 _____ C:\Windows\SysWOW64\igdail32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000156280 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2017-09-07 09:25 - 2017-04-24 09:34 - 000111616 _____ C:\Windows\system32\IccLibDll_x64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000103936 _____ C:\Windows\system32\igfxCUIServicePS.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000087040 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000081408 _____ (Khronos Group) C:\Windows\system32\Intel_OpenCL_ICD64.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000077824 _____ (Khronos Group) C:\Windows\SysWOW64\Intel_OpenCL_ICD32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000077312 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000049928 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000048128 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000044025 _____ C:\Windows\system32\iglhxo64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043816 _____ C:\Windows\system32\iglhxc64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043494 _____ C:\Windows\system32\iglhxc64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043298 _____ C:\Windows\system32\iglhxg64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000043256 _____ C:\Windows\system32\iglhxg64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000042079 _____ C:\Windows\system32\iglhxo64_dev.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000028160 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000028160 _____ ( ) C:\Windows\system32\igfxDILib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000027648 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000027648 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000022528 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000022528 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2017-09-07 09:25 - 2017-04-24 09:34 - 000002582 _____ C:\Windows\system32\iglhxs64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000001125 _____ C:\Windows\system32\iglhxa64.vp
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\Gfxv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\DPTopologyAppv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000895 _____ C:\Windows\system32\CustomModeAppv2_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\Gfxv4_0.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\DPTopologyApp.exe.config
2017-09-07 09:25 - 2017-04-24 09:34 - 000000889 _____ C:\Windows\system32\CustomModeApp.exe.config
2017-09-07 09:24 - 2016-03-29 12:52 - 000003114 _____ C:\Windows\system32\e1c62x64.din
2017-09-07 09:24 - 2016-03-29 08:46 - 000498640 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1c62x64.sys
2017-09-07 09:24 - 2015-06-05 23:23 - 000076784 _____ (Intel Corporation) C:\Windows\system32\e1qmsg.dll
2017-09-07 09:24 - 2015-05-27 01:39 - 000498672 _____ (Intel Corporation) C:\Windows\system32\Drivers\e1q62x64.sys
2017-09-07 09:24 - 2015-02-25 12:37 - 000089144 _____ (Intel Corporation) C:\Windows\system32\NicInstQ.dll
2017-09-07 09:24 - 2013-07-25 11:08 - 000073480 _____ (Intel Corporation) C:\Windows\system32\e1cmsg.dll
2017-09-07 09:24 - 2013-07-11 11:27 - 000089888 _____ (Intel Corporation) C:\Windows\system32\NicInstC.dll
2017-09-07 09:24 - 2013-01-12 01:17 - 000003097 _____ C:\Windows\system32\e1q62x64.din
2017-09-07 09:24 - 2009-05-26 18:05 - 000036472 _____ (Intel Corporation) C:\Windows\system32\NicCo36.dll
2017-09-05 05:40 - 2017-09-05 09:11 - 000000000 ____D C:\Users\TURB0\AppData\Roaming\PDFXchange_Viewer
2017-08-30 13:23 - 2017-08-30 13:23 - 000993632 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000987840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000690008 _____ (Microsoft Corporation) C:\Windows\system32\msvcp120_clr0400.dll
2017-08-30 13:23 - 2017-08-30 13:23 - 000485576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp120_clr0400.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2017-09-28 18:37 - 2009-07-14 06:13 - 000781298 _____ C:\Windows\system32\PerfStringBackup.INI
2017-09-28 18:37 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2017-09-28 18:37 - 2009-07-14 05:45 - 000021072 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2017-09-28 18:37 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\inf
2017-09-28 18:30 - 2009-07-14 06:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2017-09-27 16:36 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\rescache
2017-09-27 14:44 - 2009-07-14 04:20 - 000000000 ____D C:\Program Files\Common Files\Microsoft Shared
2017-09-26 10:32 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\NDF
2017-09-22 11:14 - 2009-07-14 05:45 - 000349096 _____ C:\Windows\system32\FNTCACHE.DAT
2017-09-22 11:13 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\PolicyDefinitions
2017-09-22 08:43 - 2009-07-14 06:32 - 000028672 _____ C:\Windows\system32\config\BCD-Template
2017-09-22 04:05 - 2009-07-14 06:32 - 000000000 ____D C:\Program Files\Windows Sidebar
2017-09-22 02:07 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\Resources
2017-09-21 23:47 - 2009-07-14 04:20 - 000000000 ____D C:\Windows\system32\sysprep
2017-09-21 23:45 - 2011-04-12 09:28 - 000000000 ____D C:\Windows\CSC

