Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help

User Tag List

0.0.0.0.1 Default page!

This is a discussion on 0.0.0.0.1 Default page! within the Virus/Trojan/Spyware Help forums, part of the Tech Support Forum category. My chrome has this as default page the IP 0.0.0.0.1 and it keeps changing to random things! Also I had


Closed Thread
 
Thread Tools Search this Thread
Old 10-23-2016, 02:49 PM   #1
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



My chrome has this as default page the IP 0.0.0.0.1 and it keeps changing to random things! Also I had some chinese softwares installed on my PC out of nowhere thirdly there is this Russian site which became the default homepage prior to all that, in essence my pc has something wrong with it. >.<


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.14393.0
Run by user at 2:37:42 on 2016-10-24
Microsoft Windows 10 Pro 10.0.14393.0.1252.1.1033.18.8053.4527 [GMT 5:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\ProgramData\MobileBrServ\mbbservice.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxEM.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCuiL.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
C:\WINDOWS\system32\AUDIODG.EXE
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\WINDOWS\system32\fontdrvhost.exe
C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
C:\ProgramData\Battle.net\Agent\Agent.5220\Agent.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net.exe
C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files (x86)\Battle.net\Battle.net.8098\Battle.net Helper.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\WINDOWS\ImmersiveControlPanel\SystemSettings.exe
C:\Windows\System32\smartscreen.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\SysWoW64\svchost.exe -k netsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\backgroundTaskHost.exe
C:\WINDOWS\System32\LocationNotificationWindows.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = Google
uSearch Bar = Google
uSearch Page = Google
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [OneDrive] "C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [Discord] C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Sound Blaster X-Fi MB 3] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [RzWizard] C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe
mRun: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
mRun: [Corsair Utility Engine] "C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe" --autorun
mRunOnce: [ldsuninst] C:\Users\user\AppData\Local\Temp\removelds.bat
mRunOnce: [ldsliteuninst] C:\Users\user\AppData\Local\Temp\removeldslite.bat
StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-Windows\System: EnableSmartScreen = dword:0
IE: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.100.1
TCP: Interfaces\{0b71ffb1-09ee-42c7-a87f-af18630ea418} : DHCPNameServer = 192.168.100.1
TCP: Interfaces\{220d4d6b-810d-47d8-bbe4-18f09aa0be8f} : DHCPNameServer = 192.168.42.129
TCP: Interfaces\{40a5d303-4697-4719-b1d5-81ff172a9a37} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{48018cb8-4c0b-441a-8676-2d29b969f120} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{7c7eb5f2-7ddf-410e-9f89-c6a09441d950} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{838f256a-620d-441b-9aae-106efa713b7d} : DHCPNameServer = 192.168.8.1 192.168.8.1
TCP: Interfaces\{945af93b-3815-4a6f-9d76-854e76dca377} : DHCPNameServer = 192.168.8.1 192.168.8.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = ""
mASetup: {65122CB0-EA0F-47DF-A953-017170ED12F9} - "C:\Program Files (x86)\UCBrowser\Application\5.6.14087.902\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-Run: [MBCfg64] C:\WINDOWS\System32\RunDLL32.exe C:\WINDOWS\System32\MBCfg64.dll,RunDLLEntry MBCfg64
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] "C:\WINDOWS\System32\rundll32.exe" C:\WINDOWS\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [WindowsDefender] "C:\Program Files (x86)\Windows Defender\MSASCuiL.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ts3yun6k.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.malwarebytes.org/restorebrowser/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2014-4-11 645480]
R0 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2016-7-16 48152]
R0 iorate;iorate;C:\WINDOWS\System32\drivers\iorate.sys [2016-7-16 45920]
R0 volume;Volume driver;C:\WINDOWS\System32\drivers\volume.sys [2016-7-16 16224]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2016-7-16 107032]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2016-7-16 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2016-9-23 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2016-7-16 227328]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-7-16 88576]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2016-7-16 8192]
R1 UCGuard;UCGuard;C:\WINDOWS\System32\drivers\ucguard.sys [2016-10-23 81792]
R2 CDPSvc;Connected Devices Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R2 CDPUserSvc_45a5f;CDPUserSvc_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 clreg;Virtual Registry for Containers;C:\WINDOWS\System32\drivers\registry.sys [2016-7-16 70144]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2016-7-16 44496]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2016-7-16 44496]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2016-4-24 1165368]
R2 HpSvc;HpSvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2014-4-11 16232]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2016-5-28 374360]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-10-24 1136608]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service;C:\ProgramData\MobileBrServ\mbbService.exe [2016-5-27 242264]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2016-4-24 1881144]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2016-4-24 2522680]
R2 OneSyncSvc_45a5f;Sync Host_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R2 RzWizardService;Razer Wizard Service;C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [2016-3-23 376272]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe [2016-9-18 426040]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2016-7-16 78336]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R2 wcifs;Windows Container Isolation;C:\WINDOWS\System32\drivers\wcifs.sys [2016-9-30 119648]
R2 wcnfs;Windows Container Name Virtualization;C:\WINDOWS\System32\drivers\wcnfs.sys [2016-7-16 66560]
R2 WpnService;Windows Push Notifications System Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 CorsairVBusDriver;Corsair Bus;C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [2016-9-9 45056]
R3 CorsairVHidDriver;Corsair virtual device;C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [2016-9-9 22520]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2016-4-16 450520]
R3 Ke2200;NDIS Miniport Driver for the Killer e2200 Gigabit Ethernet Controller;C:\WINDOWS\System32\drivers\e22w8x64.sys [2016-4-16 174448]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2016-10-24 27008]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-10-24 192216]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-10-24 65408]
R3 MBfilt;MBfilt;C:\WINDOWS\System32\drivers\MBfilt64.sys [2016-4-16 32344]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2016-7-16 20480]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2016-4-24 28216]
R3 NvStreamNetworkSvc;NVIDIA Streamer Network Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [2016-4-24 3634232]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\WINDOWS\System32\drivers\nvvad64v.sys [2016-5-16 56384]
R3 PimIndexMaintenanceSvc_45a5f;Contact Data_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
R3 TimeBrokerSvc;Time Broker;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
R3 UnistoreSvc_45a5f;User Data Storage_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UserDataSvc_45a5f;User Data Access_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
R3 UsoSvc;Update Orchestrator Service for Windows Update;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2016-7-16 123232]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2016-7-16 347328]
R3 wisvc;Windows Insider Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2016-7-16 216064]
R3 XtuAcpiDriver;Intel(R) Extreme Tuning Utility Service;C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [2015-6-6 63840]
R4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-10-24 1514464]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2016-7-16 44496]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2016-7-25 324224]
S3 AcpiDev;ACPI Devices driver;C:\WINDOWS\System32\drivers\AcpiDev.sys [2016-7-16 18432]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2016-7-16 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 applockerfltr;Smartlocker Filter Driver;C:\WINDOWS\System32\drivers\applockerfltr.sys [2016-7-16 15360]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2016-7-16 44496]
S3 AppvStrm;AppvStrm;C:\WINDOWS\System32\drivers\AppVStrm.sys [2016-9-30 127328]
S3 AppvVemgr;AppvVemgr;C:\WINDOWS\System32\drivers\AppvVemgr.sys [2016-7-16 157024]
S3 AppvVfs;AppvVfs;C:\WINDOWS\System32\drivers\AppvVfs.sys [2016-7-16 141152]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2016-7-16 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2016-7-16 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2016-7-16 44496]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2016-7-16 38912]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-7-16 117248]
S3 cht4iscsi;cht4iscsi;C:\WINDOWS\System32\drivers\cht4sx64.sys [2016-7-16 346976]
S3 cht4vbd;Chelsio Virtual Bus Driver;C:\WINDOWS\System32\drivers\cht4vx64.sys [2016-7-16 2104160]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2016-7-16 44496]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2016-4-16 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2016-4-16 79360]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-9-5 131712]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2016-7-16 93184]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;C:\WINDOWS\System32\drivers\dtlitescsibus.sys [2016-10-22 30264]
S3 dtliteusbbus;DAEMON Tools Lite Virtual USB Bus;C:\WINDOWS\System32\drivers\dtliteusbbus.sys [2016-10-22 47672]
S3 embeddedmode;Embedded Mode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 FrameServer;Windows Camera Frame Server;C:\WINDOWS\System32\svchost.exe -k Camera [2016-7-16 44496]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2016-7-16 20480]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2016-7-16 50016]
S3 HvHost;HV Host Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 iagpio;Intel Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iagpio.sys [2016-7-16 33280]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2016-7-16 81408]
S3 iaLPSS2i_GPIO2;Intel(R) Serial IO GPIO Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_GPIO2.sys [2016-7-16 64512]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2016-7-16 176384]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2016-7-16 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2016-7-16 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2016-7-16 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2016-7-16 526176]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 IndirectKmd;Indirect Displays Kernel-Mode Driver;C:\WINDOWS\System32\drivers\IndirectKmd.sys [2016-7-16 35840]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2014-3-26 42288]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2016-7-16 105824]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2016-7-16 101216]
S3 megasas2i;megasas2i;C:\WINDOWS\System32\drivers\MegaSas2i.sys [2016-10-12 64352]
S3 MessagingService_45a5f;MessagingService_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2016-7-16 842584]
S3 MsSecFlt;Microsoft Security Events Component Minifilter;C:\WINDOWS\System32\drivers\mssecflt.sys [2016-7-16 179040]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2016-7-16 108896]
S3 NetAdapterCx;Network Adapter Wdf Class Extension Library;C:\WINDOWS\System32\drivers\NetAdapterCx.sys [2016-7-16 90624]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2016-7-16 44496]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2016-7-16 58720]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2016-7-16 61792]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2016-7-16 928608]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 scmbus;Microsoft Storage Class Memory Bus Driver;C:\WINDOWS\System32\drivers\scmbus.sys [2016-7-16 88416]
S3 scmdisk0101;Microsoft NVDIMM-N disk driver;C:\WINDOWS\System32\drivers\scmdisk0101.sys [2016-7-16 123904]
S3 Sense;Windows Defender Advanced Threat Protection Service;C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2016-9-30 2889896]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2016-9-23 1312768]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2016-7-16 151904]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2016-7-16 44496]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-7-22 165504]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudserd.sys [2016-4-25 221824]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2016-9-30 81760]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2016-7-16 32096]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2016-7-16 287744]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-7-16 95744]
