Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Syswow64 using processes that jack up CPU usage


  • This topic is locked This topic is locked
30 replies to this topic

#1 Kral

Kral

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 09:48 AM

I recently had a series of problems related to malware due to a bad program install. I've cleared most of the largest issues, but the one problem that remains is after booting up the computer for a few minutes, I get a process that initiates from the c:\windows\syswow64 folder and increases CPU usage to around 50%. First it started as svchost.exe *32. But occasionally it would instead be TRACERT.EXE *32. This morning I renamed both files by taking ownership of them and attaching "OLD" at the end, and now my computer uses nslookup.exe *32 from that folder. I don't know how safe it is to keep renaming executables (or if it's even practical to keep renaming them all). Once this problem starts, whenever I go to reboot the system, I get a BSOD. 

I am currently using a Win7 OS, SP1. I have run a series of antimalware software and they no longer are able to catch anything suspicious. Is a fresh windows install the only way to go?

 

I have provided the needed logs below

Attached Files



BC AdBot (Login to Remove)

 


#2 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 09:50 AM

Hi Kral :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone
    This being said, I have a full time job so sometimes it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Fix mode
Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.
  • Right-click on the FRST executable and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Copy/paste the following inside the text area:
    Start::
    CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
    CMD: bcdedit.exe /set {default} recoveryenabled yes
    End::
    
  • Click on the Fix button
    NYA5Cbr.png
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad
  • Copy and paste its content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#3 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 09:55 AM

I pasted your instructions into the "Search" box of Farbar. I ran "Fix" and the following is the resulting log of the action. 
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 14.03.2018
Ran by Roy (07-04-2018 09:55:11) Run:1
Running from C:\Users\Roy\Desktop
Loaded Profiles: Roy (Available Profiles: Roy)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CMD: bcdedit.exe /set {bootmgr} displaybootmenu yes
CMD: bcdedit.exe /set {default} recoveryenabled yes
 
*****************
 
 
========= bcdedit.exe /set {bootmgr} displaybootmenu yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
========= bcdedit.exe /set {default} recoveryenabled yes =========
 
The operation completed successfully.
 
========= End of CMD: =========
 
 
==== End of Fixlog 09:55:12 ====

Edited by Kral, 07 April 2018 - 09:57 AM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 10:00 AM

For the next part, you'll need to download the FRST executable a clean computer, and move them on your USB Flash Drive. That USB can only be inserted in the infected computer if it is either shutdown, or in the Windows RE. Otherwise, the infection will mess with the files on the USB and you'll have to restart.

iO3R662.pngFarbar Recovery Scan Tool (FRST) - Recovery Environment Scan
Follow the instructions below to download and execute a scan on your system with FRST from the Recovery Environment, and provide the logs in your next reply.

Item(s) required:
  • USB Flash Drive (size depend on if you have to create a USB Recovery or Installation media)
  • Another computer (clean of infection)
  • CD/DVD (optional: only needed if you need to create a Recovery or Installation media and your USB Flash Drive is too small)
Preparing the USB Flash Drive
  • Download the right version of FRST for your system from a clean computer:
    • FRST 32-bit
    • FRST 64-bit
      Note: Only the right version will run on your system, the other will throw an error message. So if you don't know what your system's version is, simply download both of them, and the one that works is the one you should be using.
  • Move the executable (FRST.exe or FRST64.exe) on your USB Flash Drive
Boot in the Recovery Environment
  • To enter the Recovery Environment with Windows Vista and Windows 7, follow the instructions below:
    • Restart the computer
    • Once you've seen your BIOS splashscreen (the computer manufacturer logo), tap the F8 key repeatedly until the Advanced Boot Options menu appears
    • Use the arrow keys to select Repair your computer, and press on Enter
    • Select your keyboard layout (US, French, etc.) and click on Next
    • Click on Command Prompt to open the command prompt
      Note: If you can't access the Recovery Environment using the F8 method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on SevenForums.
  • To enter the Recovery Environment with Windows 8 or Windows 8.1, follow the instructions in this tutorial on EightForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial.
  • To enter the Recovery Environment with Windows 10, follow the instructions in this tutorial on TenForums
    Note: If you can't access the Recovery Environment using the method above, you'll need to create a Windows installation or repair media. It can be made on the computer itself or another one running the same version of Windows as the one you plan to use it on. For more information, check out this tutorial on TenForums.
  • Once in the Windows RE, plug the USB Flash Drive in the computer
Once in the command prompt
  • In the command prompt, type notepad and press on Enter
  • Notepad will open. Click on the File menu and select Open
  • Click on Computer/This PC, find the letter for your USB Flash Drive, then close the window and Notepad
  • In the command prompt, type e:\frst.exe (for the x64 version, type e:\frst64.exe and press on Enter
  • Note: Replace the letter e with the drive letter of your USB Flash Drive
  • FRST will open
  • Click on Yes to accept the disclaimer
  • Click on the Scan button and wait for the scan to complete
  • A log called FRST.txt will be saved on your USB Flash Drive. Attach it in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 10:03 AM

I currently only have one flash drive and it has been in my infected machine since yesterday while I was trying to make a bootable linux drive. What steps can I take to prepare this flash drive for use in a different clean computer?



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 10:04 AM

You'll be able to use that USB Flash Drive on your clean computer. SmartService doesn't infect USB Flash Drive, it'll just corrupt the FRST executable or fixlist.txt if it sees it on the USB.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 10:08 AM

So to reiterate, I need a USB drive (In my case, I need to clean it out since it's prepared as a linux boot drive and I can't write anything on it currently), then take the USB drive into a clean, uninfected computer, download Farbar onto that computer, transfer it onto the flash drive, the take the flash drive out, then return to my infected computer, and after insertnig the flash drive into the infected system, I reboot the computer into recovery mode and follow the rest of your instructions?



#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 11:18 AM

and after insertnig the flash drive into the infected system, I reboot the computer into recovery mode and follow the rest of your instructions?


No, you need to insert the USB on the infected computer only when it is either shutdown or already in the Windows RE. If the USB is plugged in and you boot into Windows, SmartService will corrupt the FRST executable on it.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 11:32 AM