==================== Files in the root of some directories =======

2017-09-22 13:57 - 2017-09-22 14:06 - 000000159 _____ () C:\Users\TURB0\AppData\Roaming\prio.ini
2017-09-24 22:36 - 2017-09-28 01:33 - 000001293 _____ () C:\Users\TURB0\AppData\Local\Temp1.html
2017-09-24 23:02 - 2017-09-28 01:33 - 000008555 _____ () C:\Users\TURB0\AppData\Local\Temp26.html
2017-09-22 09:22 - 2017-09-22 09:22 - 000000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
2017-09-22 04:17 - 2017-09-22 11:09 - 001732032 _____ (Microsoft Corporation) C:\Users\TURB0\AppData\Local\Temp

\dllnt_dump.dll
2017-09-28 12:40 - 2017-09-28 12:40 - 000040448 ____N () C:\Users\TURB0\AppData\Local\Temp

\proxy_vole4282979185780596976.dll
2017-09-22 00:30 - 2015-11-26 17:55 - 000265728 _____ (Agnitum Ltd.) C:\Users\TURB0\AppData\Local\Temp\w7_gui32.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2017-09-22 03:00

==================== End of FRST.txt ============================



#12 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 28 September 2017 - 01:28 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by TURB0 (28-09-2017 18:53:45)
Running from E:\Downloads\New 20170908\System Testing\Malware Detection+Removal
Windows 7 Ultimate Service Pack 1 (X64) (2017-09-21 22:59:04)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-314370064-738425275-644545302-500 - Administrator - Disabled)
Guest (S-1-5-21-314370064-738425275-644545302-501 - Limited - Disabled)
TURB0 (S-1-5-21-314370064-738425275-644545302-1000 - Administrator - Enabled) => C:\Users\TURB0