S3 UcmTcpciCx0101;UCM-TCPCI KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmTcpciCx.sys [2016-7-16 108544]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2016-7-16 50688]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2016-7-16 45568]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2016-7-16 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-7-16 263008]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2016-7-16 96608]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-7-16 137056]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2016-7-16 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2016-7-16 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2016-7-16 27488]
S3 usbrndis6;USB RNDIS6 Adapter;C:\WINDOWS\System32\drivers\usb80236.sys [2016-7-16 23040]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2016-7-16 32256]
S3 vmgid;Microsoft Hyper-V Guest Infrastructure Driver;C:\WINDOWS\System32\drivers\vmgid.sys [2016-7-16 10240]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 vmicvmsession;Hyper-V PowerShell Direct Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2016-7-16 44496]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2016-7-16 44496]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-9-30 719360]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2016-7-16 44496]
S3 WinDivert1.1;WinDivert1.1;C:\Program Files\KMSpico\WinDivert.sys [2016-4-16 35376]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2016-7-16 32096]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2016-7-16 64864]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S3 WpnUserService_45a5f;Windows Push Notifications User Service_45a5f;C:\WINDOWS\System32\svchost.exe -k UnistackSvcGroup [2016-7-16 44496]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-7-16 258560]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-9-23 43520]
S4 AppVClient;Microsoft App-V Client;C:\WINDOWS\System32\AppVClient.exe [2016-9-30 823136]
S4 shpamsvc;Shared PC Account Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2016-7-16 44496]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2016-7-16 44496]
S4 UevAgentDriver;UevAgentDriver;C:\WINDOWS\System32\drivers\UevAgentDriver.sys [2016-7-16 40288]
S4 UevAgentService;User Experience Virtualization Service;C:\WINDOWS\System32\AgentService.exe [2016-7-16 1227264]
.
=============== Created Last 30 ================
.
2016-10-23 21:25:23 -------- d-----w- C:\Users\user\AppData\Roaming\Ludashi
2016-10-23 19:38:45 -------- d-----w- C:\Users\user\AppData\Roaming\lockhomepage
2016-10-23 19:15:46 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-10-23 19:15:08 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-10-23 19:15:08 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-10-23 19:15:08 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-10-23 19:15:08 -------- d-----w- C:\ProgramData\Malwarebytes
2016-10-23 19:15:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\Softlink
2016-10-23 18:58:57 -------- d-----w- C:\Users\user\AppData\Roaming\KuaiZip
2016-10-23 18:58:40 81792 ----a-w- C:\WINDOWS\System32\drivers\ucguard.sys
2016-10-23 18:58:40 -------- d-----w- C:\Users\user\AppData\Local\UCBrowser
2016-10-23 18:58:31 -------- d-----w- C:\Program Files (x86)\UCBrowser
2016-10-23 18:56:52 -------- d-----w- C:\Users\user\AppData\Roaming\NVIDIA
2016-10-23 18:50:37 -------- d-----w- C:\Users\user\AppData\Roaming\SimpleNotepad4
2016-10-23 16:20:54 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2B03C2D0-C409-415A-AA6E-C08EEED3BFC7}\mpengine.dll
2016-10-22 19:35:56 12033040 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-10-22 10:04:55 -------- d-----w- C:\Users\user\AppData\Roaming\FiraxisLive
2016-10-22 10:04:50 -------- d-----w- C:\Users\user\AppData\Roaming\Steam
2016-10-22 09:40:35 -------- d-----w- C:\Users\user\AppData\Local\Disc_Soft_Ltd
2016-10-22 09:35:27 47672 ----a-w- C:\WINDOWS\System32\drivers\dtliteusbbus.sys
2016-10-22 09:35:10 30264 ----a-w- C:\WINDOWS\System32\drivers\dtlitescsibus.sys
2016-10-22 09:35:10 -------- d-----w- C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2016-10-22 09:34:55 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Roaming\Corsair
2016-10-20 14:56:31 -------- d-----w- C:\Users\user\AppData\Local\Corsair
2016-10-20 14:55:57 -------- d-----w- C:\Program Files (x86)\Corsair
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Roaming\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\AppData\Local\SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.SimulationCraft
2016-10-12 07:51:44 -------- d-----w- C:\Users\user\.QtWebEngineProcess
2016-10-12 07:50:59 -------- d-----w- C:\Users\user\AppData\Local\Programs
2016-10-05 08:40:06 1167568 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{572543C3-A164-4501-8D12-7AEC3600D9A1}\gapaengine.dll
2016-09-30 14:52:59 971264 ----a-w- C:\WINDOWS\System32\twinui.appcore.dll
.
==================== Find3M ====================
.
2016-10-23 19:37:44 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-11 19:00:13 177664 ----a-w- C:\WINDOWS\SysWow64\Windows.Web.Diagnostics.dll
2016-10-11 19:00:10 783360 ----a-w- C:\WINDOWS\SysWow64\TSWorkspace.dll
2016-10-05 10:35:31 279904 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-10-05 10:34:30 894088 ----a-w- C:\WINDOWS\System32\winresume.exe
2016-10-05 10:34:29 1051104 ----a-w- C:\WINDOWS\System32\winresume.efi
2016-10-05 10:33:05 128864 ----a-w- C:\WINDOWS\System32\drivers\tm.sys
2016-10-05 10:31:27 2213248 ----a-w- C:\WINDOWS\System32\KernelBase.dll
2016-10-05 10:31:04 1353768 ----a-w- C:\WINDOWS\System32\winload.efi
2016-10-05 10:31:04 1172472 ----a-w- C:\WINDOWS\System32\winload.exe
2016-10-05 10:30:04 7812448 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe
2016-10-05 10:22:30 1181536 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys
2016-10-05 10:17:31 1322848 ----a-w- C:\WINDOWS\System32\wpx.dll
2016-10-05 10:16:12 187232 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-10-05 10:13:51 1859264 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Store.dll
2016-10-05 10:13:34 146784 ----a-w- C:\WINDOWS\System32\CloudExperienceHostCommon.dll
2016-10-05 10:12:49 619368 ----a-w- C:\WINDOWS\System32\drivers\cng.sys
2016-10-05 10:12:25 2446696 ----a-w- C:\WINDOWS\System32\msxml6.dll
2016-10-05 10:12:12 1112928 ----a-w- C:\WINDOWS\System32\AppxPackaging.dll
2016-10-05 10:09:21 4129928 ----a-w- C:\WINDOWS\System32\mfcore.dll
2016-10-05 10:09:12 244816 ----a-w- C:\WINDOWS\System32\mfps.dll
2016-10-05 10:09:12 1071728 ----a-w- C:\WINDOWS\System32\mfnetcore.dll
2016-10-05 10:09:07 64352 ----a-w- C:\WINDOWS\System32\drivers\MegaSas2i.sys
2016-10-05 10:08:36 241504 ----a-w- C:\WINDOWS\System32\CloudExperienceHost.dll
2016-10-05 10:04:52 628032 ----a-w- C:\WINDOWS\System32\fontdrvhost.exe
2016-10-05 10:04:02 2537824 ----a-w- C:\WINDOWS\System32\drivers\tcpip.sys
2016-10-05 10:03:25 1705976 ----a-w- C:\WINDOWS\SysWow64\KernelBase.dll
2016-10-05 09:51:04 1430720 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Store.dll
2016-10-05 09:50:41 116576 ----a-w- C:\WINDOWS\SysWow64\CloudExperienceHostCommon.dll
2016-10-05 09:49:21 1980768 ----a-w- C:\WINDOWS\SysWow64\msxml6.dll
2016-10-05 09:48:51 1022304 ----a-w- C:\WINDOWS\SysWow64\AppxPackaging.dll
2016-10-05 09:46:27 3892352 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll
2016-10-05 09:46:20 1360456 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll
2016-10-05 09:46:15 980824 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll
2016-10-05 09:44:01 22568960 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2016-10-05 09:41:58 545944 ----a-w- C:\WINDOWS\SysWow64\fontdrvhost.exe
2016-10-05 09:38:50 584192 ----a-w- C:\WINDOWS\System32\UIRibbonRes.dll
2016-10-05 09:38:10 237568 ----a-w- C:\WINDOWS\System32\Windows.Web.Diagnostics.dll
2016-10-05 09:36:37 73216 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-10-05 09:36:20 113664 ----a-w- C:\WINDOWS\System32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:35:56 101888 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.Ngc.dll
2016-10-05 09:35:55 196096 ----a-w- C:\WINDOWS\System32\UserDeviceRegistration.dll
2016-10-05 09:35:28 327680 ----a-w- C:\WINDOWS\System32\wc_storage.dll
2016-10-05 09:35:26 352768 ----a-w- C:\WINDOWS\System32\cloudAP.dll
2016-10-05 09:35:25 122880 ----a-w- C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-10-05 09:34:11 144896 ----a-w- C:\WINDOWS\System32\drivers\dfsc.sys
2016-10-05 09:34:07 463360 ----a-w- C:\WINDOWS\System32\daxexec.dll
2016-10-05 09:33:53 296960 ----a-w- C:\WINDOWS\System32\mfsensorgroup.dll
2016-10-05 09:33:50 157696 ----a-w- C:\WINDOWS\System32\credprovs.dll
2016-10-05 09:33:18 651264 ----a-w- C:\WINDOWS\System32\Windows.Devices.AllJoyn.dll
2016-10-05 09:33:11 268800 ----a-w- C:\WINDOWS\System32\UserMgrProxy.dll
2016-10-05 09:32:52 223744 ----a-w- C:\WINDOWS\System32\Windows.Networking.HostName.dll
2016-10-05 09:32:27 379904 ----a-w- C:\WINDOWS\System32\apprepsync.dll
2016-10-05 09:32:19 590336 ----a-w- C:\WINDOWS\System32\efswrt.dll
2016-10-05 09:32:09 146432 ----a-w- C:\WINDOWS\System32\AuthBroker.dll
2016-10-05 09:31:59 837632 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-10-05 09:31:53 425472 ----a-w- C:\WINDOWS\System32\bcdedit.exe
2016-10-05 09:31:50 561664 ----a-w- C:\WINDOWS\System32\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:31:41 176128 ----a-w- C:\WINDOWS\System32\apprepapi.dll
2016-10-05 09:31:29 58880 ----a-w- C:\WINDOWS\SysWow64\ConfigureExpandedStorage.dll
2016-10-05 09:31:26 480768 ----a-w- C:\WINDOWS\System32\dsreg.dll
2016-10-05 09:31:11 748544 ----a-w- C:\WINDOWS\System32\ChatApis.dll
2016-10-05 09:30:16 396800 ----a-w- C:\WINDOWS\System32\ncsi.dll
2016-10-05 09:29:58 956416 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.desktop.dll
2016-10-05 09:29:27 1145856 ----a-w- C:\WINDOWS\System32\EmailApis.dll
2016-10-05 09:29:19 368640 ----a-w- C:\WINDOWS\System32\nlasvc.dll
2016-10-05 09:29:14 6285312 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2016-10-05 09:29:12 9129984 ----a-w- C:\WINDOWS\System32\twinui.dll
2016-10-05 09:28:44 775168 ----a-w- C:\WINDOWS\System32\GamePanel.exe
2016-10-05 09:28:35 584192 ----a-w- C:\WINDOWS\SysWow64\UIRibbonRes.dll
2016-10-05 09:28:30 406016 ----a-w- C:\WINDOWS\System32\AppXDeploymentClient.dll
2016-10-05 09:28:24 156672 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.dll
2016-10-05 09:28:20 3059200 ----a-w- C:\WINDOWS\System32\msi.dll
2016-10-05 09:28:06 123904 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.HostName.dll
2016-10-05 09:27:14 94208 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-10-05 09:27:13 87040 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-05 09:27:05 945664 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2016-10-05 09:26:58 327680 ----a-w- C:\WINDOWS\SysWow64\daxexec.dll
2016-10-05 09:26:48 137216 ----a-w- C:\WINDOWS\SysWow64\credprovs.dll
2016-10-05 09:26:46 620544 ----a-w- C:\WINDOWS\System32\wbem\MDMSettingsProv.dll
2016-10-05 09:26:34 88576 ----a-w- C:\WINDOWS\SysWow64\UserDeviceRegistration.Ngc.dll
2016-10-05 09:26:33 590848 ----a-w- C:\WINDOWS\System32\vbscript.dll
2016-10-05 09:26:09 184320 ----a-w- C:\WINDOWS\SysWow64\UserMgrProxy.dll
2016-10-05 09:26:06 182784 ----a-w- C:\WINDOWS\SysWow64\mfsensorgroup.dll
2016-10-05 09:25:56 1589248 ----a-w- C:\WINDOWS\System32\msdtctm.dll
2016-10-05 09:25:36 299520 ----a-w- C:\WINDOWS\SysWow64\UserDataAccountApis.dll
2016-10-05 09:25:14 117760 ----a-w- C:\WINDOWS\SysWow64\AuthBroker.dll
2016-10-05 09:25:08 822784 ----a-w- C:\WINDOWS\SysWow64\Chakradiag.dll
2016-10-05 09:25:04 404992 ----a-w- C:\WINDOWS\SysWow64\dsreg.dll
2016-10-05 09:24:41 99328 ----a-w- C:\WINDOWS\System32\adsmsext.dll
2016-10-05 09:24:09 483840 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.AllJoyn.dll
2016-10-05 09:23:45 426496 ----a-w- C:\WINDOWS\SysWow64\Windows.ApplicationModel.Wallet.dll
2016-10-05 09:23:38 187904 ----a-w- C:\WINDOWS\System32\dialclient.dll
2016-10-05 09:23:27 284672 ----a-w- C:\WINDOWS\SysWow64\apprepsync.dll
2016-10-05 09:23:27 1908224 ----a-w- C:\WINDOWS\System32\AzureSettingSyncProvider.dll
2016-10-05 09:23:14 125952 ----a-w- C:\WINDOWS\SysWow64\apprepapi.dll
2016-10-05 09:23:05 431616 ----a-w- C:\WINDOWS\SysWow64\efswrt.dll
2016-10-05 09:22:55 7654912 ----a-w- C:\WINDOWS\System32\mos.dll
2016-10-05 09:22:16 73216 ----a-w- C:\WINDOWS\System32\offreg.dll
2016-10-05 09:22:08 4749312 ----a-w- C:\WINDOWS\System32\SettingsHandlers_nt.dll
.
============= FINISH: 2:37:56.95 ===============
Attached Files
File Type: txt attach.txt (8.9 KB, 26 views)
Psychosis is offline  
Sponsored Links
Advertisement
 
Old 10-24-2016, 02:54 AM   #2
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Are you aware you have no System Restore point on your system?