I made sure to wait before the computer was off. Inserted the flash drive after I was safely in recovery mode. The following is the FRST log from the resulting scan.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14.03.2018
Ran by SYSTEM on MININT-H05MLM3 (07-04-2018 11:30:23)
Running from G:\
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1353680 2016-11-14] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [298296 2018-01-22] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [3146704 2017-05-09] (Malwarebytes)
HKU\Roy\...\Run: [Steam] => "E:\Steam\steam.exe" -silent
HKU\Roy\...\Run: [Jing] => C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2911224 2015-09-11] (TechSmith Corporation)
HKU\Roy\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\Roy\...\Run: [GoogleChromeAutoLaunch_33D22A5565F5D10B364D87CB9F5A5723] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [1589592 2018-03-19] (Google Inc.)
HKU\Roy\...\Run: [Spotify Web Helper] => C:\Users\Roy\AppData\Roaming\Spotify\SpotifyWebHelper.exe [782736 2018-04-06] (Spotify Ltd)
GroupPolicy: Restriction - Chrome <==== ATTENTION
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
"HKLM\System\ControlSet001\Services\lbxonp" => removed successfully
C:\Windows\System32\drivers\iahzcfim.sys => moved successfully
C:\Users\Roy\AppData\Local\wesbgoh\redcxgb.exe => moved successfully
C:\Users\Roy\AppData\Local\wesbgoh\wesbgoh.exe => moved successfully
C:\Users\Roy\AppData\Local\wmcagent\wmcagent.exe => moved successfully
C:\Users\Roy\AppData\Local\wmcagent\wow_helper.exe => moved successfully
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2018-01-05] (Apple Inc.)
S4 Disc Soft Lite Bus Service; C:\Program Files (x86)\DAEMON Tools Lite\DiscSoftBusServiceLite.exe [2291904 2017-08-14] (Disc Soft Ltd)
S4 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [8135752 2018-03-24] (GOG.com)
S4 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4470736 2017-05-09] (Malwarebytes)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [119864 2016-11-14] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [361816 2016-11-14] (Microsoft Corporation)
S4 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2122248 2016-06-09] (Electronic Arts)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-08-01] ()
S4 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [497664 2013-02-19] ()
S4 Remotr Service; C:\Program Files (x86)\Remotr\RemotrService.exe [207480 2017-02-27] (RemoteMyApp sp. z o.o.)
S4 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [11294448 2018-03-09] (TeamViewer GmbH)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [15775888 2017-08-09] (Copyright 2017.)
S4 DAUpdaterSvc; E:\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [X]
S4 GalaxyClientService; "E:\GOG Galaxy\GOG Galaxy\GalaxyClientService.exe" [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2012-01-06] (Asmedia Technology)
S0 asstor64; C:\Windows\System32\DRIVERS\asstor64.sys [93176 2018-04-06] (Asmedia Technology)
S1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [66928 2013-02-19] (Qualcomm Atheros, Inc.)
S3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30264 2017-10-02] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\DRIVERS\dtliteusbbus.sys [47672 2017-10-02] (Disc Soft Ltd)
S1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2013-03-28] ()
S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2018-04-06] (Intel Corporation)
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-18] ()
S3 Ke2200; C:\Windows\System32\DRIVERS\e22w7x64.sys [165824 2013-02-19] (Qualcomm Atheros, Inc.)
S3 KillerEth; C:\Windows\System32\DRIVERS\e2xw7x64.sys [134296 2016-02-12] (Qualcomm Atheros, Inc.)
S2 MBAMChameleon; C:\Windows\system32\drivers\MBAMChameleon.sys [187320 2018-04-07] (Malwarebytes)
S3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [113592 2018-04-07] (Malwarebytes)
S3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2018-04-07] (Malwarebytes)
S1 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [251832 2018-04-07] (Malwarebytes)
S3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [84256 2018-04-07] (Malwarebytes)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [295000 2016-08-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [135928 2016-08-25] (Microsoft Corporation)
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-15] (CACE Technologies, Inc.)
S4 secdrv; C:\Windows\SysWow64\Drivers\secdrv.sys [11376 2015-09-14] ()
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S1 VBoxUSBMon; C:\Windows\System32\DRIVERS\VBoxUSBMon.sys [133248 2016-07-06] (BigNox Corporation)
S3 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]
S2 memudrv; \??\E:\Memu\MEmuHyperv\MEmuDrv.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S1 msidntfs; system32\drivers\msidntfs.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S1 ZAM; \??\C:\Windows\System32\drivers\zam64.sys [X]
S1 ZAM_Guard; \??\C:\Windows\System32\drivers\zamguard64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 06:55 - 2018-04-07 06:55 - 000000755 _____ C:\Users\Roy\Desktop\Fixlog.txt
2018-04-07 06:55 - 2018-04-07 06:55 - 000000000 ____D C:\Users\Roy\AppData\Local\csowuvl
2018-04-07 05:22 - 2018-04-07 05:22 - 000001202 _____ C:\Users\Roy\Desktop\mbar log.txt
2018-04-07 05:18 - 2018-04-07 06:54 - 000251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2018-04-07 05:18 - 2018-04-07 06:54 - 000113592 _____ (Malwarebytes) C:\Windows\System32\Drivers\farflt.sys
2018-04-07 05:18 - 2018-04-07 06:54 - 000043968 _____ (Malwarebytes) C:\Windows\System32\Drivers\mbam.sys
2018-04-07 05:18 - 2018-04-07 05:18 - 000187320 _____ (Malwarebytes) C:\Windows\System32\Drivers\MBAMChameleon.sys
2018-04-07 05:18 - 2018-04-07 05:18 - 000084256 _____ (Malwarebytes) C:\Windows\System32\Drivers\mwac.sys
2018-04-07 05:18 - 2018-04-07 05:18 - 000001867 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2018-04-07 05:18 - 2017-05-09 13:37 - 000077440 _____ C:\Windows\System32\Drivers\mbae64.sys
2018-04-07 05:16 - 2018-04-07 05:16 - 000065934 _____ C:\Users\Roy\Desktop\Addition.txt
2018-04-07 05:16 - 2018-04-07 05:16 - 000000000 ____D C:\Users\Roy\AppData\Local\vsdxwrn
2018-04-07 05:15 - 2018-04-07 11:30 - 000000000 ____D C:\FRST
2018-04-07 05:15 - 2018-04-07 05:16 - 000079702 _____ C:\Users\Roy\Desktop\FRST.txt
2018-04-07 05:15 - 2018-04-07 05:15 - 002403328 _____ (Farbar) C:\Users\Roy\Desktop\FRST64.exe
2018-04-07 05:02 - 2018-04-07 05:02 - 000000000 ____D C:\Users\Roy\AppData\Local\lmeznhw
2018-04-07 04:26 - 2018-04-07 04:26 - 000000000 ____D C:\Users\Roy\AppData\Local\wdeiuba
2018-04-07 04:21 - 2018-04-07 04:21 - 000000000 ____D C:\Users\Roy\AppData\Local\simlned
2018-04-07 03:46 - 2018-04-07 03:46 - 000000000 ____D C:\Users\Roy\AppData\Local\weagklv
2018-04-07 00:22 - 2018-04-07 00:22 - 000000000 ____D C:\Users\Roy\AppData\Local\vsmdrhb
2018-04-07 00:17 - 2018-04-07 00:17 - 005659794 _____ (Swearware) C:\Users\Roy\Desktop\ComboFix.exe
2018-04-06 23:51 - 2018-04-06 23:51 - 000000000 ____D C:\Users\Roy\AppData\Local\wdimuhk
2018-04-06 23:13 - 2018-04-06 23:13 - 000000000 ____D C:\Users\Roy\AppData\Local\reigwpu
2018-04-06 22:39 - 2018-04-06 22:39 - 000000000 ____D C:\Users\Roy\AppData\Local\pcdsvte
2018-04-06 22:38 - 2018-04-06 22:38 - 000251832 _____ (Malwarebytes) C:\Windows\System32\Drivers\65E86131.sys
2018-04-06 22:27 - 2018-04-07 11:30 - 000000000 ____D C:\Users\Roy\AppData\Local\wesbgoh