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Disabled - Up to date) {71A27EC9-3DA6-45FC-60A7-004F623C6189}
AS: Microsoft Security Essentials (Disabled - Up to date) {CAC39F2D-1B9C-4A72-5A17-3B3D19BB2B34}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Outpost Firewall Pro (Enabled) {BFD97B08-B281-A36A-4414-803D4491AB1D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7+ Taskbar Tweaker v5.3.0.6 (HKU\S-1-5-21-314370064-738425275-644545302-1000\...\7 Taskbar Tweaker) (Version: 5.3.0.6 - RaMMicHaeL)
72-10415 Interface Program Ver 4.01 (HKLM-x32\...\{65E02FF0-2D48-4975-B3C5-1ED361D0539F}) (Version: 4.01 -  )
7-Zip 17.00 beta (x64) (HKLM\...\7-Zip) (Version: 17.00 beta - Igor Pavlov)
Asmedia USB Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.16.49.1 - Asmedia Technology)
Assessments on Client (HKLM-x32\...\{C1C83898-5A60-AE9D-A3AB-7534375CA453}) (Version: 8.100.26866 - Microsoft) Hidden
Attribute Changer 8.70 (HKLM\...\{27263813-8BDE-4CD2-84D3-02536743428A}_is1) (Version: 8.70 - Romain Petges)
Audacity 2.1.3 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.3 - Audacity Team)
ClipCache Pro 3.5.3 (HKLM\...\ClipCache_is1) (Version:  - XRayz Software)
f.lux (HKU\S-1-5-21-314370064-738425275-644545302-1000\...\Flux) (Version:  - f.lux Software LLC)
FFmpeg (Windows) for Audacity version 2.2.2 (HKLM-x32\...\{9C7E31E3-017F-434C-AC40-24431A354A1E}_is1) (Version: 2.2.2 - )
FileBox eXtender (HKLM\...\{23236FC2-648D-4ACF-AD16-68492D0F0AC9}) (Version: 2.1.0 - Hyperionics Technology LLC) Hidden
FileBox eXtender (HKLM-x32\...\FileBox eXtender) (Version:  - Hyperionics Technology LLC)
FlashGet(JetCar) (HKLM-x32\...\FlashGet(JetCar)) (Version:  - )
HashTab 6.0.0.34 (HKLM\...\HashTab) (Version: 6.0.0.34 - Implbits Software)
HxD Hex Editor version 1.7.7.0 (HKLM-x32\...\HxD Hex Editor_is1) (Version: 1.7.7.0 - Maël Hörz)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Chipset Device Software (HKLM-x32\...\{17408817-d415-4768-a160-ae6d46d6bdb0}) (Version: 10.1.1.44 - Intel® Corporation) Hidden
Intel® Chipset Device Software (HKLM-x32\...\{7237f6c4-bcae-41b5-8f4b-ec446f5c115f}) (Version: 10.1.2.8 - Intel® Corporation) Hidden
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 22.4 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4653 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.10.255 - Intel Corporation)
IrfanView 4.44 (32-bit) (HKLM-x32\...\IrfanView) (Version: 4.44 - Irfan Skiljan)
Java 8 Update 144 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F64180144F0}) (Version: 8.0.1440.1 - Oracle Corporation)
JD's Proxomitron Config Set (remove only) (HKLM-x32\...\JDList) (Version:  - )
KeePass Password Safe 2.36 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.36 - Dominik Reichl)
Kits Configuration Installer (HKLM-x32\...\{B74E65FD-CC47-41C5-4B89-791A3F61942D}) (Version: 8.100.25984 - Microsoft) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LAV Filters 0.70.2 (HKLM-x32\...\lavfilters_is1) (Version: 0.70.2 - Hendrik Leppkes)
LibreOffice 5.3.6.1 (HKLM\...\{968CE0B2-6DD2-4858-A0BC-5262A0606D07}) (Version: 5.3.6.1 - The Document Foundation)
Microsoft .NET Framework 4.6.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01590 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.10.209.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660 (HKLM-x32\...\{ef6b00ec-13e1-4c25-9064-b2f383cb8412}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.40660 (HKLM-x32\...\{61087a79-ac85-455c-934d-1fa22cc64f36}) (Version: 12.0.40660.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017 (HKLM-x32\...\{e9d78d68-c26c-4da7-9158-99355d8ef3ad}) (Version: 14.10.25017.0 - Microsoft Corporation)
Microsoft Visual C++ 2017 Redistributable (x86) - 14.10.25017 (HKLM-x32\...\{58b3beca-b999-4f6f-a48c-81681136a620}) (Version: 14.10.25017.0 - Microsoft Corporation)
MKVToolNix 15.0.0 (32-bit) (HKLM-x32\...\MKVToolNix) (Version: 15.0.0 - Moritz Bunkus)
Moo0 Window Menu Plus 1.20 (HKLM-x32\...\Moo0 WindowMenuPlus) (Version:  - )
Mozilla Thunderbird 52.3.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 52.3.0 (x86 en-GB)) (Version: 52.3.0 - Mozilla)
MPC-HC 1.7.13 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.13 - MPC-HC Team)
NetTime (HKLM-x32\...\NetTime_is1) (Version:  - Mark Griffiths)
Notepad++ (32-bit x86) (HKLM-x32\...\Notepad++) (Version: 7.5.1 - Notepad++ Team)
Opera Stable 47.0.2631.80 (HKLM-x32\...\Opera 47.0.2631.80) (Version: 47.0.2631.80 - Opera Software)
Outpost Firewall Pro 9.3 (HKLM\...\Agnitum Outpost Firewall Pro_is1) (Version: 9.3 - Agnitum, Ltd.)
PL2303 USB-to-Serial (HKLM-x32\...\{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}) (Version: 1.18.1 - Prolific Technology INC)
Prio (HKLM\...\Prio) (Version: 2.1.0.4391 - )
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.8245 - Realtek Semiconductor Corp.)
Registry Defragmenter and Compactor 1.6 (HKLM\...\Registry Compactor_is1) (Version:  - Acelogix)
Sandboxie 5.20 (64-bit) (HKLM\...\Sandboxie) (Version: 5.20 - Sandboxie Holdings, LLC)
SanityCheck 3.50 (HKLM\...\SanityCheck_is1) (Version:  - Resplendence Software Projects Sp.)
smartmontools (HKLM-x32\...\smartmontools) (Version: 6.5 2016-05-07 r4318 (sf-6.5-1) - smartmontools.org)
Taskbar Activate (HKLM-x32\...\Taskbar Activate) (Version:  - )
TeraCopy version 3.2 (HKLM\...\TeraCopy_is1) (Version: 3.2 - Code Sector)
The Proxomitron Ver. Naoko-4.5 (HKLM-x32\...\The Proxomitron - Universal Web Filter_is1) (Version:  - )
Toolkit Documentation (HKLM-x32\...\{6C870B12-6FF2-68FC-8C3B-DD177BBF3F92}) (Version: 8.100.26866 - Microsoft) Hidden
UltraISO Premium V9.7 (HKLM-x32\...\UltraISO_is1) (Version:  - )
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
WhoCrashed 5.54 (HKLM\...\WhoCrashed_is1) (Version:  - Resplendence Software Projects Sp.)
Windows Assessment and Deployment Kit for Windows 8.1 (HKLM-x32\...\{e9e06304-a604-434b-b35f-d9beb94dc06d}) (Version: 8.100.26866 - Microsoft Corporation)
WPT Redistributables (HKLM-x32\...\{64F3FB9A-9250-B2D6-00B4-50BE0358AEE8}) (Version: 8.100.26866 - Microsoft) Hidden
WPTx64 (HKLM-x32\...\{BFF81CB5-E8C7-4184-FBB4-74ADFBC6CCCB}) (Version: 8.100.26837 - Microsoft) Hidden
Xvid Video Codec (HKLM-x32\...\Xvid Video Codec 1.3.4) (Version: 1.3.4 - Xvid Team)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-314370064-738425275-644545302-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel

Corporation)
CustomCLSID: HKU\S-1-5-21-314370064-738425275-644545302-1000_Classes\CLSID\{869C14C8-1830-491F-B575-5F9AB40D2B42}\InprocServer32 -> C:\Users\TURB0\AppData\Roaming\MediaInfo

\MediaInfo_InfoTip.dll (MediaArea.net)
ContextMenuHandlers1: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers1: [ANotepad++64] -> {B298D29A-A6ED-11DE-BA8C-A68E55D89593} => C:\Program Files (x86)\Utilities\Text+nfo+Office\Notepad++\NppShell_06.dll [2017-08-29] ()
ContextMenuHandlers1: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Utilities\Files+Folders+Drives\Attribute Changer\acshell.dll [2017-07-28] (Romain

Petges)
ContextMenuHandlers2: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers2: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\Utilities\Files+Folders+Drives\Optical Drive Appz\UltraISO\isoshl64.dll [2015

-10-08] (EZB Systems, Inc.)
ContextMenuHandlers3: [ACShell] -> {D3F9A525-8824-497A-BE36-B23E22F141FC} => C:\Program Files\Utilities\Files+Folders+Drives\Attribute Changer\acshell.dll [2017-07-28] (Romain

Petges)
ContextMenuHandlers3: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerCOM.dll [2010-07-15]

()
ContextMenuHandlers4: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers4: [EPP] -> {09A47860-11B0-4DA5-AFA5-26D86198A780} => c:\Program Files\Microsoft Security Client\shellext.dll [2016-11-14] (Microsoft Corporation)
ContextMenuHandlers4: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\Utilities\Files+Folders+Drives\Optical Drive Appz\UltraISO\isoshl64.dll [2015