Is System Restore turned on, and are you able to turn it on and/or create a Restore point?

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 03:54 AM   #3
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Hello Chemist and thank you for your time -- Much much appreciated, just an update, when I click "Clean" on "AdwCleaner" it just freezes over, is it supposed to take that long and meanwhile this "cleansing" i am trying to download the Farbar Recovery Scan Tool, it sends my Chrome to "Not responding".
Psychosis is offline  
Sponsored Links
Advertisement
 
Old 10-24-2016, 04:33 AM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Psychosis. You're welcome. How long is 'that long'? If it won't complete just post the scan log, found at C:\AdwCleaner\AdwCleaner[S#].txt, or click 'Logfile' and post the latest scan log.

Download FRST64 to a USB drive on another computer and transfer FRST64 to your desktop. Let me know if you still have trouble.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 06:28 AM   #5
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by user (administrator) on ABC (24-10-2016 18:20:20)
Running from C:\Users\user\Downloads
Loaded Profiles: user (Available Profiles: user)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvscpapisvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
() C:\ProgramData\MobileBrServ\mbbService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Razer Inc.) C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Users\user\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.8.197.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Hammer & Chisel, Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
(Hammer & Chisel, Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe
(Hammer & Chisel, Inc.) C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe
(Creative Technology Ltd.) C:\Program Files (x86)\Creative\ShareDLL\CADI\NotiMan.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7611608 2014-05-27] (Realtek Semiconductor)
HKLM\...\Run: [MBCfg64] => C:\Windows\system32\MBCfg64.dll [29696 2013-01-25] (Creative Technology Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2398776 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\WINDOWS\system32\nvspcap64.dll [1767760 2016-06-15] (NVIDIA Corporation)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-23] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Sound Blaster X-Fi MB 3] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi MB3\Sound Blaster X-Fi MB3\SBXFIMB3.exe [2109440 2013-04-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [263112 2016-03-23] (Razer Inc.)
HKLM-x32\...\Run: [Nikon Message Center 2] => C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CUE.exe [11054800 2016-09-14] (Corsair Components, Inc.)
HKU\S-1-5-21-1856644154-649294106-3734618877-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [29635712 2016-09-12] (Skype Technologies S.A.)
HKU\S-1-5-21-1856644154-649294106-3734618877-1001\...\Run: [Discord] => C:\Users\user\AppData\Local\Discord\app-0.0.296\Discord.exe [62471352 2016-08-24] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1856644154-649294106-3734618877-1001\...\MountPoints2: {1ce33e17-96d2-11e6-82c7-0c5b8f279a64} - "G:\setup.exe"
ShellIconOverlayIdentifiers: [IDM Shell Extension] -> {CDC95B92-E27C-4745-A8C5-64A52A78855D} => No File
ShellIconOverlayIdentifiers: [KzShlobj2] -> {AAA0C5B8-933F-4200-93AD-B143D7FFF9F3} => No File
Startup: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ZenMate.bat [2016-09-08] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{0b71ffb1-09ee-42c7-a87f-af18630ea418}: [DhcpNameServer] 192.168.100.1
Tcpip\..\Interfaces\{220d4d6b-810d-47d8-bbe4-18f09aa0be8f}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{40a5d303-4697-4719-b1d5-81ff172a9a37}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{48018cb8-4c0b-441a-8676-2d29b969f120}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{7c7eb5f2-7ddf-410e-9f89-c6a09441d950}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{838f256a-620d-441b-9aae-106efa713b7d}: [DhcpNameServer] 192.168.8.1 192.168.8.1
Tcpip\..\Interfaces\{945af93b-3815-4a6f-9d76-854e76dca377}: [DhcpNameServer] 192.168.8.1 192.168.8.1

Internet Explorer:
==================
HKU\S-1-5-21-1856644154-649294106-3734618877-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKU\S-1-5-21-1856644154-649294106-3734618877-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-24] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2010-03-25] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-02-28] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\ts3yun6k.default [2016-10-23]
FF NetworkProxy: Mozilla\Firefox\Profiles\ts3yun6k.default -> type", 0
FF Homepage: Mozilla\Firefox\Profiles\ts3yun6k.default -> hxxps://www.malwarebytes.org/restorebrowser/
FF HKU\S-1-5-21-1856644154-649294106-3734618877-1001\...\SeaMonkey\Extensions: [[email protected]] - C:\Program Files (x86)\Internet Download Manager\idmmzcc2.xpi => not found
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-25] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-08-26] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2012-10-16] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://google.com/
CHR DefaultSearchURL: Default -> hxxp://feed.browserhunt.com/?fext=true&publisherid=51624&publisher=huntext&st=et&q={searchTerms}
CHR DefaultSearchKeyword: Default -> Hunt
CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default [2016-10-24]
CHR Extension: (Google Slides) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-07-29]
CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-07-29]
CHR Extension: (ZenMate VPN - Best Cyber Security & Unblock) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcgdnkidjaadafnichfpabhfomcebme [2016-10-17]
CHR Extension: (Browser Hunt) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki [2016-10-23]
CHR Extension: (Google Sheets) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-07-29]
CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-07-29]
CHR Extension: (Chrome Media Router) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-10-19]
CHR HKLM\...\Chrome\Extension: [ngpampappnmepgilojfohadhhmbhlaek] - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2016-04-16] (Creative Labs) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2016-04-16] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [406016 2011-09-15] (Creative Technology Ltd) [File not signed]
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1165368 2016-06-15] (NVIDIA Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [374360 2016-05-28] (Intel Corporation)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [242264 2015-09-23] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1881144 2016-06-15] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [3634232 2016-06-15] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2522680 2016-06-15] (NVIDIA Corporation)
R2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [376272 2016-03-23] (Razer Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-09-15] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 HpSvc; C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll [X] <==== ATTENTION

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\WINDOWS\System32\drivers\CorsairVBusDriver.sys [45056 2016-09-09] (Corsair)
R3 CorsairVHidDriver; C:\WINDOWS\System32\drivers\CorsairVHidDriver.sys [22520 2016-09-09] (Corsair)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2016-10-22] (Disc Soft Ltd)
S3 dtliteusbbus; C:\WINDOWS\System32\drivers\dtliteusbbus.sys [47672 2016-10-22] (Disc Soft Ltd)
R3 Ke2200; C:\WINDOWS\System32\drivers\e22w8x64.sys [174448 2012-12-04] (Qualcomm Atheros, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-24] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S0 megasas2i; C:\WINDOWS\System32\drivers\MegaSas2i.sys [64352 2016-10-05] (Avago Technologies)
R3 MEIx64; C:\WINDOWS\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-01] (Intel Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_d3851cb7c8216f9e\nvlddmkm.sys [14216760 2016-08-28] (NVIDIA Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28216 2016-06-15] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [56384 2016-04-14] (NVIDIA Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
S3 ssudserd; C:\WINDOWS\system32\DRIVERS\ssudserd.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R1 UCGuard; C:\WINDOWS\System32\DRIVERS\ucguard.sys [81792 2016-08-02] (Huorong Borui (Beijing) Technology Co., Ltd.) <==== ATTENTION
S3 usbrndis6; C:\WINDOWS\System32\drivers\usb80236.sys [23040 2016-07-16] (Microsoft Corporation)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2016-04-16] (Basil Projects)
R3 XtuAcpiDriver; C:\WINDOWS\System32\drivers\XtuAcpiDriver.sys [63840 2015-06-06] (Intel Corporation)
S3 ComputerZ_x64; \??\C:\Program Files (x86)\LuDaShi\ComputerZ_x64.sys [X] <==== ATTENTION