2018-04-06 22:27 - 2018-04-06 22:27 - 000000000 ____D C:\Users\Roy\AppData\Local\wislopr
2018-04-06 21:39 - 2018-04-06 21:39 - 000000000 ____D C:\Users\Roy\AppData\Local\cgrmvos
2018-04-06 20:43 - 2018-04-06 20:43 - 000000000 ____D C:\Users\Roy\Desktop\rufus_files
2018-04-06 20:37 - 2018-04-06 20:37 - 000967800 _____ (Akeo Consulting (hxxp://akeo.ie)) C:\Users\Roy\Desktop\rufus-2.18.exe
2018-04-06 20:35 - 2018-04-06 20:35 - 000000000 ____D C:\Users\Roy\AppData\Local\mbbwvrd
2018-04-06 17:15 - 2018-04-06 17:15 - 000000000 ____D C:\Users\Roy\AppData\Local\dwdhcpi
2018-04-06 16:00 - 2018-04-06 16:00 - 000000000 ____D C:\Users\Roy\AppData\Local\zakugoi
2018-04-06 15:49 - 2018-04-06 15:49 - 000000000 ____D C:\Users\Roy\AppData\Local\scmhwol
2018-04-06 15:44 - 2018-04-06 15:44 - 000000000 ____D C:\Users\Roy\AppData\Local\zanxmph
2018-04-06 15:39 - 2018-04-06 15:40 - 002200160 _____ (KC Softwares ) C:\Users\Roy\Desktop\portexpert_lite.exe
2018-04-06 15:33 - 2018-04-06 15:33 - 000000000 ____D C:\Users\Roy\AppData\Local\sekwnid
2018-04-06 15:28 - 2018-04-06 15:29 - 000000000 ____D C:\AdwCleaner
2018-04-06 15:28 - 2018-04-06 15:28 - 000000000 ____D C:\Users\Roy\AppData\Local\svexrol
2018-04-06 15:27 - 2018-04-06 15:27 - 008222496 _____ (Malwarebytes) C:\Users\Roy\Desktop\adwcleaner_7.0.8.0.exe
2018-04-06 15:24 - 2018-04-06 15:24 - 000012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe
2018-04-06 15:20 - 2018-04-06 15:20 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Roy\Desktop\rkill.exe
2018-04-06 15:19 - 2018-04-06 15:19 - 011605440 _____ (SurfRight B.V.) C:\Users\Roy\Desktop\hitmanpro_x64.exe
2018-04-06 15:16 - 2018-04-06 15:17 - 125915360 _____ (Microsoft Corporation) C:\Users\Roy\Desktop\msert.exe
2018-04-06 15:06 - 2018-04-06 15:06 - 000000000 ____D C:\Users\Roy\AppData\Local\cgkares
2018-04-06 14:55 - 2018-04-07 04:24 - 000590376 _____ C:\Windows\ntbtlog.txt
2018-04-06 14:47 - 2018-04-06 14:47 - 000003512 _____ C:\cc_20180406_174706.reg
2018-04-06 14:47 - 2018-04-06 14:47 - 000000524 _____ C:\cc_20180406_174753.reg
2018-04-06 14:47 - 2018-04-06 14:47 - 000000298 _____ C:\cc_20180406_174727.reg
2018-04-06 14:47 - 2018-04-06 14:47 - 000000194 _____ C:\cc_20180406_174739.reg
2018-04-06 14:46 - 2018-04-06 14:46 - 000109504 _____ C:\cc_20180406_174634.reg
2018-04-06 14:45 - 2018-04-06 14:45 - 000000300 ____H C:\Windows\Tasks\CCleaner Update.job
2018-04-06 14:45 - 2018-04-06 14:45 - 000000000 ____D C:\Users\Roy\AppData\Local\dwhbrta
2018-04-06 14:44 - 2018-04-06 14:45 - 015333512 _____ (Piriform Ltd) C:\Users\Roy\Desktop\ccsetup541.exe
2018-04-06 14:26 - 2018-04-06 15:21 - 000003262 _____ C:\Users\Roy\Desktop\Rkill.txt
2018-04-06 13:22 - 2018-04-06 13:22 - 000000000 ____D C:\Users\Roy\Desktop\memtest86
2018-04-06 13:20 - 2018-04-06 13:20 - 000000000 ____D C:\Program Files\Unlocker
2018-04-06 13:17 - 2018-04-06 13:17 - 000346112 _____ C:\Users\Roy\Desktop\Unlocker x64 1.9.2.msi
2018-04-06 13:16 - 2018-04-06 13:16 - 000000000 ____D C:\Users\Roy\AppData\Local\scaepit
2018-04-06 13:13 - 2018-04-06 13:13 - 000892944 _____ (Microsoft Corporation) C:\Users\Roy\Desktop\mssstool64.exe
2018-04-06 13:09 - 2018-04-06 13:09 - 000000000 ____D C:\Users\Roy\AppData\Local\ElevatedDiagnostics
2018-04-06 13:02 - 2018-04-06 13:02 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\565122D0.sys
2018-04-06 12:41 - 2018-04-06 12:41 - 000000000 ____D C:\Users\Roy\AppData\Local\pscdxgh
2018-04-06 12:21 - 2018-04-06 15:25 - 000050476 _____ C:\Windows\ZAM_Guard.krnl.trace
2018-04-06 12:21 - 2018-04-06 15:05 - 000046010 _____ C:\Windows\ZAM.krnl.trace
2018-04-06 12:21 - 2018-04-06 15:05 - 000000000 ____D C:\Program Files (x86)\Zemana AntiMalware
2018-04-06 12:21 - 2018-04-06 12:21 - 000000000 ____D C:\Users\Roy\AppData\Local\Zemana
2018-04-06 12:20 - 2018-04-06 12:21 - 006625600 _____ (Zemana Ltd. ) C:\Users\Roy\Desktop\Zemana.AntiMalware.Setup.exe
2018-04-06 12:18 - 2018-04-06 12:19 - 000027752 _____ C:\TDSSKiller.3.1.0.16_06.04.2018_15.18.58_log.txt
2018-04-06 12:09 - 2018-04-06 13:09 - 000000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2018-04-06 12:09 - 2018-04-06 12:09 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\26613416.sys
2018-04-06 11:49 - 2018-04-06 11:49 - 000000000 ____D C:\Users\Roy\AppData\Local\dsnghal
2018-04-06 11:39 - 2018-04-06 11:39 - 000000000 ____D C:\Users\Roy\AppData\Local\wdabosv
2018-04-06 11:24 - 2018-04-06 23:44 - 000000000 ____D C:\Users\Roy\AppData\LocalLow\Mozilla
2018-04-06 11:24 - 2018-04-06 11:24 - 000000000 ____D C:\Program Files\Mozilla Firefox
2018-04-06 11:23 - 2018-04-06 11:23 - 000313520 _____ (Mozilla) C:\Users\Roy\Desktop\Firefox Installer.exe
2018-04-06 11:04 - 2018-04-06 11:04 - 000000000 ____D C:\Users\Roy\AppData\Local\wmsoxrp
2018-04-06 10:57 - 2018-04-06 10:57 - 000044744 _____ C:\Windows\System32\Drivers\ISCTD.sys
2018-04-06 10:57 - 2018-04-06 10:57 - 000000000 ____H C:\Windows\System32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2018-04-06 10:57 - 2018-04-06 10:57 - 000000000 ____D C:\Users\Roy\Intel
2018-04-06 10:50 - 2018-04-06 10:50 - 000000000 ____D C:\Users\Roy\AppData\Local\wmkdpsc
2018-04-06 10:47 - 2018-04-06 10:47 - 000000000 ____D C:\Users\Roy\AppData\Local\dsbpugv
2018-04-06 10:45 - 2018-04-06 10:45 - 000672104 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorA.sys
2018-04-06 10:45 - 2018-04-06 10:45 - 000028008 _____ (Intel Corporation) C:\Windows\System32\Drivers\iaStorF.sys
2018-04-06 10:37 - 2018-04-06 10:37 - 000000000 ____D C:\Users\Roy\AppData\Local\wiomsgc
2018-04-06 09:20 - 2018-04-06 09:20 - 000000000 ____D C:\Users\Roy\AppData\Local\csnmwuz
2018-04-06 07:08 - 2018-04-06 07:08 - 008224188 _____ C:\Users\Roy\Desktop\memtest86-usb.zip
2018-04-06 06:58 - 2018-04-06 06:58 - 000093176 _____ (Asmedia Technology) C:\Windows\System32\Drivers\asstor64.sys
2018-04-06 06:56 - 2018-04-06 22:40 - 000000000 ____D C:\Users\Roy\AppData\Roaming\Easeware
2018-04-06 06:56 - 2018-04-06 06:56 - 004068952 _____ (Easeware ) C:\Users\Roy\Desktop\DriverEasy_Setup.exe
2018-04-06 06:54 - 2018-04-06 06:54 - 000085380 _____ C:\Users\Roy\Desktop\bluescreenview-x64.zip
2018-04-06 06:53 - 2018-04-06 07:06 - 000000418 _____ C:\Windows\Minidump\WinCrashReport.cfg
2018-04-06 06:52 - 2016-07-31 19:41 - 000294096 _____ (NirSoft) C:\Windows\Minidump\WinCrashReport.exe
2018-04-06 06:52 - 2016-07-31 19:40 - 000067152 _____ C:\Windows\Minidump\WinCrashReport.chm
2018-04-06 06:51 - 2018-04-06 07:14 - 000000000 ____D C:\Users\Roy\Desktop\WinCrashReport
2018-04-06 06:51 - 2018-04-06 06:51 - 000207707 _____ C:\Users\Roy\Desktop\wincrashreport-x64.zip
2018-04-06 06:47 - 2018-04-06 06:47 - 000000000 ____D C:\Users\Roy\AppData\Local\cgdvkuw
2018-04-06 06:46 - 2018-04-06 06:46 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\244797E0.sys
2018-04-06 06:36 - 2018-04-06 06:36 - 000000000 ____D C:\Users\Roy\AppData\Local\sbmwupx
2018-04-06 06:26 - 2018-04-06 06:26 - 000000000 ____D C:\Users\Roy\AppData\Local\cwbguev
2018-04-06 06:15 - 2018-04-06 06:25 - 000255928 _____ (Malwarebytes) C:\Windows\System32\Drivers\33597600.sys
2018-04-06 06:14 - 2018-04-06 06:14 - 014178840 _____ (Malwarebytes Corp.) C:\Users\Roy\Desktop\mbar-1.10.3.1001.exe
2018-04-06 06:14 - 2018-04-06 06:14 - 000000000 ____D C:\Users\Roy\Desktop\MWB
2018-04-06 05:43 - 2018-04-06 05:43 - 000000000 ____D C:\Users\Roy\Desktop\ProcessExplorer