-10-08] (EZB Systems, Inc.)
ContextMenuHandlers5: [igfxcui] -> {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4} =>  -> No File
ContextMenuHandlers5: [igfxDTCM] -> {9B5F5829-A529-4B12-814A-E81BCB8D93FC} => C:\Windows\system32\igfxDTCM.dll [2017-04-24] (Intel Corporation)
ContextMenuHandlers6: [7-Zip] -> {23170F69-40C1-278A-1000-000100020000} => C:\Program Files\Utilities\Compression Tools\7-Zip\7-zip.dll [2017-04-29] (Igor Pavlov)
ContextMenuHandlers6: [UltraISO] -> {AD392E40-428C-459F-961E-9B147782D099} => C:\Program Files (x86)\Utilities\Files+Folders+Drives\Optical Drive Appz\UltraISO\isoshl64.dll [2015

-10-08] (EZB Systems, Inc.)
ContextMenuHandlers6: [UnlockerShellExtension] -> {DDE4BEEB-DDE6-48fd-8EB5-035C09923F83} => C:\Program Files\Utilities\Files+Folders+Drives\Unlocker\UnlockerCOM.dll [2010-07-15]

()

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {555C37EA-87B8-406E-B535-CE29B404C9DF} - System32\Tasks\Moo0 Window Menu Plus 1.20 => C:\Program Files (x86)\Utilities\Explorer+Shell+TaskBar\WindowMenuPlus

\WindowMenuPlus.exe -startup
Task: {8852EF53-F854-4B16-923D-A1F0662FFADC} - System32\Tasks\UltraSearch\UltraSearch_SkipUAC_TURB0 => C:\Users\TURB0\AppData\Roaming\UltraSearch-x64\UltraSearch.exe [2016-07-19]

(JAM Software)
Task: {D558FD14-9C69-4E5C-81F7-BC49699F813D} - System32\Tasks\Opera scheduled Autoupdate 1506260152 => C:\Program Files (x86)\Internet\Browsers\Opera\launcher.exe [2017-09-06]

(Opera Software)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)


==================== Loaded Modules (Whitelisted) ==============

2017-09-25 20:13 - 2012-05-12 01:27 - 000473088 _____ () C:\Program Files (x86)\Internet\NetTime\NetTimeService.exe
2017-01-15 22:31 - 2017-01-15 22:31 - 000012704 _____ () C:\Program Files\Utilities\Prio\prio_svc.exe
2017-09-25 20:13 - 2012-05-12 09:28 - 000772096 _____ () C:\Program Files (x86)\Internet\NetTime\NetTime.exe

==================== Alternate Data Streams (Whitelisted) =========

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\acssrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\acssrv => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 000000824 _____ C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-314370064-738425275-644545302-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\TURB0\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 37.235.1.174 - 84.200.69.80
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{2C090650-6E04-4973-AE11-3BC789C69D08}] => (Allow) C:\Program Files (x86)\Internet\Browsers\Opera\47.0.2631.80\opera.exe

==================== Restore Points =========================

24-09-2017 13:21:59 Windows Update
25-09-2017 15:42:29 Windows Modules Installer
27-09-2017 14:31:03 Installed Microsoft Visual C++ 2005 Redistributable (x64)
27-09-2017 14:40:40 Installed Microsoft Visual C++ 2005 Redistributable
27-09-2017 14:47:29 Installed Microsoft Visual C++ 2005 Redistributable (x64)
27-09-2017 14:50:00 Removed Microsoft Visual C++ 2005 Redistributable (x64)
27-09-2017 14:52:32 Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.40660
27-09-2017 15:22:05 Microsoft Visual C++ 2017 Redistributable (x64) - 14.10.25017
27-09-2017 15:22:29 Windows Update

==================== Faulty Device Manager Devices =============

Name: Intel® 82579V Gigabit Network Connection
Description: Intel® 82579V Gigabit Network Connection
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: e1cexpress
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (09/28/2017 06:32:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 06:32:56 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 06:31:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could

not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.