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVCx32: HpSvc -> C:\Program Files (x86)\LuDaShi\lpi\HpSvc.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 18:20 - 2016-10-24 18:20 - 00017311 _____ C:\Users\user\Downloads\FRST.txt
2016-10-24 18:20 - 2016-10-24 18:20 - 00000000 ____D C:\FRST
2016-10-24 18:19 - 2016-10-24 18:19 - 02407424 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2016-10-24 18:19 - 2016-10-24 18:19 - 02407424 _____ (Farbar) C:\Users\user\Downloads\FRST64 (1).exe
2016-10-24 15:36 - 2016-10-24 15:45 - 00000000 ____D C:\AdwCleaner
2016-10-24 15:36 - 2016-10-24 15:36 - 03910208 _____ C:\Users\user\Desktop\AdwCleaner.exe
2016-10-24 04:05 - 2016-10-24 04:13 - 00000000 ____D C:\Users\user\AppData\Roaming\obs-studio
2016-10-24 04:03 - 2016-10-24 04:03 - 00001275 _____ C:\Users\Public\Desktop\OBS Studio.lnk
2016-10-24 04:03 - 2016-10-24 04:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OBS Studio
2016-10-24 04:03 - 2016-10-24 04:03 - 00000000 ____D C:\Program Files (x86)\obs-studio
2016-10-24 03:46 - 2016-10-24 03:47 - 97276344 _____ (obsproject.com) C:\Users\user\Downloads\OBS-Studio-0.16.2-Full-Installer.exe
2016-10-24 02:25 - 2016-10-24 02:25 - 00000000 ____D C:\Users\user\AppData\Roaming\Ludashi
2016-10-24 02:10 - 2016-10-24 02:10 - 00688992 _____ (Swearware) C:\Users\user\Downloads\dds (1).scr
2016-10-24 02:03 - 2016-10-24 02:38 - 00009104 _____ C:\Users\user\Desktop\attach.txt
2016-10-24 02:03 - 2016-10-24 02:37 - 00041740 _____ C:\Users\user\Desktop\dds.txt
2016-10-24 02:01 - 2016-10-24 02:02 - 00688992 ____R (Swearware) C:\Users\user\Desktop\dds.scr
2016-10-24 00:38 - 2016-10-24 00:39 - 00000000 ____D C:\Users\user\AppData\Roaming\lockhomepage
2016-10-24 00:28 - 2016-10-24 00:28 - 00001047 _____ C:\Adwareremoval.txt
2016-10-24 00:15 - 2016-10-24 04:20 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-24 00:15 - 2016-10-24 00:39 - 00001165 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-24 00:15 - 2016-10-24 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-24 00:15 - 2016-10-24 00:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-10-24 00:15 - 2016-10-24 00:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-24 00:15 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-24 00:15 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-24 00:15 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-23 23:58 - 2016-10-24 00:37 - 00000462 _____ C:\WINDOWS\Tasks\UCBrowserUpdater.job
2016-10-23 23:58 - 2016-10-23 23:58 - 00003478 _____ C:\WINDOWS\System32\Tasks\UCBrowserUpdater
2016-10-23 23:58 - 2016-10-23 23:58 - 00000000 ____D C:\Users\user\AppData\Roaming\Softlink
2016-10-23 23:58 - 2016-10-23 23:58 - 00000000 ____D C:\Users\user\AppData\Roaming\KuaiZip
2016-10-23 23:58 - 2016-10-23 23:58 - 00000000 ____D C:\Users\user\AppData\Local\UCBrowser
2016-10-23 23:58 - 2016-10-23 23:58 - 00000000 ____D C:\Program Files (x86)\UCBrowser
2016-10-23 23:58 - 2016-08-02 18:47 - 00081792 _____ (Huorong Borui (Beijing) Technology Co., Ltd.) C:\WINDOWS\system32\Drivers\ucguard.sys
2016-10-23 23:56 - 2016-10-23 23:56 - 00000000 ____D C:\Users\user\AppData\Roaming\NVIDIA
2016-10-23 23:55 - 2016-10-23 23:55 - 07214592 _____ C:\Users\user\AppData\Roaming\agent.dat
2016-10-23 23:55 - 2016-10-23 23:55 - 00140288 _____ C:\Users\user\AppData\Roaming\Installer.dat
2016-10-23 23:55 - 2016-10-23 23:55 - 00018432 _____ C:\Users\user\AppData\Roaming\Main.dat
2016-10-23 23:52 - 2016-10-23 23:52 - 22851472 _____ (Malwarebytes ) C:\Users\user\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-23 23:50 - 2016-10-24 00:38 - 00001045 _____ C:\Users\user\Desktop\SimpleNotepad4.lnk
2016-10-23 23:50 - 2016-10-24 00:37 - 00000000 ____D C:\Users\user\AppData\Roaming\SimpleNotepad4
2016-10-23 23:50 - 2016-10-23 23:50 - 00002137 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Моzillа Firеfох.lnk
2016-10-23 23:50 - 2016-10-23 23:50 - 00002135 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-10-23 23:50 - 2016-10-23 23:50 - 00002107 _____ C:\Users\Public\Desktop\Моzillа Firеfох.lnk
2016-10-23 23:50 - 2016-10-23 23:50 - 00002105 _____ C:\Users\Public\Desktop\Gооglе Сhrоmе.lnk
2016-10-23 23:50 - 2016-10-23 23:50 - 00002075 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gооglе Сhrоmе.lnk
2016-10-23 22:53 - 2016-10-23 22:54 - 02496800 _____ (Beepa Pty Ltd) C:\Users\user\Downloads\setup (1).exe
2016-10-22 15:04 - 2016-10-22 15:04 - 00000000 ____D C:\Users\user\Documents\My Games
2016-10-22 15:04 - 2016-10-22 15:04 - 00000000 ____D C:\Users\user\AppData\Roaming\Steam
2016-10-22 15:04 - 2016-10-22 15:04 - 00000000 ____D C:\Users\user\AppData\Roaming\FiraxisLive
2016-10-22 14:56 - 2016-10-22 14:58 - 14572000 _____ (Microsoft Corporation) C:\Users\user\Downloads\vc_redist.x64.exe
2016-10-22 14:55 - 2016-10-22 15:39 - 02963408 _____ C:\Users\user\Downloads\Unconfirmed 503326.crdownload
2016-10-22 14:53 - 2016-10-22 14:53 - 00159314 _____ C:\Users\user\Downloads\msvcp140.zip
2016-10-22 14:42 - 2016-10-24 00:38 - 00001036 _____ C:\Users\user\Desktop\Sid Meiers Civilization VI.lnk
2016-10-22 14:42 - 2016-10-22 14:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sid Meiers Civilization VI
2016-10-22 14:40 - 2016-10-22 14:40 - 00000000 ____D C:\Users\user\AppData\Local\Disc_Soft_Ltd
2016-10-22 14:35 - 2016-10-22 14:39 - 00000000 ____D C:\Users\user\AppData\Roaming\DAEMON Tools Lite
2016-10-22 14:35 - 2016-10-22 14:37 - 00000000 ____D C:\Users\user\AppData\LocalLow\uTorrent
2016-10-22 14:35 - 2016-10-22 14:35 - 00047672 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtliteusbbus.sys
2016-10-22 14:35 - 2016-10-22 14:35 - 00030264 _____ (Disc Soft Ltd) C:\WINDOWS\system32\Drivers\dtlitescsibus.sys
2016-10-22 14:35 - 2016-10-22 14:35 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-10-22 14:34 - 2016-10-22 14:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2016-10-22 14:32 - 2016-10-22 14:32 - 00692072 _____ (Disc Soft Ltd.) C:\Users\user\Downloads\DTLiteInstaller.exe
2016-10-21 19:44 - 2016-10-21 19:44 - 00056497 _____ C:\Users\user\Downloads\Sid.Meiers.Civilization.VI-CODEX.torrent
2016-10-20 20:24 - 2016-10-20 20:25 - 61563797 _____ C:\Users\user\Downloads\Corsair-Utility-Engine-v1.16.42.zip
2016-10-20 19:56 - 2016-10-24 00:39 - 00001193 _____ C:\Users\Public\Desktop\Corsair Utility Engine.lnk
2016-10-20 19:56 - 2016-10-20 19:56 - 00000000 ____D C:\Users\user\AppData\Roaming\Corsair
2016-10-20 19:56 - 2016-10-20 19:56 - 00000000 ____D C:\Users\user\AppData\Local\Corsair
2016-10-20 19:56 - 2016-10-20 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2016-10-20 19:55 - 2016-10-20 19:55 - 00000000 ____D C:\Program Files (x86)\Corsair
2016-10-20 19:35 - 2016-10-20 19:40 - 110301184 _____ C:\Users\user\Downloads\CorsairUtilityEngineSetup_2.5.66_release.msi
2016-10-18 19:01 - 2016-10-18 19:01 - 00678204 _____ C:\Users\user\Downloads\dandruff-xCT_4.2.3_7.0.3_.zip
2016-10-18 19:00 - 2016-10-18 19:00 - 00194301 _____ C:\Users\user\Downloads\DoomShards-v19.zip
2016-10-15 14:05 - 2016-10-15 14:05 - 00000000 ____H C:\Users\user\Documents\Default.rdp
2016-10-13 23:42 - 2016-10-13 23:42 - 00000000 ____D C:\Users\user\Desktop\SuicideSquad
2016-10-13 23:41 - 2016-10-13 23:41 - 00041065 _____ C:\Users\user\Downloads\suicide-squad-english-1017000.zip
2016-10-12 12:51 - 2016-10-24 00:39 - 00000642 _____ C:\Users\Public\Desktop\Simulationcraft(x64).lnk
2016-10-12 12:51 - 2016-10-23 00:47 - 00000000 ____D C:\Users\user\AppData\Roaming\SimulationCraft
2016-10-12 12:51 - 2016-10-12 12:51 - 00000000 ____D C:\Users\user\AppData\Local\SimulationCraft
2016-10-12 12:51 - 2016-10-12 12:51 - 00000000 ____D C:\Users\user\.SimulationCraft
2016-10-12 12:51 - 2016-10-12 12:51 - 00000000 ____D C:\Users\user\.QtWebEngineProcess
2016-10-12 12:51 - 2016-10-12 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Simulationcraft(x64)
2016-10-12 12:49 - 2016-10-12 12:50 - 45663890 _____ (Simulationcraft ) C:\Users\user\Downloads\SimcSetup-703-03-Win64.exe
2016-10-12 12:48 - 2016-10-12 12:48 - 00000000 ____D C:\Users\user\Desktop\SimC
2016-10-12 00:22 - 2016-10-05 15:35 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-10-12 00:22 - 2016-10-05 15:34 - 01051104 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-12 00:22 - 2016-10-05 15:34 - 00894088 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-12 00:22 - 2016-10-05 15:33 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-12 00:22 - 2016-10-05 15:31 - 02213248 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-10-12 00:22 - 2016-10-05 15:31 - 01353768 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-12 00:22 - 2016-10-05 15:31 - 01172472 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-12 00:22 - 2016-10-05 15:30 - 07812448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-12 00:22 - 2016-10-05 15:22 - 01181536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-10-12 00:22 - 2016-10-05 15:17 - 01322848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-12 00:22 - 2016-10-05 15:16 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-10-12 00:22 - 2016-10-05 15:13 - 02750384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-12 00:22 - 2016-10-05 15:13 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-10-12 00:22 - 2016-10-05 15:13 - 00146784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2016-10-12 00:22 - 2016-10-05 15:12 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-10-12 00:22 - 2016-10-05 15:12 - 01112928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-10-12 00:22 - 2016-10-05 15:12 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-12 00:22 - 2016-10-05 15:09 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-12 00:22 - 2016-10-05 15:09 - 04129928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-10-12 00:22 - 2016-10-05 15:09 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-10-12 00:22 - 2016-10-05 15:09 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-10-12 00:22 - 2016-10-05 15:09 - 00064352 _____ (Avago Technologies) C:\WINDOWS\system32\Drivers\MegaSas2i.sys
2016-10-12 00:22 - 2016-10-05 15:08 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-10-12 00:22 - 2016-10-05 15:04 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-10-12 00:22 - 2016-10-05 15:04 - 00628032 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-12 00:22 - 2016-10-05 15:03 - 01705976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-10-12 00:22 - 2016-10-05 14:51 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-10-12 00:22 - 2016-10-05 14:50 - 02256592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-12 00:22 - 2016-10-05 14:50 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostCommon.dll
2016-10-12 00:22 - 2016-10-05 14:49 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-10-12 00:22 - 2016-10-05 14:48 - 01022304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-10-12 00:22 - 2016-10-05 14:46 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-10-12 00:22 - 2016-10-05 14:46 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-10-12 00:22 - 2016-10-05 14:46 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-10-12 00:22 - 2016-10-05 14:45 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-10-12 00:22 - 2016-10-05 14:44 - 22568960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-12 00:22 - 2016-10-05 14:41 - 00545944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-12 00:22 - 2016-10-05 14:38 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2016-10-12 00:22 - 2016-10-05 14:38 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Diagnostics.dll
2016-10-12 00:22 - 2016-10-05 14:36 - 00113664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 00:22 - 2016-10-05 14:36 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-10-12 00:22 - 2016-10-05 14:35 - 00352768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2016-10-12 00:22 - 2016-10-05 14:35 - 00327680 _____ C:\WINDOWS\system32\wc_storage.dll
2016-10-12 00:22 - 2016-10-05 14:35 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2016-10-12 00:22 - 2016-10-05 14:35 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-10-12 00:22 - 2016-10-05 14:35 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.Ngc.dll
2016-10-12 00:22 - 2016-10-05 14:34 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\daxexec.dll
2016-10-12 00:22 - 2016-10-05 14:34 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-12 00:22 - 2016-10-05 14:33 - 00651264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2016-10-12 00:22 - 2016-10-05 14:33 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-10-12 00:22 - 2016-10-05 14:33 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-10-12 00:22 - 2016-10-05 14:33 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovs.dll
2016-10-12 00:22 - 2016-10-05 14:32 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-10-12 00:22 - 2016-10-05 14:32 - 00379904 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-10-12 00:22 - 2016-10-05 14:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.HostName.dll
2016-10-12 00:22 - 2016-10-05 14:32 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00837632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-12 00:22 - 2016-10-05 14:31 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-10-12 00:22 - 2016-10-05 14:31 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll
2016-10-12 00:22 - 2016-10-05 14:30 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-10-12 00:22 - 2016-10-05 14:29 - 09129984 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-12 00:22 - 2016-10-05 14:29 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-10-12 00:22 - 2016-10-05 14:29 - 01145856 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-10-12 00:22 - 2016-10-05 14:29 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-10-12 00:22 - 2016-10-05 14:29 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-10-12 00:22 - 2016-10-05 14:28 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-10-12 00:22 - 2016-10-05 14:28 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2016-10-12 00:22 - 2016-10-05 14:28 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2016-10-12 00:22 - 2016-10-05 14:28 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-10-12 00:22 - 2016-10-05 14:28 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.dll
2016-10-12 00:22 - 2016-10-05 14:28 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.HostName.dll
2016-10-12 00:22 - 2016-10-05 14:27 - 00945664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-10-12 00:22 - 2016-10-05 14:27 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-10-12 00:22 - 2016-10-05 14:27 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.ServiceDiscovery.Dnssd.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 23680512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\daxexec.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovs.dll
2016-10-12 00:22 - 2016-10-05 14:26 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDeviceRegistration.Ngc.dll
2016-10-12 00:22 - 2016-10-05 14:25 - 01589248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-10-12 00:22 - 2016-10-05 14:25 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-10-12 00:22 - 2016-10-05 14:25 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dsreg.dll