2018-04-06 05:35 - 2018-04-06 05:35 - 000000692 _____ C:\Users\Roy\AppData\Local\recently-used.xbel
2018-04-05 13:28 - 2018-04-05 13:28 - 000051234 _____ C:\Users\Roy\Desktop\spider-manhomecoming2017720pblurayx264-ytsag-english-115187.zip
2018-04-05 07:04 - 2018-04-05 07:04 - 000000000 ____D C:\Users\Roy\AppData\Local\vsonzgk
2018-04-05 06:43 - 2018-04-05 06:43 - 000000000 ____D C:\Users\Roy\AppData\Local\wdsmvbh
2018-04-05 04:55 - 2018-04-05 04:55 - 000000000 ____D C:\Users\Roy\AppData\Local\iablzxt
2018-04-04 22:30 - 2018-04-04 22:30 - 000000000 ____D C:\Users\Roy\AppData\Local\spiluhc
2018-04-04 22:27 - 2018-04-04 22:27 - 000000000 ____D C:\Users\Roy\AppData\Local\wendokx
2018-04-04 22:00 - 2018-04-04 22:00 - 000000000 ____D C:\Users\Roy\AppData\Local\cwdisnl
2018-04-04 13:14 - 2018-04-04 13:14 - 000000000 ____D C:\Users\Roy\AppData\Local\siblnpk
2018-04-04 13:03 - 2018-04-04 13:03 - 000000000 ____D C:\Users\Roy\AppData\Local\uscbxre
2018-04-04 11:21 - 2018-04-04 11:21 - 000000000 ____D C:\Users\Roy\AppData\Local\dssievp
2018-04-04 11:18 - 2018-04-04 11:18 - 000000000 ____D C:\Users\Roy\AppData\LocalLow\AMD
2018-04-04 11:17 - 2018-04-04 11:17 - 000003146 _____ C:\Windows\System32\Tasks\StartCN
2018-04-04 11:17 - 2018-04-04 11:17 - 000003060 _____ C:\Windows\System32\Tasks\StartDVR
2018-04-04 11:16 - 2018-04-04 11:16 - 000000000 ____D C:\Users\Roy\AppData\Local\wembhpt
2018-04-04 11:16 - 2018-04-04 11:16 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2018-04-04 08:42 - 2018-04-04 10:59 - 000000000 ____D C:\Users\Roy\AppData\Roaming\obs-studio
2018-04-04 08:41 - 2018-04-04 08:41 - 000001198 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2018-04-04 08:41 - 2018-04-04 08:41 - 000000000 ____D C:\Program Files (x86)\obs-studio
2018-04-04 07:55 - 2018-04-04 07:55 - 000000000 ____D C:\Users\Roy\AppData\Local\atixwog
2018-04-04 07:54 - 2018-04-04 07:54 - 000002255 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2018-04-04 07:53 - 2018-04-07 06:54 - 000000000 ____D C:\Windows\Minidump
2018-04-04 07:53 - 2018-04-04 07:53 - 000003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2018-04-04 07:53 - 2018-04-04 07:53 - 000003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2018-04-04 07:21 - 2018-04-04 07:21 - 000000000 ____D C:\Users\Roy\AppData\Local\iarxctl
2018-04-04 07:14 - 2018-04-04 07:14 - 000000000 ____D C:\Users\Roy\AppData\Local\lmiewrk
2018-04-04 07:10 - 2018-04-06 15:24 - 000000762 _____ C:\Windows\System32\.crusader
2018-04-04 07:07 - 2018-04-04 07:10 - 000000000 ____D C:\ProgramData\HitmanPro
2018-04-04 07:07 - 2018-04-04 07:07 - 000000000 ____D C:\Users\Roy\AppData\Local\lmctaxw
2018-04-04 06:56 - 2018-04-07 11:30 - 000000000 ____D C:\Users\Roy\AppData\Local\wmcagent
2018-04-04 06:56 - 2018-04-06 12:08 - 000000000 ____D C:\Users\Roy\AppData\Local\nieoduh
2018-04-04 06:53 - 2018-04-04 06:53 - 000000000 ____D C:\Users\Roy\AppData\Local\rankusi
2018-04-04 06:49 - 2018-04-04 07:11 - 000000258 __RSH C:\Users\Roy\ntuser.pol
2018-04-04 06:46 - 2018-04-04 06:46 - 001802704 _____ (Bleeping Computer, LLC) C:\Users\Roy\Downloads\rkill.exe
2018-04-04 06:46 - 2018-04-04 06:46 - 000000000 ____D C:\Users\Roy\AppData\Local\nicbovz
2018-04-04 06:41 - 2018-04-04 06:42 - 008222496 _____ (Malwarebytes) C:\Users\Roy\Downloads\adwcleaner_7.0.8.0.exe
2018-04-04 06:41 - 2018-04-04 06:41 - 000000000 ____D C:\Users\Roy\AppData\Local\svnpgwb
2018-04-04 06:31 - 2018-04-04 06:31 - 000000000 ____D C:\Users\Roy\AppData\Local\atrlcip
2018-04-04 06:28 - 2018-04-06 20:57 - 000004388 __RSH C:\ProgramData\ntuser.pol
2018-04-04 06:28 - 2018-04-04 06:34 - 000000000 ____D C:\ProgramData\e43ce24b-6627-4c76-ad93-b99ccc87a0ac
2018-04-04 06:27 - 2018-04-04 07:15 - 000000000 ____D C:\Windat
2018-04-04 06:27 - 2018-04-04 07:15 - 000000000 ____D C:\Dapp
2018-04-04 06:26 - 2018-04-04 06:26 - 000000000 ____D C:\Users\Roy\AppData\Local\wmanudz
2018-04-04 06:21 - 2018-04-04 06:21 - 000000000 ____D C:\Program Files\Malwarebytes
2018-04-04 06:20 - 2018-04-04 06:20 - 000000000 ____D C:\Users\Roy\AppData\Local\vdkomrz
2018-04-04 06:12 - 2018-04-04 06:12 - 000000000 ____D C:\Users\Roy\AppData\Local\rtkndgo
2018-04-04 06:08 - 2018-04-04 06:08 - 000000000 ____D C:\Users\Roy\AppData\Local\wdbtnac
2018-04-04 06:08 - 2018-04-04 06:08 - 000000000 ____D C:\Users\Roy\AppData\Local\avanidg
2018-04-04 06:06 - 2018-04-07 06:54 - 002888704 _____ C:\Windows\System32\coihbpzsvc.exe
2018-04-04 06:05 - 2018-04-04 06:05 - 000000012 _____ C:\Windows\b2646823
2018-04-04 06:04 - 2018-04-06 06:22 - 000000000 ___HD C:\Program Files (x86)\biscuit
2018-04-04 06:04 - 2018-04-04 07:14 - 000000000 ___HD C:\Program Files (x86)\Herodian
2018-04-04 06:04 - 2018-04-04 07:14 - 000000000 ____D C:\Program Files (x86)\Sunup
2018-04-04 06:04 - 2018-04-04 07:14 - 000000000 ____D C:\Program Files (x86)\praised
2018-04-04 06:04 - 2018-04-04 07:14 - 000000000 ____D C:\Program Files (x86)\caucasian
2018-04-04 06:04 - 2018-04-04 06:20 - 000929792 _____ C:\Users\Roy\AppData\Local\sham.db
2018-04-04 06:04 - 2018-04-04 06:04 - 000140800 _____ C:\Users\Roy\AppData\Local\installer.dat
2018-04-04 06:04 - 2018-04-04 06:04 - 000003948 _____ C:\Windows\System32\Tasks\astral pentecostal worksheets
2018-04-04 06:04 - 2018-04-04 06:04 - 000003932 _____ C:\Windows\System32\Tasks\interrupter resuscitating
2018-04-04 06:04 - 2018-04-04 06:04 - 000003902 _____ C:\Windows\System32\Tasks\debs_reflectors
2018-04-04 06:04 - 2018-04-04 06:04 - 000003892 _____ C:\Windows\System32\Tasks\firebug_leisurely
2018-04-04 06:04 - 2018-04-04 06:04 - 000003888 _____ C:\Windows\System32\Tasks\certify-schama
2018-04-04 06:04 - 2018-04-04 06:04 - 000003866 _____ C:\Windows\System32\Tasks\drool
2018-04-04 06:04 - 2018-04-04 06:04 - 000003860 _____ C:\Windows\System32\Tasks\likely
2018-04-04 06:04 - 2018-04-04 06:04 - 000003778 _____ C:\Windows\System32\Tasks\Saastral pentecostal worksheetsastral pentecostal worksheets
2018-04-04 06:04 - 2018-04-04 06:04 - 000003764 _____ C:\Windows\System32\Tasks\Sainterrupter resuscitatinginterrupter resuscitating
2018-04-04 06:04 - 2018-04-04 06:04 - 000003732 _____ C:\Windows\System32\Tasks\Sadebs_reflectorsdebs_reflectors
2018-04-04 06:04 - 2018-04-04 06:04 - 000003722 _____ C:\Windows\System32\Tasks\Safirebug_leisurelyfirebug_leisurely
2018-04-04 06:04 - 2018-04-04 06:04 - 000003718 _____ C:\Windows\System32\Tasks\Sacertify-schamacertify-schama
2018-04-04 06:04 - 2018-04-04 06:04 - 000003696 _____ C:\Windows\System32\Tasks\Sadrooldrool
2018-04-04 06:04 - 2018-04-04 06:04 - 000003690 _____ C:\Windows\System32\Tasks\Salikelylikely
2018-04-04 06:02 - 2018-04-04 06:02 - 000000000 ____D C:\Windows\SysWOW64\avagdib
2018-04-04 06:02 - 2018-04-04 06:02 - 000000000 ____D C:\Windows\System32\avagdib
2018-04-04 06:01 - 2018-04-04 07:10 - 000000000 ____D C:\Program Files (x86)\fly
2018-04-04 06:01 - 2018-04-04 06:02 - 000000000 ____D C:\ProgramData\Windows
2018-04-04 06:01 - 2018-04-04 06:01 - 000194048 _____ C:\Users\Roy\AppData\Local\install.dll
2018-04-04 06:01 - 2018-04-04 06:01 - 000003638 _____ C:\Windows\System32\Tasks\{64CA1230-7A84-6655-EE49-02634D41139B}
2018-04-04 06:01 - 2018-04-04 06:01 - 000003440 _____ C:\Windows\System32\Tasks\{A342BD3F-4BBC-F9D5-6C4F-31A7711822DB}
2018-04-04 06:01 - 2018-04-04 06:01 - 000003072 _____ C:\Users\Roy\AppData\Local\install_UEFIConfig.exe
2018-04-04 06:01 - 2018-04-04 06:01 - 000000003 _____ C:\Users\Roy\AppData\Local\wbem.ini