Error: (09/28/2017 02:53:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 02:53:36 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 01:33:34 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 01:30:25 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/28/2017 12:30:49 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "c:\program files (x86)\Sound\editing+encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/27/2017 11:12:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (09/27/2017 11:12:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Sound\Editing+Encoding\Audacity\audacity.exe".Error in manifest or policy file "" on line .
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (09/28/2017 06:30:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.

Error: (09/28/2017 06:30:59 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.

Error: (09/27/2017 03:38:35 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: Microsoft Antimalware has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 0.0.0.0

    Update Source: Microsoft Update Server

    Update Stage: Search

    Source Path: http://www.microsoft.com

    Signature Type: AntiVirus

    Update Type: Full

    User: NT AUTHORITY\SYSTEM

    Current Engine Version:

    Previous Engine Version: 0.0.0.0

    Error code: 0x8001011b

    Error description: Access is denied.

Error: (09/27/2017 03:26:46 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/27/2017 03:26:46 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/27/2017 03:10:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/27/2017 03:10:27 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/27/2017 01:36:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/27/2017 01:36:24 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (09/26/2017 10:52:00 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.


==================== Memory info ===========================

Processor: Intel® Core™ i7-3770K CPU @ 3.50GHz
Percentage of memory in use: 9%
Total physical RAM: 24257.28 MB
Available physical RAM: 22024.23 MB
Total Virtual: 48512.73 MB
Available Virtual: 46149.86 MB

==================== Drives ================================

Drive c: (Windows7x64SP1_Hdd) (Fixed) (Total:114.9 GB) (Free:60.91 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (Seagate Data2) (Fixed) (Total:110 GB) (Free:29.45 GB) NTFS
Drive f: (FAT32) (Fixed) (Total:7.87 GB) (Free:1.72 GB) FAT32
Drive g: (SSD) (Fixed) (Total:29.72 GB) (Free:18.76 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 000242AC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=114.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=117.9 GB) - (Type=OF Extended)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 40A06A51)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=29.7 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 119 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.

==================== End of Addition.txt ============================



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,695 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:50 AM

Posted 28 September 2017 - 04:39 PM

Greetings,

Do you recognize these?
 

84.200.69.80 - Austria Vienna Emerion Webhosting Gmbh
84.200.69.80 - Germany Freinsheim Iamonsys Gmbh
91.239.100.100 - Denmark Thomas Steen Rasmussen


Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Right click on the FRST icon and select Run as administrator
  • Highlight the below information then hit the Ctrl + C keys at the same time
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\TURB0\AppData\Local\Temp26.html
C:\Users\TURB0\AppData\Local\Temp1.html
2017-09-28 12:40 - 2017-09-28 12:40 - 000040448 ____N () C:\Users\TURB0\AppData\Local\Temp\proxy_vole4282979185780596976.dll
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM
Virustotal: C:\Windows\SysWOW64\user.exe
emptytemp:
End::
  • Click Fix
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Recognize ISP?
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 28 September 2017 - 07:00 PM

The DMM is a program to read data via Serial->USB converter (Prolific  from my Digital MultiMeter. It was installed from the manufacturers CD. I use it when making colloidal silver. Is the fixlog still applicable? If it deletes something then I would have to re-install the program.

 

84.200.69.80 appears in my router logs as detailed below. The router log is fairly small and it does not show the default gateway which sometimes gets listed. The default gateway used does tend to be different to the default gateway which the router web interface checks for internet connectivity. Then it shows all green lights except for the final one which is the gateway. That might of been a 2.x.x.x type of IP address or it could of been 102. The only record I can find is in clipcache and that is 2.20.189.19, however I did check the one which showed in my router logs and I am fairly certain it was related to my ISP so I have big doubts whether it was 2.20.189.19. That is Akamai Technologies BTW.