2016-10-12 00:22 - 2016-10-05 14:25 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-10-12 00:22 - 2016-10-05 14:25 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthBroker.dll
2016-10-12 00:22 - 2016-10-05 14:24 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-12 00:22 - 2016-10-05 14:24 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.AllJoyn.dll
2016-10-12 00:22 - 2016-10-05 14:24 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Wallet.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2016-10-12 00:22 - 2016-10-05 14:23 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-10-12 00:22 - 2016-10-05 14:22 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-12 00:22 - 2016-10-05 14:22 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-10-12 00:22 - 2016-10-05 14:22 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-10-12 00:22 - 2016-10-05 14:22 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 08075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 01364992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 00310272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-10-12 00:22 - 2016-10-05 14:21 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-10-12 00:22 - 2016-10-05 14:20 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-10-12 00:22 - 2016-10-05 14:20 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-10-12 00:22 - 2016-10-05 14:20 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-10-12 00:22 - 2016-10-05 14:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-12 00:22 - 2016-10-05 14:19 - 02390016 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2016-10-12 00:22 - 2016-10-05 14:19 - 02265088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-10-12 00:22 - 2016-10-05 14:19 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-10-12 00:22 - 2016-10-05 14:19 - 00982528 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-12 00:22 - 2016-10-05 14:19 - 00779776 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscui.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 00983040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 00858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-10-12 00:22 - 2016-10-05 14:18 - 00759296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-12 00:22 - 2016-10-05 14:17 - 08126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-12 00:22 - 2016-10-05 14:17 - 04136960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-10-12 00:22 - 2016-10-05 14:17 - 02914304 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-10-12 00:22 - 2016-10-05 14:17 - 01493504 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-12 00:22 - 2016-10-05 14:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-12 00:22 - 2016-10-05 14:16 - 19418624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-12 00:22 - 2016-10-05 14:16 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-10-12 00:22 - 2016-10-05 14:16 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-12 00:22 - 2016-10-05 14:16 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-10-12 00:22 - 2016-10-05 14:16 - 00765440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2016-10-12 00:22 - 2016-10-05 14:16 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 07625728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-12 00:22 - 2016-10-05 14:15 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 01980416 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-10-12 00:22 - 2016-10-05 14:15 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 00774656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-10-12 00:22 - 2016-10-05 14:15 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dialclient.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 02667520 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 02476544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 01778176 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 01013760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-12 00:22 - 2016-10-05 14:14 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-10-12 00:22 - 2016-10-05 14:13 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-12 00:22 - 2016-10-05 14:13 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-10-12 00:22 - 2016-10-05 14:13 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-12 00:22 - 2016-10-05 14:12 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-10-12 00:22 - 2016-10-05 14:12 - 00998912 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2016-10-12 00:22 - 2016-10-05 14:12 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-10-12 00:22 - 2016-10-05 14:11 - 12174848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-12 00:22 - 2016-10-05 14:11 - 06108672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-10-12 00:22 - 2016-10-05 14:11 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-12 00:22 - 2016-10-05 14:11 - 03496960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-12 00:22 - 2016-10-05 14:11 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-10-12 00:22 - 2016-10-05 14:10 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-10-12 00:22 - 2016-10-05 14:09 - 07467520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-10-12 00:22 - 2016-10-05 14:09 - 03369984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-10-12 00:22 - 2016-10-05 14:09 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-12 00:22 - 2016-10-05 14:09 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-10-12 00:22 - 2016-10-05 14:09 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-12 00:22 - 2016-10-05 14:09 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-10-12 00:22 - 2016-10-05 14:08 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-12 00:22 - 2016-10-05 14:08 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-10-12 00:22 - 2016-10-05 14:08 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-10-12 00:22 - 2016-10-05 14:07 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-10-12 00:22 - 2016-10-05 14:06 - 02254336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-10-12 00:22 - 2016-10-05 14:06 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-12 00:22 - 2016-10-05 14:05 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-10-12 00:22 - 2016-10-05 14:05 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-10-12 00:22 - 2016-10-05 05:01 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-12 00:22 - 2016-09-07 10:34 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-10-10 22:54 - 2016-10-10 22:54 - 00011062 _____ C:\Users\user\Documents\Last Resort APP.txt
2016-10-05 06:53 - 2016-10-05 06:53 - 00000000 ____D C:\Users\user\Documents\Heroes of the Storm
2016-10-03 21:43 - 2016-10-03 21:43 - 00048684 _____ C:\Users\user\Downloads\deadpool-2016-1080p-bluray-x264-sparks-rarbg-english-83738.zip
2016-10-03 21:43 - 2016-04-27 12:59 - 00126488 ____N C:\Users\user\Desktop\Deadpool.2016.1080p.BluRay.x264-[YTS.AG] eng.srt
2016-09-30 19:53 - 2016-09-15 23:14 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-09-30 19:53 - 2016-09-15 22:40 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2016-09-30 19:53 - 2016-09-15 22:35 - 00455040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DolbyDecMFT.dll
2016-09-30 19:53 - 2016-09-15 22:33 - 00083120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-09-30 19:53 - 2016-09-15 22:30 - 00646136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-09-30 19:53 - 2016-09-15 22:30 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-09-30 19:53 - 2016-09-15 22:29 - 01377016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2016-09-30 19:53 - 2016-09-15 22:29 - 01117024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2016-09-30 19:53 - 2016-09-15 22:29 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-09-30 19:53 - 2016-09-15 22:29 - 00512416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-09-30 19:53 - 2016-09-15 22:29 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2016-09-30 19:53 - 2016-09-15 22:28 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DolbyDecMFT.dll
2016-09-30 19:53 - 2016-09-15 22:27 - 05622088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-09-30 19:53 - 2016-09-15 22:27 - 00553312 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-09-30 19:53 - 2016-09-15 22:27 - 00434528 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-09-30 19:53 - 2016-09-15 22:25 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-30 19:53 - 2016-09-15 22:23 - 00170960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-09-30 19:53 - 2016-09-15 22:22 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2016-09-30 19:53 - 2016-09-15 22:22 - 00860512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-09-30 19:53 - 2016-09-15 22:21 - 01218912 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-09-30 19:53 - 2016-09-15 22:21 - 01000288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-09-30 19:53 - 2016-09-15 22:20 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-09-30 19:53 - 2016-09-15 22:20 - 00634944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-09-30 19:53 - 2016-09-15 22:18 - 01201872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-09-30 19:53 - 2016-09-15 22:18 - 01123368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-09-30 19:53 - 2016-09-15 22:18 - 00955528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-09-30 19:53 - 2016-09-15 22:18 - 00404832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-09-30 19:53 - 2016-09-15 22:16 - 02190176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-09-30 19:53 - 2016-09-15 22:16 - 01292640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-09-30 19:53 - 2016-09-15 22:16 - 01157000 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2016-09-30 19:53 - 2016-09-15 22:16 - 00657760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-09-30 19:53 - 2016-09-15 22:16 - 00527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-09-30 19:53 - 2016-09-15 22:15 - 00649568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-09-30 19:53 - 2016-09-15 22:15 - 00341936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-09-30 19:53 - 2016-09-15 22:15 - 00218976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-09-30 19:53 - 2016-09-15 22:14 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-09-30 19:53 - 2016-09-15 22:14 - 00119648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wcifs.sys
2016-09-30 19:53 - 2016-09-15 22:13 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-09-30 19:53 - 2016-09-15 22:13 - 00113504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-09-30 19:53 - 2016-09-15 22:12 - 08158672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-09-30 19:53 - 2016-09-15 22:12 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-09-30 19:53 - 2016-09-15 22:11 - 04673296 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-09-30 19:53 - 2016-09-15 22:11 - 00773168 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-09-30 19:53 - 2016-09-15 22:10 - 01600632 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-09-30 19:53 - 2016-09-15 22:10 - 00918848 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-09-30 19:53 - 2016-09-15 22:06 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-09-30 19:53 - 2016-09-15 22:06 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-09-30 19:53 - 2016-09-15 22:06 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-09-30 19:53 - 2016-09-15 22:06 - 00387872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-09-30 19:53 - 2016-09-15 22:06 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-09-30 19:53 - 2016-09-15 22:03 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-09-30 19:53 - 2016-09-15 22:03 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TempSignedLicenseExchangeTask.dll
2016-09-30 19:53 - 2016-09-15 22:03 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcconf.dll
2016-09-30 19:53 - 2016-09-15 22:02 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll
2016-09-30 19:53 - 2016-09-15 22:01 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\findnetprinters.dll
2016-09-30 19:53 - 2016-09-15 22:00 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-09-30 19:53 - 2016-09-15 21:59 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovslegacy.dll
2016-09-30 19:53 - 2016-09-15 21:58 - 00491008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-09-30 19:53 - 2016-09-15 21:58 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlancfg.dll
2016-09-30 19:53 - 2016-09-15 21:57 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.LowLevel.dll
2016-09-30 19:53 - 2016-09-15 21:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-09-30 19:53 - 2016-09-15 21:56 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-09-30 19:53 - 2016-09-15 21:56 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVolSSO.dll
2016-09-30 19:53 - 2016-09-15 21:56 - 00265728 _____ C:\WINDOWS\SysWOW64\Windows.Perception.Stub.dll
2016-09-30 19:53 - 2016-09-15 21:56 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2016-09-30 19:53 - 2016-09-15 21:56 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManagerApi.dll
2016-09-30 19:53 - 2016-09-15 21:55 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.FaceAnalysis.dll
2016-09-30 19:53 - 2016-09-15 21:55 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-09-30 19:53 - 2016-09-15 21:55 - 00213504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.CredDialogController.dll
2016-09-30 19:53 - 2016-09-15 21:55 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 19:53 - 2016-09-15 21:55 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-09-30 19:53 - 2016-09-15 21:54 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-09-30 19:53 - 2016-09-15 21:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2016-09-30 19:53 - 2016-09-15 21:54 - 00431104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprdim.dll
2016-09-30 19:53 - 2016-09-15 21:53 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll
2016-09-30 19:53 - 2016-09-15 21:53 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2016-09-30 19:53 - 2016-09-15 21:52 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-09-30 19:53 - 2016-09-15 21:51 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-09-30 19:53 - 2016-09-15 21:51 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CryptoWinRT.dll
2016-09-30 19:53 - 2016-09-15 21:50 - 07219200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-09-30 19:53 - 2016-09-15 21:50 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll
2016-09-30 19:53 - 2016-09-15 21:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-09-30 19:53 - 2016-09-15 21:49 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-09-30 19:53 - 2016-09-15 21:49 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-09-30 19:53 - 2016-09-15 21:47 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-09-30 19:53 - 2016-09-15 21:47 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll
2016-09-30 19:53 - 2016-09-15 21:46 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2016-09-30 19:53 - 2016-09-15 21:46 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-09-30 19:53 - 2016-09-15 21:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ffbroker.dll