2018-04-04 06:01 - 2018-04-04 06:01 - 000000000 ____D C:\Users\Roy\AppData\Roaming\et
2018-04-02 10:15 - 2018-04-02 10:15 - 000037094 _____ C:\Windows\uninstaller.dat
2018-04-01 10:29 - 2018-04-01 10:31 - 057706378 _____ C:\Users\Roy\Desktop\I0SUSYYIUE8Y1517362143803.zip
2018-03-30 06:40 - 2018-03-28 00:31 - 005583040 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2018-03-30 06:40 - 2018-03-28 00:09 - 004046016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2018-03-30 06:40 - 2018-03-28 00:09 - 004026048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2018-03-30 06:40 - 2018-03-08 19:39 - 000708288 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2018-03-30 06:40 - 2018-03-08 19:39 - 000262336 _____ (Microsoft Corporation) C:\Windows\System32\hal.dll
2018-03-30 06:40 - 2018-03-08 19:39 - 000154816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2018-03-30 06:40 - 2018-03-08 19:39 - 000095424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2018-03-30 06:40 - 2018-03-08 19:18 - 000631640 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2018-03-30 06:40 - 2018-03-08 19:09 - 001665336 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 001461248 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 001212928 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 001163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000880640 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000731648 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000690688 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000463872 _____ (Microsoft Corporation) C:\Windows\System32\certcli.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000419840 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000361984 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000345600 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000316928 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000312320 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000215552 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000210432 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000190464 _____ (Microsoft Corporation) C:\Windows\System32\rpchttp.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000123904 _____ (Microsoft Corporation) C:\Windows\System32\bcrypt.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000094720 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000059904 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000044032 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000043520 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000034816 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000007168 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 19:06 - 000003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:47 - 001314064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 001114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000554496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000261120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000254464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000070144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:43 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:38 - 000148480 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2018-03-30 06:40 - 2018-03-08 18:38 - 000062464 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2018-03-30 06:40 - 2018-03-08 18:38 - 000017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2018-03-30 06:40 - 2018-03-08 18:37 - 000064512 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2018-03-30 06:40 - 2018-03-08 18:34 - 000338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2018-03-30 06:40 - 2018-03-08 18:34 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\videoprt.sys
2018-03-30 06:40 - 2018-03-08 18:33 - 000296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2018-03-30 06:40 - 2018-03-08 18:31 - 000160256 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2018-03-30 06:40 - 2018-03-08 18:30 - 000291328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2018-03-30 06:40 - 2018-03-08 18:30 - 000129536 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2018-03-30 06:40 - 2018-03-08 18:29 - 000112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2018-03-30 06:40 - 2018-03-08 18:29 - 000030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2018-03-30 06:40 - 2018-03-08 18:26 - 000050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2018-03-30 06:40 - 2018-03-08 18:22 - 000036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2018-03-30 06:40 - 2018-03-08 18:22 - 000025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2018-03-30 06:40 - 2018-03-08 18:22 - 000014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2018-03-30 06:40 - 2018-03-08 18:22 - 000007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2018-03-30 06:40 - 2018-03-08 18:22 - 000002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2018-03-30 06:40 - 2018-03-08 18:21 - 000006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:21 - 000004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:21 - 000003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2018-03-30 06:40 - 2018-03-08 18:21 - 000003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2018-03-30 06:40 - 2018-02-18 13:34 - 000634272 _____ (Microsoft Corporation) C:\Windows\System32\winload.exe
2018-03-29 18:51 - 2018-03-29 18:51 - 000000000 ____D C:\Users\Roy\AppData\Roaming\twitch-electron
2018-03-28 13:36 - 2018-03-28 16:37 - 000000000 ____D C:\Users\Roy\Desktop\Eternal Draft
2018-03-24 22:11 - 2018-03-24 22:11 - 000000000 ____D C:\Users\Roy\AppData\LocalLow\CDProjektRED
2018-03-24 22:03 - 2018-03-24 22:11 - 000000975 _____ C:\Users\Public\Desktop\Gwent.lnk
2018-03-24 22:03 - 2018-03-24 22:11 - 000000000 ____D C:\ProgramData\GOG.com
2018-03-24 22:03 - 2018-03-24 22:03 - 000000693 _____ C:\Users\Public\Desktop\GOG Galaxy.lnk
2018-03-24 22:03 - 2018-03-24 22:03 - 000000000 ____D C:\Users\Roy\AppData\Local\GOG.com
2018-03-22 15:50 - 2018-03-22 15:50 - 000155688 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\amdihk64.dll
2018-03-22 15:50 - 2018-03-22 15:50 - 000126848 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdihk32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 016191280 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 013408184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 011771056 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 009574032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 001972096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 001563704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000547208 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Rapidfire64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000536968 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys
2018-03-22 14:50 - 2018-03-22 14:50 - 000475016 _____ (AMD) C:\Windows\System32\atitmm64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000470920 _____ C:\Windows\System32\dgtrayicon.exe
2018-03-22 14:50 - 2018-03-22 14:50 - 000461192 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\Rapidfire.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000449416 _____ C:\Windows\System32\GameManager64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000357256 _____ C:\Windows\SysWOW64\GameManager32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000349064 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIODE.exe