 

Error     Sep 27 14:33:47    IDS dos parser : udp flood (1 of 1) : 192.168.1.66 84.200.69.80 0070 UDP 61911->53

 

A Russian IP to what I think is my ISP gateway:

Error     Sep 27 18:52:11    FIREWALL icmp check (1 of 1): Protocol: ICMP Src ip: 89.223.47.200 Dst ip: 176.252.22.75 Type: Destination Unreachable Code: Port Unreacheable

 

Country: Netherlands (NL), ISP: GoDaddy.com, LLC

Warning     Sep 28 03:07:39    IDS scan parser : tcp port scan: 188.121.36.239 scanned at least 10 ports at 176.252.22.75. (1 of 1) : 188.121.36.239 176.252.22.75 0040 TCP 80->51863 [...R..] seq 1904085705 win 0

 

Country: United States (US) City: Scottsdale  ISP: GoDaddy.com, LLC

Warning     Sep 28 01:31:34    IDS scan parser : tcp port scan: 72.167.239.239 scanned at least 10 ports at 176.252.22.75. (1 of 1) : 72.167.239.239 176.252.22.75 0040 TCP 80->64445 [...R..] seq 2639070766 win 0

 

 

I wished you would of warned me that my PC would shutdown because I had a lot of stuff open at the time. I am not certain that I saved some txt files.

 

My ISP is Sky broadband.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 26-09-2017 01
Ran by TURB0 (29-09-2017 00:29:58) Run:1
Running from E:\Downloads\New 20170908\System Testing\Malware Detection+Removal
Loaded Profiles: TURB0 (Available Profiles: TURB0)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
C:\Users\TURB0\AppData\Local\Temp26.html
C:\Users\TURB0\AppData\Local\Temp1.html
2017-09-28 12:40 - 2017-09-28 12:40 - 000040448 ____N () C:\Users\TURB0\AppData\Local\Temp\proxy_vole4282979185780596976.dll
Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM
Virustotal: C:\Windows\SysWOW64\user.exe
emptytemp:

*****************

Restore point was successfully created.
Processes closed successfully.
C:\Users\TURB0\AppData\Local\Temp26.html => moved successfully
C:\Users\TURB0\AppData\Local\Temp1.html => moved successfully
C:\Users\TURB0\AppData\Local\Temp\proxy_vole4282979185780596976.dll => moved successfully

========================= Folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM ========================

2017-09-22 09:11 - 2017-09-22 09:11 - 000000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM\72-10415
2017-09-22 09:11 - 2017-09-22 09:11 - 000002345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM\72-10415\72-10415 v4.01.lnk
2017-09-22 09:11 - 2017-09-22 09:11 - 000000696 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DMM\72-10415\UnInstall.lnk

====== End of Folder: ======

VirusTotal: C:\Windows\SysWOW64\user.exe => https://www.virustotal.com/file/22beee92597d78cbedc9532e24c673a768f61a2988d63d7ee71d4e75d12736e7/analysis/1506265205/

=========== EmptyTemp: ==========

BITS transfer queue => 8388608 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 2653205 B
Java, Flash, Steam htmlcache => 0 B
Windows/system/drivers => 37324905 B
Edge => 0 B
Chrome => 0 B
Firefox => 53127660 B
Opera => 200576683 B

Temp, IE cache, history, cookies, recent:
Users => 0 B
Default => 0 B
Public => 0 B
ProgramData => 0 B
systemprofile => 83519 B
systemprofile32 => 66228 B
LocalService => 66228 B
NetworkService => 9906 B
TURB0 => 1241699821 B

RecycleBin => 21858443 B
EmptyTemp: => 1.5 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 00:30:29 ====


Edited by -Cobra-, 28 September 2017 - 07:03 PM.


#15 -Cobra-

-Cobra-
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:50 AM

Posted 28 September 2017 - 07:09 PM

I was not meant to send the previous post until I had completed it. Not sure how that got posted as I have had to edit it a few times.

 

The router log is fairly small because a lot of it is made up of time syncs every hour from a NTP servers. Only the IP address of the server(s) are working which suggests that the DNS is still not working on my router because I do have a few different NTP servers with a mix of DNS and IP addresses. I have now temporily disabled the time server time updates so that more things get saved in the log which might show more information.

 

BTW user.exe is the standard microsoft file with zero malware reports.


Edited by -Cobra-, 28 September 2017 - 07:11 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users