2016-09-30 19:53 - 2016-09-15 21:44 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAC3ENC.DLL
2016-09-30 19:53 - 2016-09-15 21:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imapi2.dll
2016-09-30 19:53 - 2016-09-15 21:43 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll
2016-09-30 19:53 - 2016-09-15 21:43 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll
2016-09-30 19:53 - 2016-09-15 21:43 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\splwow64.exe
2016-09-30 19:53 - 2016-09-15 21:43 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2016-09-30 19:53 - 2016-09-15 21:43 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmintegrator.dll
2016-09-30 19:53 - 2016-09-15 21:42 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-09-30 19:53 - 2016-09-15 21:42 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-09-30 19:53 - 2016-09-15 21:41 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_47.dll
2016-09-30 19:53 - 2016-09-15 21:41 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Printers.dll
2016-09-30 19:53 - 2016-09-15 21:41 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\NfcRadioMedia.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 05061120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Midi.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2016-09-30 19:53 - 2016-09-15 21:40 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-09-30 19:53 - 2016-09-15 21:39 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-09-30 19:53 - 2016-09-15 21:39 - 00547840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2016-09-30 19:53 - 2016-09-15 21:39 - 00418304 _____ C:\WINDOWS\system32\Windows.Perception.Stub.dll
2016-09-30 19:53 - 2016-09-15 21:39 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2016-09-30 19:53 - 2016-09-15 21:39 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-09-30 19:53 - 2016-09-15 21:39 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 01291264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVPXENC.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-09-30 19:53 - 2016-09-15 21:38 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-09-30 19:53 - 2016-09-15 21:38 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-09-30 19:53 - 2016-09-15 21:38 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintWSDAHost.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdh.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00390144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Search.ProtocolHandler.MAPI2.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2016-09-30 19:53 - 2016-09-15 21:37 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsregcmd.exe
2016-09-30 19:53 - 2016-09-15 21:36 - 00456192 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-09-30 19:53 - 2016-09-15 21:36 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-09-30 19:53 - 2016-09-15 21:36 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovslegacy.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Vpn.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprdim.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvc.dll
2016-09-30 19:53 - 2016-09-15 21:35 - 00252416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 19:53 - 2016-09-15 21:34 - 00671744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-09-30 19:53 - 2016-09-15 21:34 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2016-09-30 19:53 - 2016-09-15 21:34 - 00424960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-09-30 19:53 - 2016-09-15 21:33 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-09-30 19:53 - 2016-09-15 21:33 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprapi.dll
2016-09-30 19:53 - 2016-09-15 21:32 - 01037312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nettrace.dll
2016-09-30 19:53 - 2016-09-15 21:32 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-09-30 19:53 - 2016-09-15 21:31 - 01912320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2016-09-30 19:53 - 2016-09-15 21:31 - 01553408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2016-09-30 19:53 - 2016-09-15 21:31 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll
2016-09-30 19:53 - 2016-09-15 21:31 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-09-30 19:53 - 2016-09-15 21:30 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-09-30 19:53 - 2016-09-15 21:30 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2016-09-30 19:53 - 2016-09-15 21:30 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-09-30 19:53 - 2016-09-15 21:30 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll
2016-09-30 19:53 - 2016-09-15 21:29 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2016-09-30 19:53 - 2016-09-15 21:29 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-09-30 19:53 - 2016-09-15 21:29 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-09-30 19:53 - 2016-09-15 21:28 - 03288064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2016-09-30 19:53 - 2016-09-15 21:28 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwcreator.exe
2016-09-30 19:53 - 2016-09-15 21:28 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 19:53 - 2016-09-15 21:28 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-09-30 19:53 - 2016-09-15 21:27 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\manage-bde.exe
2016-09-30 19:53 - 2016-09-15 21:27 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvenotify.exe
2016-09-30 19:53 - 2016-09-15 21:27 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Sens.dll
2016-09-30 19:53 - 2016-09-15 21:26 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-09-30 19:53 - 2016-09-15 21:26 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2016-09-30 19:53 - 2016-09-15 21:26 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-09-30 19:53 - 2016-09-15 21:26 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeui.dll
2016-09-30 19:53 - 2016-09-15 21:25 - 00947200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2016-09-30 19:53 - 2016-09-15 21:25 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-09-30 19:53 - 2016-09-15 21:25 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll
2016-09-30 19:53 - 2016-09-15 21:25 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2016-09-30 19:53 - 2016-09-15 21:24 - 01080320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2016-09-30 19:53 - 2016-09-15 21:23 - 03405824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-09-30 19:53 - 2016-09-15 21:23 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-09-30 19:53 - 2016-09-15 21:23 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-09-30 19:53 - 2016-09-15 21:23 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2016-09-30 19:53 - 2016-09-15 21:23 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-09-30 19:53 - 2016-09-15 21:22 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-09-30 19:53 - 2016-09-15 21:22 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-09-30 19:53 - 2016-09-15 21:22 - 01586176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-09-30 19:53 - 2016-09-15 21:22 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-09-30 19:53 - 2016-09-15 21:21 - 02538496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-09-30 19:53 - 2016-09-15 21:21 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2016-09-30 19:53 - 2016-09-15 21:21 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-09-30 19:53 - 2016-09-15 21:21 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-09-30 19:53 - 2016-09-15 21:20 - 01535488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpeechPal.dll
2016-09-30 19:53 - 2016-09-15 21:20 - 01266176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-09-30 19:53 - 2016-09-15 21:20 - 00845824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2016-09-30 19:53 - 2016-09-15 21:20 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-09-30 19:53 - 2016-09-15 21:20 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-09-30 19:53 - 2016-09-15 21:19 - 03202048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-09-30 19:53 - 2016-09-15 21:19 - 01130496 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-09-30 19:53 - 2016-09-15 21:19 - 00903680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-09-30 19:53 - 2016-09-15 21:19 - 00788992 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-09-30 19:53 - 2016-09-15 21:19 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-09-30 19:53 - 2016-09-15 21:19 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-09-30 19:53 - 2016-09-15 21:16 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2016-09-30 19:53 - 2016-09-15 21:16 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-09-30 19:53 - 2016-09-15 21:16 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2016-09-30 19:53 - 2016-09-15 21:16 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\tspubwmi.dll
2016-09-30 19:53 - 2016-09-15 21:16 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2016-09-30 19:53 - 2016-08-05 13:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll
2016-09-30 19:53 - 2016-08-05 13:29 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll
2016-09-30 19:52 - 2016-09-15 22:37 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-09-30 19:52 - 2016-09-15 22:37 - 00496872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-09-30 19:52 - 2016-09-15 22:37 - 00402352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-09-30 19:52 - 2016-09-15 22:35 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-09-30 19:52 - 2016-09-15 22:32 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-09-30 19:52 - 2016-09-15 22:29 - 00823136 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVClient.exe
2016-09-30 19:52 - 2016-09-15 22:29 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppVEntVirtualization.dll
2016-09-30 19:52 - 2016-09-15 22:29 - 00424640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-09-30 19:52 - 2016-09-15 22:29 - 00218008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-09-30 19:52 - 2016-09-15 22:29 - 00169056 _____ (Microsoft Corporation) C:\WINDOWS\system32\skci.dll
2016-09-30 19:52 - 2016-09-15 22:29 - 00127328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\AppVStrm.sys
2016-09-30 19:52 - 2016-09-15 22:29 - 00074080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-09-30 19:52 - 2016-09-15 22:29 - 00023392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2016-09-30 19:52 - 2016-09-15 22:27 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-09-30 19:52 - 2016-09-15 22:27 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-09-30 19:52 - 2016-09-15 22:26 - 00090400 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-09-30 19:52 - 2016-09-15 22:25 - 00340320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-09-30 19:52 - 2016-09-15 22:25 - 00280472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdeunlock.exe
2016-09-30 19:52 - 2016-09-15 22:25 - 00262960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-09-30 19:52 - 2016-09-15 22:24 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-09-30 19:52 - 2016-09-15 22:23 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-09-30 19:52 - 2016-09-15 22:22 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-09-30 19:52 - 2016-09-15 22:22 - 00433832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-09-30 19:52 - 2016-09-15 22:21 - 00272720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-09-30 19:52 - 2016-09-15 22:19 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll
2016-09-30 19:52 - 2016-09-15 22:18 - 06654616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-09-30 19:52 - 2016-09-15 22:18 - 00856872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-09-30 19:52 - 2016-09-15 22:18 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-09-30 19:52 - 2016-09-15 22:17 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-09-30 19:52 - 2016-09-15 22:16 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-09-30 19:52 - 2016-09-15 22:16 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-09-30 19:52 - 2016-09-15 22:16 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-09-30 19:52 - 2016-09-15 22:16 - 00206096 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-09-30 19:52 - 2016-09-15 22:15 - 00557408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-09-30 19:52 - 2016-09-15 22:15 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-09-30 19:52 - 2016-09-15 22:15 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-09-30 19:52 - 2016-09-15 22:15 - 00130912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-09-30 19:52 - 2016-09-15 22:14 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-09-30 19:52 - 2016-09-15 22:14 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-09-30 19:52 - 2016-09-15 22:14 - 00988512 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-09-30 19:52 - 2016-09-15 22:14 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-09-30 19:52 - 2016-09-15 22:14 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-09-30 19:52 - 2016-09-15 22:14 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-09-30 19:52 - 2016-09-15 22:12 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 01300600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 00862064 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 00725664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2016-09-30 19:52 - 2016-09-15 22:11 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll
2016-09-30 19:52 - 2016-09-15 22:08 - 05683712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-09-30 19:52 - 2016-09-15 22:07 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-09-30 19:52 - 2016-09-15 22:07 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-09-30 19:52 - 2016-09-15 22:07 - 00128864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-09-30 19:52 - 2016-09-15 22:06 - 01046880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-09-30 19:52 - 2016-09-15 22:06 - 00372440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-09-30 19:52 - 2016-09-15 22:01 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Radios.dll
2016-09-30 19:52 - 2016-09-15 22:00 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdh.dll
2016-09-30 19:52 - 2016-09-15 22:00 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-09-30 19:52 - 2016-09-15 22:00 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-09-30 19:52 - 2016-09-15 21:59 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unimdm.tsp
2016-09-30 19:52 - 2016-09-15 21:59 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinRtTracing.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Search.ProtocolHandler.MAPI2.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFi.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SerialCommunication.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 19:52 - 2016-09-15 21:58 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.System.UserDeviceAssociation.dll
2016-09-30 19:52 - 2016-09-15 21:57 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Gaming.Input.dll
2016-09-30 19:52 - 2016-09-15 21:57 - 00315904 _____ (Microsoft Corporation)
Attached Files
File Type: txt attach.txt (8.9 KB, 17 views)
Psychosis is offline  
Old 10-24-2016, 06:29 AM   #6
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