2018-03-22 14:50 - 2018-03-22 14:50 - 000196400 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000173216 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000170888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\mantle64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000161344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000149896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\mantleaxl64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000143864 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000141704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000126344 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000124808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000115592 _____ (AMD) C:\Windows\System32\atimuixx.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000067464 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIODCLI.exe
2018-03-22 14:50 - 2018-03-22 14:50 - 000036232 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\RapidFireServer64.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000033160 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\RapidFireServer.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000009936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\detoured.dll
2018-03-22 14:50 - 2018-03-22 14:50 - 000009936 _____ (Microsoft Corporation) C:\Windows\System32\detoured.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 065594248 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 015728520 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 015434120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdmantle64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 014318984 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 012924808 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 012359728 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 011825664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 001055624 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxx.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000866184 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\amdlvr64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000700296 _____ (AMD) C:\Windows\System32\atieclxx.exe
2018-03-22 14:49 - 2018-03-22 14:49 - 000694152 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdlvr32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000472456 _____ (AMD) C:\Windows\System32\atiesrxx.exe
2018-03-22 14:49 - 2018-03-22 14:49 - 000458632 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atidemgy.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000405384 _____ C:\Windows\System32\atieah64.exe
2018-03-22 14:49 - 2018-03-22 14:49 - 000342920 _____ C:\Windows\System32\clinfo.exe
2018-03-22 14:49 - 2018-03-22 14:49 - 000325512 _____ C:\Windows\SysWOW64\atieah32.exe
2018-03-22 14:49 - 2018-03-22 14:49 - 000224136 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000197000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000175288 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\amdhcp64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000165256 _____ (Khronos Group) C:\Windows\System32\OpenCL.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000153640 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000144776 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000141704 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000120680 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdave64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000111440 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000105736 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000092328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000078728 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000072072 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000068488 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2018-03-22 14:49 - 2018-03-22 14:49 - 000065416 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 051029896 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 041586568 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys
2018-03-22 14:48 - 2018-03-22 14:48 - 031553416 _____ (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl12cl64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 029525896 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 025145224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl12cl.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 016405896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdvlk64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 013984648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdvlk32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 002946440 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\amfrt64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 002554248 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amfrt32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000543624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdmcl64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000436616 _____ C:\Windows\System32\amdgfxinfo64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000373640 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmcl32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000352136 _____ C:\Windows\SysWOW64\amdgfxinfo32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000305544 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdacpksd.sys
2018-03-22 14:48 - 2018-03-22 14:48 - 000157064 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amduve64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000148360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\atisamu64.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000139144 _____ (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdmmcl6.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000135048 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amduve32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000124296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000117128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2018-03-22 14:48 - 2018-03-22 14:48 - 000060296 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll
2018-03-22 14:47 - 2018-03-22 14:47 - 035696520 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll
2018-03-22 14:06 - 2018-03-22 14:06 - 003437632 _____ C:\Windows\System32\atiumd6a.cap
2018-03-22 13:59 - 2018-03-22 13:59 - 003471376 _____ C:\Windows\SysWOW64\atiumdva.cap
2018-03-22 13:59 - 2018-03-22 13:59 - 000871840 _____ C:\Windows\SysWOW64\atiapfxx.blb
2018-03-22 13:59 - 2018-03-22 13:59 - 000871840 _____ C:\Windows\System32\atiapfxx.blb
2018-03-22 10:18 - 2018-03-22 10:18 - 000001650 _____ C:\Users\Public\Desktop\MTGArenaLauncher.lnk
2018-03-22 10:17 - 2018-03-22 10:17 - 000000069 _____ C:\Windows\SysWOW64\DeleteFiles.cmd