C:\WINDOWS\SysWOW64\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 19:52 - 2016-09-15 21:57 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncSettings.dll
2016-09-30 19:52 - 2016-09-15 21:57 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-09-30 19:52 - 2016-09-15 21:57 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 01300480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVPXENC.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.PointOfService.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 00257536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DataExchange.dll
2016-09-30 19:52 - 2016-09-15 21:56 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Core.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.SmartCards.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetworkCollectionAgent.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.WiFiDirect.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WwaApi.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Identity.Provider.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00152064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-09-30 19:52 - 2016-09-15 21:55 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-09-30 19:52 - 2016-09-15 21:54 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Ocr.dll
2016-09-30 19:52 - 2016-09-15 21:54 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-09-30 19:52 - 2016-09-15 21:54 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Picker.dll
2016-09-30 19:52 - 2016-09-15 21:53 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-09-30 19:52 - 2016-09-15 21:53 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-09-30 19:52 - 2016-09-15 21:53 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 01358336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NaturalLanguage6.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprapi.dll
2016-09-30 19:52 - 2016-09-15 21:52 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-09-30 19:52 - 2016-09-15 21:52 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-09-30 19:52 - 2016-09-15 21:51 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprddm.dll
2016-09-30 19:52 - 2016-09-15 21:50 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pwrshplugin.dll
2016-09-30 19:52 - 2016-09-15 21:49 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-09-30 19:52 - 2016-09-15 21:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll
2016-09-30 19:52 - 2016-09-15 21:48 - 01321472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll
2016-09-30 19:52 - 2016-09-15 21:48 - 01320448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-09-30 19:52 - 2016-09-15 21:48 - 01112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll
2016-09-30 19:52 - 2016-09-15 21:47 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2016-09-30 19:52 - 2016-09-15 21:47 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Energy.dll
2016-09-30 19:52 - 2016-09-15 21:46 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-09-30 19:52 - 2016-09-15 21:46 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll
2016-09-30 19:52 - 2016-09-15 21:46 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 19:52 - 2016-09-15 21:46 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-09-30 19:52 - 2016-09-15 21:45 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2016-09-30 19:52 - 2016-09-15 21:45 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-09-30 19:52 - 2016-09-15 21:45 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.BackgroundMediaPlayer.dll
2016-09-30 19:52 - 2016-09-15 21:45 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2016-09-30 19:52 - 2016-09-15 21:44 - 02153984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-09-30 19:52 - 2016-09-15 21:44 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Playback.MediaPlayer.dll
2016-09-30 19:52 - 2016-09-15 21:44 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-09-30 19:52 - 2016-09-15 21:43 - 03520512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xpsrchvw.exe
2016-09-30 19:52 - 2016-09-15 21:43 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-09-30 19:52 - 2016-09-15 21:43 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll
2016-09-30 19:52 - 2016-09-15 21:43 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-09-30 19:52 - 2016-09-15 21:43 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2016-09-30 19:52 - 2016-09-15 21:42 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-09-30 19:52 - 2016-09-15 21:42 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_sr.dll
2016-09-30 19:52 - 2016-09-15 21:42 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\system32\nltest.exe
2016-09-30 19:52 - 2016-09-15 21:42 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhvr.sys
2016-09-30 19:52 - 2016-09-15 21:42 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundMediaPolicy.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Geolocation.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2016-09-30 19:52 - 2016-09-15 21:41 - 00259072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2016-09-30 19:52 - 2016-09-15 21:41 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Authentication.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-09-30 19:52 - 2016-09-15 21:40 - 01988096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.XboxLive.Storage.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Background.SystemEventsBroker.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2016-09-30 19:52 - 2016-09-15 21:40 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.UserDeviceAssociation.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Maps.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Phone.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneBackupHandler.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-09-30 19:52 - 2016-09-15 21:39 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00773120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-09-30 19:52 - 2016-09-15 21:38 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkCollectionAgent.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00573952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrGidsHandler.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmrdvcore.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsvcext.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.Phone.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SerialCommunication.dll
2016-09-30 19:52 - 2016-09-15 21:38 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 01507840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.SmartCards.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00568320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.LowLevel.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00296448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlancfg.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-09-30 19:52 - 2016-09-15 21:37 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00719360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-09-30 19:52 - 2016-09-15 21:36 - 00648192 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TpmCoreProvisioning.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.CredDialogController.dll
2016-09-30 19:52 - 2016-09-15 21:36 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-09-30 19:52 - 2016-09-15 21:35 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00472064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataExchange.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-09-30 19:52 - 2016-09-15 21:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\rshx32.dll
2016-09-30 19:52 - 2016-09-15 21:34 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll
2016-09-30 19:52 - 2016-09-15 21:34 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-09-30 19:52 - 2016-09-15 21:34 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2016-09-30 19:52 - 2016-09-15 21:34 - 00284160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-09-30 19:52 - 2016-09-15 21:33 - 03753984 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootux.dll
2016-09-30 19:52 - 2016-09-15 21:33 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-09-30 19:52 - 2016-09-15 21:33 - 00966144 _____ (Microsoft Corporation) C:\WINDOWS\system32\sbe.dll
2016-09-30 19:52 - 2016-09-15 21:33 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2016-09-30 19:52 - 2016-09-15 21:33 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-09-30 19:52 - 2016-09-15 21:32 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-09-30 19:52 - 2016-09-15 21:32 - 00634368 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-09-30 19:52 - 2016-09-15 21:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\pwrshplugin.dll
2016-09-30 19:52 - 2016-09-15 21:30 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-09-30 19:52 - 2016-09-15 21:30 - 01639424 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-09-30 19:52 - 2016-09-15 21:30 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2016-09-30 19:52 - 2016-09-15 21:30 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-09-30 19:52 - 2016-09-15 21:30 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2016-09-30 19:52 - 2016-09-15 21:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\baaupdate.exe
2016-09-30 19:52 - 2016-09-15 21:29 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundMediaPlayback.dll
2016-09-30 19:52 - 2016-09-15 21:29 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-09-30 19:52 - 2016-09-15 21:29 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RelPost.exe
2016-09-30 19:52 - 2016-09-15 21:28 - 00864256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2016-09-30 19:52 - 2016-09-15 21:28 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-09-30 19:52 - 2016-09-15 21:28 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveprompt.exe
2016-09-30 19:52 - 2016-09-15 21:27 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-09-30 19:52 - 2016-09-15 21:27 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-09-30 19:52 - 2016-09-15 21:27 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAC3ENC.DLL
2016-09-30 19:52 - 2016-09-15 21:26 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2016-09-30 19:52 - 2016-09-15 21:26 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdechangepin.exe
2016-09-30 19:52 - 2016-09-15 21:25 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-09-30 19:52 - 2016-09-15 21:25 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-09-30 19:52 - 2016-09-15 21:25 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundMediaPolicy.dll
2016-09-30 19:52 - 2016-09-15 21:24 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\system32\xpsrchvw.exe
2016-09-30 19:52 - 2016-09-15 21:24 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-09-30 19:52 - 2016-09-15 21:24 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-09-30 19:52 - 2016-09-15 21:24 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Geolocation.dll
2016-09-30 19:52 - 2016-09-15 21:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-09-30 19:52 - 2016-09-15 21:23 - 04474368 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2016-09-30 19:52 - 2016-09-15 21:23 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2016-09-30 19:52 - 2016-09-15 21:23 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-09-30 19:52 - 2016-09-15 21:23 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2016-09-30 19:52 - 2016-09-15 21:23 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Midi.dll
2016-09-30 19:52 - 2016-09-15 21:22 - 05611008 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-09-30 19:52 - 2016-09-15 21:22 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2016-09-30 19:52 - 2016-09-15 21:22 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-09-30 19:52 - 2016-09-15 21:22 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-09-30 19:52 - 2016-09-15 21:21 - 00971264 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-09-30 19:52 - 2016-09-15 21:20 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2016-09-30 19:52 - 2016-09-15 21:20 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-09-30 19:52 - 2016-09-15 21:20 - 01710080 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-09-30 19:52 - 2016-09-15 21:20 - 01275392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-09-30 19:52 - 2016-09-15 21:20 - 00875520 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-09-30 19:52 - 2016-09-15 21:19 - 01424896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2016-09-30 19:52 - 2016-09-15 21:18 - 01369088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2016-09-30 19:52 - 2016-09-15 21:18 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-09-30 19:52 - 2016-09-15 21:17 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-09-30 19:52 - 2016-09-15 21:17 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-09-30 19:52 - 2016-09-15 21:16 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll
2016-09-30 19:52 - 2016-09-15 21:16 - 00531456 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCoreProvisioning.dll
2016-09-30 19:52 - 2016-08-06 08:34 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2016-09-30 19:52 - 2016-08-06 08:33 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll
2016-09-25 23:18 - 2016-09-25 23:19 - 02043049 _____ C:\Users\user\Downloads\BigWigs-v12.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-24 18:17 - 2016-04-25 05:23 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
2016-10-24 18:16 - 2016-09-23 10:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-24 18:16 - 2016-09-23 10:16 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-10-24 18:16 - 2016-09-23 10:16 - 00000000 ____D C:\ProgramData\NVIDIA
2016-10-24 18:16 - 2016-09-23 10:15 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-10-24 18:16 - 2016-04-16 15:12 - 00000000 __SHD C:\Users\user\IntelGraphicsProfiles
2016-10-24 15:47 - 2016-06-03 06:16 - 03309748 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-24 15:38 - 2016-05-02 11:54 - 00000000 ____D C:\Users\user\AppData\Local\Battle.net
2016-10-24 11:41 - 2016-05-02 11:48 - 00000000 ____D C:\Program Files (x86)\Battle.net
2016-10-24 04:46 - 2016-07-16 11:04 - 01310720 _____ C:\WINDOWS\system32\config\BBI
2016-10-24 04:12 - 2016-04-16 09:22 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2016-10-24 03:22 - 2014-01-29 14:19 - 00006805 _____ C:\Users\user\Desktop\Note.txt
2016-10-24 01:42 - 2016-08-07 18:57 - 00000000 ____D C:\Users\user\AppData\Roaming\uTorrent
2016-10-24 00:39 - 2016-09-23 10:19 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-10-24 00:39 - 2016-09-08 05:37 - 00001084 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2016-10-24 00:39 - 2016-09-05 14:21 - 00002120 _____ C:\Users\Public\Desktop\ViewNX 2.lnk
2016-10-24 00:39 - 2016-08-03 16:48 - 00000928 _____ C:\Users\Public\Desktop\World of Warcraft.lnk
2016-10-24 00:39 - 2016-06-13 14:31 - 00001157 _____ C:\Users\Public\Desktop\Overwatch.lnk
2016-10-24 00:39 - 2016-06-03 07:37 - 00002358 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-10-24 00:39 - 2016-05-02 11:53 - 00001150 _____ C:\Users\Public\Desktop\Battle.net.lnk
2016-10-24 00:39 - 2016-04-25 05:23 - 00002707 _____ C:\Users\Public\Desktop\Skype.lnk
2016-10-24 00:39 - 2016-04-24 20:55 - 00001444 _____ C:\Users\Public\Desktop\GeForce Experience.lnk
2016-10-24 00:39 - 2016-04-16 15:10 - 00000712 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2016-10-24 00:39 - 2016-04-16 15:10 - 00000706 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-10-24 00:39 - 2016-04-16 09:21 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-10-24 00:39 - 2016-04-16 09:21 - 00002033 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2016-10-24 00:39 - 2016-04-16 09:21 - 00001116 _____ C:\Users\Public\Desktop\Picasa 3.lnk
2016-10-24 00:38 - 2016-09-08 05:37 - 00001078 _____ C:\Users\user\Desktop\Curse.lnk
2016-10-24 00:38 - 2016-07-20 22:15 - 00002228 _____ C:\Users\user\Desktop\Discord.lnk
2016-10-24 00:38 - 2016-06-19 06:28 - 00001994 _____ C:\Users\user\Desktop\Heroes of Newerth.lnk
2016-10-24 00:38 - 2016-05-27 07:26 - 00002276 _____ C:\Users\user\Desktop\ZenMate.lnk
2016-10-24 00:38 - 2016-04-16 17:00 - 00001077 _____ C:\Users\user\Desktop\Steam - Shortcut.lnk
2016-10-24 00:37 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\Provisioning
2016-10-23 19:23 - 2016-06-13 03:32 - 00000000 ____D C:\Program Files (x86)\Overwatch
2016-10-23 19:18 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-23 00:24 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-22 15:04 - 2016-04-16 15:07 - 00000000 ____D C:\ProgramData\Package Cache
2016-10-22 14:35 - 2016-07-16 16:45 - 00000000 ____D C:\WINDOWS\INF
2016-10-22 13:38 - 2016-04-16 19:11 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieUserList
2016-10-22 13:38 - 2016-04-16 09:21 - 00000000 __SHD C:\Users\user\AppData\LocalLow\EmieSiteList
2016-10-22 13:36 - 2016-04-16 09:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-10-21 21:55 - 2016-06-16 16:45 - 00000000 ____D C:\Program Files (x86)\Heroes of Newerth
2016-10-21 18:40 - 2016-07-16 16:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-19 13:37 - 2016-04-25 05:23 - 00000000 ____D C:\ProgramData\Skype
2016-10-19 04:52 - 2016-09-08 05:37 - 00000000 ____D C:\Users\user\AppData\Roaming\Curse Client
2016-10-18 22:38 - 2016-07-16 16:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-17 23:23 - 2016-07-20 22:15 - 00000000 ____D C:\Users\user\AppData\Roaming\discord
2016-10-17 18:38 - 2016-06-26 13:17 - 00000000 ____D C:\Users\user\AppData\Local\ElevatedDiagnostics
2016-10-14 12:13 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\rescache
2016-10-12 20:42 - 2016-04-27 11:42 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-12 20:41 - 2016-09-23 10:15 - 00337864 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-10-12 15:07 - 2016-07-16 16:47 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-10-12 13:22 - 2016-04-18 08:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-12 13:19 - 2016-04-18 08:09 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-12 00:00 - 2016-07-16 16:43 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll
2016-10-12 00:00 - 2016-07-16 16:42 - 00177664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Diagnostics.dll
2016-10-05 15:18 - 2016-09-23 23:13 - 00000000 ____D C:\Windows.old
2016-10-04 01:09 - 2016-07-16 16:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-10-04 01:09 - 2016-07-16 16:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-10-01 06:56 - 2016-07-16 19:29 - 00000000 ____D C:\Program Files\Windows Defender Advanced Threat Protection
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\setup
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-01 06:56 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-10-01 06:56 - 2016-07-16 11:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-10-01 06:56 - 2016-07-16 11:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-10-01 06:56 - 2016-07-16 11:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-09-24 03:43 - 2016-07-16 16:47 - 00000000 ____D C:\WINDOWS\appcompat