2018-03-16 03:46 - 2018-02-13 10:17 - 000136384 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2018-03-16 03:46 - 2018-02-13 10:10 - 000655872 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 001994752 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2018-03-16 03:46 - 2018-02-13 06:05 - 001560064 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000740864 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000600576 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000451072 _____ (Microsoft Corporation) C:\Windows\System32\centel.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000380928 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000262144 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2018-03-16 03:46 - 2018-02-13 06:05 - 000237568 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2018-03-15 10:08 - 2018-03-15 10:08 - 000000000 ____D C:\Users\Roy\AppData\LocalLow\Daedalic Entertainment GmbH
2018-03-15 10:08 - 2018-03-15 10:08 - 000000000 ____D C:\Users\Roy\AppData\Local\Daedalic Entertainment GmbH
2018-03-15 10:07 - 2018-03-15 10:07 - 000000249 _____ C:\Users\Roy\Desktop\Shadow Tactics  Blades of the Shogun.url
2018-03-14 18:36 - 2018-03-14 18:36 - 000000000 ____D C:\ProgramData\Twitch
2018-03-13 19:09 - 2018-03-13 19:09 - 000033590 _____ C:\Users\Roy\Desktop\Trinity-Volunteer-Application.pdf
2018-03-10 17:55 - 2018-03-10 17:55 - 000000000 ____D C:\Users\Roy\AppData\LocalLow\Abrakam
2018-03-08 09:31 - 2018-03-22 14:49 - 001239944 _____ (AMD) C:\Windows\System32\coinst_17.50.dll
2018-03-08 09:31 - 2018-03-08 09:31 - 001237896 _____ (AMD) C:\Windows\System32\SET8EB5.tmp
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2018-04-07 08:25 - 2009-07-13 18:34 - 019398656 _____ C:\Windows\System32\config\HARDWARE
2018-04-07 07:00 - 2013-10-31 20:58 - 000428472 _____ C:\Windows\System32\perfh012.dat
2018-04-07 07:00 - 2013-10-31 20:58 - 000120492 _____ C:\Windows\System32\perfc012.dat
2018-04-07 07:00 - 2009-07-13 21:13 - 001323096 _____ C:\Windows\System32\PerfStringBackup.INI
2018-04-07 07:00 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\inf
2018-04-07 06:54 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-13228-01.dmp
2018-04-07 06:54 - 2009-07-13 21:08 - 000000006 ____H C:\Windows\Tasks\SA.DAT
2018-04-07 06:47 - 2009-07-13 20:45 - 000026112 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2018-04-07 06:47 - 2009-07-13 20:45 - 000026112 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2018-04-07 05:18 - 2013-12-14 14:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2018-04-07 05:14 - 2017-07-03 11:18 - 000289663 ____N C:\Windows\Minidump\040718-14742-01.dmp
2018-04-07 05:01 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-12043-01.dmp
2018-04-07 04:19 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-9594-01.dmp
2018-04-07 03:44 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-13119-01.dmp
2018-04-07 00:20 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-13759-01.dmp
2018-04-06 23:59 - 2016-10-18 22:24 - 000000000 ____D C:\Users\Roy\AppData\Local\Battle.net
2018-04-06 23:59 - 2016-10-18 22:23 - 000000000 ____D C:\Program Files (x86)\Battle.net
2018-04-06 23:49 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-13213-01.dmp
2018-04-06 23:12 - 2017-07-03 11:18 - 000289867 ____N C:\Windows\Minidump\040718-15615-01.dmp
2018-04-06 22:38 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040718-13681-01.dmp
2018-04-06 21:51 - 2016-08-09 20:57 - 000065536 _____ C:\Windows\System32\spu_storage.bin
2018-04-06 20:57 - 2017-07-03 11:18 - 000290342 ____N C:\Windows\Minidump\040618-14118-01.dmp
2018-04-06 20:37 - 2009-07-13 19:20 - 000000000 ____D C:\Windows\SysWOW64\GroupPolicy
2018-04-06 15:58 - 2017-07-03 11:18 - 000290282 ____N C:\Windows\Minidump\040618-9484-01.dmp
2018-04-06 15:43 - 2017-07-03 11:18 - 000290282 ____N C:\Windows\Minidump\040618-8970-01.dmp
2018-04-06 15:26 - 2017-07-03 11:18 - 000290282 ____N C:\Windows\Minidump\040618-23493-01.dmp
2018-04-06 15:26 - 2013-07-31 01:21 - 000000000 ____D C:\users\Roy
2018-04-06 15:07 - 2013-07-31 01:21 - 000000000 ____D C:\Windows\SoftwareDistributionOld
2018-04-06 15:04 - 2009-07-13 20:45 - 000321248 _____ C:\Windows\System32\FNTCACHE.DAT
2018-04-06 14:48 - 2013-07-30 14:28 - 000068480 _____ C:\Users\Roy\AppData\Local\GDIPFONTCACHEV1.DAT
2018-04-06 14:46 - 2014-08-05 08:03 - 000000000 ____D C:\Users\Roy\AppData\Roaming\TeamViewer
2018-04-06 12:30 - 2014-12-10 08:54 - 000000000 ____D C:\Program Files\KMSpico
2018-04-06 11:24 - 2013-07-31 05:43 - 000000000 ____D C:\Users\Roy\AppData\Roaming\Mozilla
2018-04-06 11:24 - 2013-07-31 05:43 - 000000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2018-04-06 10:57 - 2013-07-31 10:15 - 000000000 ____D C:\ProgramData\Intel
2018-04-06 10:57 - 2013-07-31 10:15 - 000000000 ____D C:\Program Files\Intel
2018-04-06 06:42 - 2013-09-15 13:08 - 000000000 ____D C:\Users\Roy\AppData\Roaming\Spotify
2018-04-06 06:42 - 2013-09-15 13:08 - 000000000 ____D C:\Users\Roy\AppData\Local\Spotify
2018-04-06 06:33 - 2009-07-13 21:08 - 000032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2018-04-06 05:48 - 2017-10-01 12:48 - 000007597 _____ C:\Users\Roy\AppData\Local\Resmon.ResmonCfg
2018-04-06 05:35 - 2013-12-27 00:12 - 000000000 ____D C:\Users\Roy\AppData\Roaming\deluge
2018-04-05 17:56 - 2014-07-30 15:29 - 000000000 ____D C:\Program Files (x86)\TeamViewer
2018-04-05 13:26 - 2017-01-20 18:31 - 000000000 ____D C:\Users\Roy\Desktop\Stylist Paid out
2018-04-05 07:04 - 2013-09-04 05:10 - 000000000 ____D C:\Users\Roy\AppData\Roaming\DAEMON Tools Lite
2018-04-04 11:19 - 2015-12-01 23:18 - 000000000 ____D C:\Users\Roy\AppData\Local\AMD
2018-04-04 11:17 - 2013-11-24 21:45 - 000000000 ____D C:\Program Files (x86)\AMD
2018-04-04 11:16 - 2014-11-17 21:26 - 000000000 ____D C:\Program Files\AMD
2018-04-04 11:11 - 2017-01-27 07:23 - 000000060 _____ C:\ProgramData\SoftwareUpdateTemp.xml
2018-04-04 11:11 - 2013-07-31 01:28 - 000000000 ____D C:\AMD
2018-04-04 09:27 - 2016-10-22 00:24 - 000000000 ____D C:\Users\Roy\AppData\Roaming\vlc
2018-04-04 09:03 - 2014-12-14 08:32 - 000000000 ____D C:\Users\Roy\AppData\Roaming\AMD
2018-04-04 07:54 - 2013-07-31 10:06 - 000000000 ____D C:\Program Files (x86)\Google
2018-04-04 06:39 - 2017-10-02 06:51 - 000000000 ____D C:\Windows\pss
2018-04-04 06:28 - 2009-07-13 19:20 - 000000000 ___HD C:\Windows\System32\GroupPolicy
2018-04-04 06:24 - 2013-07-31 05:43 - 000001147 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2018-04-04 06:04 - 2013-12-05 22:51 - 000000000 ____D C:\Program Files (x86)\Mozilla Firefox
2018-03-31 16:55 - 2017-01-11 15:34 - 000000000 ____D C:\Windows\rescache
2018-03-24 22:11 - 2014-09-14 12:56 - 000000000 ____D C:\ProgramData\Package Cache
2018-03-22 14:49 - 2013-03-28 17:10 - 001462664 _____ (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll
2018-03-17 00:16 - 2014-12-11 06:36 - 000000000 ____D C:\Windows\System32\appraiser
2018-03-17 00:02 - 2013-07-31 05:32 - 000000000 ____D C:\Windows\System32\MRT
2018-03-17 00:00 - 2017-10-11 00:06 - 130364688 ____C (Microsoft Corporation) C:\Windows\System32\MRT-KB890830.exe
2018-03-17 00:00 - 2013-07-30 12:55 - 130364688 ____C (Microsoft Corporation) C:\Windows\System32\MRT.exe
2018-03-16 21:04 - 2017-12-06 07:55 - 000000959 _____ C:\Users\Public\Desktop\TeamViewer 13.lnk
2018-03-14 09:24 - 2016-07-25 22:17 - 000000000 ____D C:\Users\Roy\AppData\Local\HearthSim
2018-03-14 08:21 - 2015-09-20 21:38 - 000000000 ____D C:\Users\Roy\AppData\Roaming\HearthstoneDeckTracker
2018-03-14 06:24 - 2016-11-25 09:39 - 000000000 ____D C:\Users\Roy\AppData\Local\HearthstoneDeckTracker
2018-03-14 06:24 - 2015-11-03 22:28 - 000000000 ____D C:\Users\Roy\AppData\Local\SquirrelTemp
2018-03-13 17:13 - 2013-08-01 20:17 - 000000000 ____D C:\Users\Roy\AppData\Local\Ubisoft Game Launcher
 
Some files in TEMP:
====================
2018-04-06 13:16 - 2018-04-06 13:16 - 169149456 _____ (Microsoft Corporation) C:\Users\Roy\AppData\Local\Temp\imagepackage64.exe
2018-04-06 13:15 - 2018-04-06 13:16 - 114239200 _____ (Microsoft Corporation) C:\Users\Roy\AppData\Local\Temp\mpam-fex64.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe
[2018-01-05 06:39] - [2017-12-31 17:50] - 000455680 _____ (Microsoft Corporation) 11D6A262B617130F7C16E308C12E0D41
 
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2018-01-05 06:39] - [2017-12-31 18:18] - 000512000 _____ (Microsoft Corporation) BA6C9EE518A11DA4AD061B223EBED3D3
 
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Association (Whitelisted) =============
 
 
==================== Restore Points  =========================
 
Restore point date: 2018-04-07 03:44
 
==================== Memory info =========================== 
 
Percentage of memory in use: 10%
Total physical RAM: 8136.64 MB
Available physical RAM: 7263.44 MB
Total Virtual: 8134.84 MB
Available Virtual: 7265.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:119.14 GB) (Free:26.25 GB) NTFS
Drive d: (Data) (Fixed) (Total:931.51 GB) (Free:175.34 GB) NTFS
Drive e: (Backup D) (Fixed) (Total:2794.39 GB) (Free:1889.42 GB) NTFS
Drive g: () (Removable) (Total:14.54 GB) (Free:14.45 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
 
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7/8/10) (Size: 119.2 GB) (Disk ID: 3C494EC0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7/8/10) (Size: 931.5 GB) (Disk ID: 14CA494C)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (Size: 2794.5 GB) (Disk ID: 922CDC7B)
 
Partition: GPT.
 
========================================================
Disk: 3 (Size: 14.5 GB) (Disk ID: 0D08834F)
Partition 1: (Not Active) - (Size=14.5 GB) - (Type=07 NTFS)
 
LastRegBack: 2018-03-29 07:07
 
==================== End of FRST.txt ============================

Edited by Kral, 07 April 2018 - 11:35 AM.


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 11:36 AM

Good! Now you should be able to install and run a scan with Malwarebytes.

j1Bynr2.pngMalwarebytes - Clean Mode
  • Download and install the free version of Malwarebytes
    Note: If you have Malwarebytes already installed, you don't need to install it again. Simply start from the next bullet point
  • Once Malwarebytes is installed, launch it and let it update his database. You might have to click on the little arrow by Scan Status in the middle right pane for it to do so
  • Once the database update is complete, click on the Scan tab, then select the Threat Scan button and click on Start Scan
  • Let the scan run, the time required to complete the scan depends of your system and computer specs
  • Once the scan is complete, make sure that the first checkbox at the top is checked (which will automatically check every detected item), then click on the Quarantine Selected button
    • If it asks you to restart your computer to complete the removal, do so
  • Click on Export Summary after the deletion (in the bottom-left corner) and select Copy to Clipboard. Paste the content in your next reply

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 11:42 AM

Finished running malwarebytes. It found one threat. Quaranteed and Rebooted the computer and this is the following scan report:

 

Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 4/7/18
Scan Time: 11:37 AM
Log File: 
Administrator: Yes
 
-Software Information-
Version: 3.1.2.1733
Components Version: 1.0.122
Update Package Version: 1.0.4648
License: Trial
 
-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Roy-PC\Roy
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271104
Threats Detected: 1
Threats Quarantined: 1
Time Elapsed: 1 min, 41 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 1
Trojan.Clicker, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\msidntfs, Quarantined, [2556], [433331],1.0.4648
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)


#12 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 11:43 AM

Good :) Now let's do a sweep with RogueKiller and AdwCleaner.

RQKuhw1.pngRogueKiller
  • Download the right version of RogueKiller for your Windows version (32 or 64-bit)
  • Once done, move the executable file to your Desktop, right-click on it and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Click on the Start Scan button in the right panel, which will bring you to another tab, and click on it again (this time it'll be in the bottom right corner)
  • Wait for the scan to complete
  • On completion, the results will be displayed
  • Check every single entry (threat found), and click on the Remove Selected button
  • On completion, the results will be displayed. Click on the Open Report button in the bottom left corner, followed by the Open TXT button (also in the bottom left corner)
  • This will open the report in Notepad. Copy/paste its content in your next reply
zcMPezJ.pngAdwCleaner - Fix Mode
  • Download AdwCleaner and move it to your Desktop
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator (for Windows Vista, 7, 8, 8.1 and 10 users)
  • Accept the EULA (I accept), then click on Scan
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all active processes
    V7SD4El.png
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it
  • After the restart, a log will open when logging in. Please copy/paste the content of that log in your next reply
Your next reply(ies) should therefore contain:
  • Copy/pasted RogueKiller clean log
  • Copy/pasted AdwCleaner clean log

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#13 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 11:55 AM

I am running rogue killer now, but just now the program abruptly quit mid scan, then I got blue screen. I am rebooting the system in safe mode and running rogue killer again. I hope that safe mode scan won't make it any less effective...

#14 Kral

Kral
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 07 April 2018 - 12:41 PM

I just finished running both scans in safe mode. Here are the logs to both.

Attached Files



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,483 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:10 AM

Posted 07 April 2018 - 12:44 PM

Awesome. Now are you able to boot Windows normally (not in Safe Mode) and run a scan with FRST? Once done, provide me a fresh set of logs.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users