==================== Files in the root of some directories =======

2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\Users\user\AppData\Roaming\Action Clauses
2016-10-23 23:55 - 2016-10-23 23:55 - 7214592 _____ () C:\Users\user\AppData\Roaming\agent.dat
2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\Users\user\AppData\Roaming\Alerts
2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\Users\user\AppData\Roaming\Ambience
2016-09-05 14:20 - 2016-09-05 14:20 - 0000268 ___RH () C:\Users\user\AppData\Roaming\Audio
2016-10-23 23:55 - 2016-10-23 23:55 - 0140288 _____ () C:\Users\user\AppData\Roaming\Installer.dat
2016-10-23 23:55 - 2016-10-23 23:55 - 0018432 _____ () C:\Users\user\AppData\Roaming\Main.dat
2016-04-16 15:21 - 2016-04-16 15:21 - 0000027 _____ () C:\Users\user\AppData\Local\killertool.log
2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\ProgramData\Analog Mono
2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\ProgramData\Analog Pad
2016-09-05 14:21 - 2016-09-05 14:21 - 0000268 ___RH () C:\ProgramData\Analog Swirl
2016-09-05 14:20 - 2016-09-05 14:21 - 0000012 ___RH () C:\ProgramData\Automatic Filter
2016-09-05 14:21 - 2016-09-05 14:21 - 0000012 ___RH () C:\ProgramData\Basic Track
2016-09-05 14:21 - 2016-09-05 14:21 - 0000012 ___RH () C:\ProgramData\BSD
2016-09-05 14:20 - 2016-09-05 14:20 - 0000012 ___RH () C:\ProgramData\Clips
2016-09-05 14:20 - 2016-09-05 14:20 - 0000020 ____H () C:\ProgramData\PKP_DLeo.DAT
2016-09-05 14:21 - 2016-09-05 14:21 - 0000020 ____H () C:\ProgramData\PKP_DLes.DAT
2016-09-05 14:21 - 2016-09-05 14:22 - 0000020 ____H () C:\ProgramData\PKP_DLet.DAT
2016-09-05 14:21 - 2016-09-05 14:22 - 0000020 ____H () C:\ProgramData\PKP_DLev.DAT

Some files in TEMP:
====================
C:\Users\user\AppData\Local\Temp\Browser_V5.6.14087.902_f_4674_(Build1608021049).exe
C:\Users\user\AppData\Local\Temp\inst_buychannel_06.exe
C:\Users\user\AppData\Local\Temp\KuaiZip.exe
C:\Users\user\AppData\Local\Temp\libeay32.dll
C:\Users\user\AppData\Local\Temp\ludashisetup.exe
C:\Users\user\AppData\Local\Temp\msvcr120.dll
C:\Users\user\AppData\Local\Temp\nsu6793.tmpTest1.exe
C:\Users\user\AppData\Local\Temp\nsu6793.tmpTest2.exe
C:\Users\user\AppData\Local\Temp\nsu6793.tmpTest3.exe
C:\Users\user\AppData\Local\Temp\setup.exe
C:\Users\user\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-10-24 02:42

==================== End of FRST.txt ============================
Psychosis is offline  
Old 10-24-2016, 06:32 AM   #7
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



This is the latter scan, I will commence the Adware scan to the PC until it is complete.
Psychosis is offline  
Old 10-24-2016, 06:37 AM   #8
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



# AdwCleaner v6.030 - Logfile created 24/10/2016 at 15:45:22
# Updated on 19/10/2016 by Malwarebytes
# Database : 2016-10-23.2 [Server]
# Operating System : Windows 10 Pro (X64)
# Username : user - ABC
# Running from : C:\Users\user\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

Service Found: UCGuard
Service Found: ComputerZ_x64
Service Found: HpSvc


***** [ Folders ] *****

Folder Found: C:\users\user\AppData\Roaming\Kuaizip
Folder Found: C:\users\user\AppData\Roaming\KuaiZip
Folder Found: C:\users\user\AppData\Roaming\LuDaShi
Folder Found: C:\users\user\AppData\Roaming\lockhomepage
Folder Found: C:\users\user\AppData\Roaming\Softlink
Folder Found: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdckocnfhibclnnkifmjbbogcfkbijki


***** [ Files ] *****

File Found: C:\WINDOWS\SysNative\drivers\ucguard.sys
File Found: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdckocnfhibclnnkifmjbbogcfkbijki_0.localstorage
File Found: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fdckocnfhibclnnkifmjbbogcfkbijki_0.localstorage-journal


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

No malicious task found.


***** [ Registry ] *****

Key Found: HKLM\SOFTWARE\Classes\UCHTML
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.CRX
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTM
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.HTML
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.MHT
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTM
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.SHTML
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.WEBP
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHT
Key Found: HKLM\SOFTWARE\Classes\UCHTML.AssocFile.XHTML
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.apk
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found: HKLM\SOFTWARE\Classes\KuaiZip.zipx
Key Found: HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.001
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.002
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.003
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.004
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.005
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.006
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.007
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.008
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.009
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.01
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.010
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.011
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.012
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.013
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.014
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.015
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.016
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.017
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.018
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.019
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.02
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.020
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.021
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.022
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.023
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.024
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.025
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.026
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.027
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.028
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.029
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.03
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.030
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.031
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.032
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.033
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.034
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.035
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.036
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.037
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.038
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.039
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.04
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.040
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.041
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.042
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.043
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.044
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.045
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.046
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.047
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.048
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.049
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.05
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.050
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.051
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.052
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.053
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.054
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.055
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.056
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.057
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.058
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.059
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.06
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.060
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.061
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.062
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.063
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.064
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.065
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.066
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.067
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.068
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.069
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.07
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.070
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.071
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.072
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.073
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.074
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.075
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.076
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.077
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.078
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.079
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.08
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.080
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.081
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.082
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.083
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.084
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.085
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.086
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.087
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.088
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.089
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.09
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.090
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.091
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.092
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.093
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.094
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.095
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.096
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.097
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.098
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.099
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.7z
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.apk
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.arj
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.bz2
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.cab
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gz
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.gzip
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.jar
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.kz
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.lzh
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.mou
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rar
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.rpm
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tar
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tbz
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.tgz
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.wim
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.z
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zip
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip.zipx
Key Found: [x64] HKLM\SOFTWARE\Classes\KuaiZip_FileAsso.Origin
Key Found: HKLM\SOFTWARE\Classes\AppID\{9CC34070-3A38-4C7A-89CB-EF8177EF07A1}
Key Found: HKU\S-1-5-21-1856644154-649294106-3734618877-1001\Software\UCBrowser
Key Found: HKU\S-1-5-21-1856644154-649294106-3734618877-1001\Software\UCBrowserPID
Key Found: HKU\S-1-5-21-1856644154-649294106-3734618877-1001\Software\SNDA
Key Found: HKU\S-1-5-21-1856644154-649294106-3734618877-1001\Software\Ludashi
Key Found: HKCU\Software\UCBrowser
Key Found: HKCU\Software\UCBrowserPID
Key Found: HKCU\Software\SNDA
Key Found: HKCU\Software\Ludashi
Key Found: HKLM\SOFTWARE\UCBrowser
Key Found: HKLM\SOFTWARE\UCBrowserPID
Key Found: HKLM\SOFTWARE\HPRewriter
Key Found: [x64] HKCU\Software\UCBrowser
Key Found: [x64] HKCU\Software\UCBrowserPID
Key Found: [x64] HKCU\Software\SNDA
Key Found: [x64] HKCU\Software\Ludashi
Key Found: HKLM\SOFTWARE\Clients\StartMenuInternet\UCBrowser
Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\UCBrowser.exe
Value Found: HKLM\SOFTWARE\RegisteredApplications [UCBrowser]
Key Found: HKLM\SOFTWARE\Microsoft\MediaPlayer\ShimInclusionList\UCBrowser.exe


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - feed.sonic-search.com
Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - hdd-regenerator.en.softonic.com
Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found: [C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fdckocnfhibclnnkifmjbbogcfkbijki

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [16514 Bytes] - [24/10/2016 15:39:19]
C:\AdwCleaner\AdwCleaner[S1].txt - [16348 Bytes] - [24/10/2016 15:45:22]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [16422 Bytes] ##########

This the lastest of the two scans I did, after posting this here, I am going to begin another one until it is completed.
Psychosis is offline  
Old 10-24-2016, 10:04 AM   #9
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Update: Dear Chemist, I left my PC after clicking "Clean" for 2 hours+ but the result was same. I will try to find another PC and try those instructions, meanwhile can you assist me with something?
Psychosis is offline  
Old 10-24-2016, 11:02 AM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Psychosis. You already ran FRST so no need to download on another computer.

It appears you attached the second dds log, attach.txt, to your last reply, instead of the second FRST log, Addition.txt.

I need to see the Addition.txt log in order to proceed.

Also, I am at work, so don't expect an immediate reply.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-24-2016, 11:55 AM   #11
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



There you go, Thank you for your time.
Attached Files
File Type: txt Addition.txt (67.7 KB, 29 views)
Psychosis is offline  
Old 10-24-2016, 07:20 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Are you running a pirated version of Windows, Office, or both?

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-25-2016, 12:39 AM   #13
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



I bought the PC and got the original windows installed, I don't have the CD key to it though. They charged me like 70$ extra for these windows. Office came with it.
Psychosis is offline  
Old 10-25-2016, 07:27 PM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Who did you buy it from? You don't have a legal version of Windows or Office.

Unfortunately, it is this forums policy to only address machines with legal softwares.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-26-2016, 02:03 AM   #15
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



I bought it from a PC store from this plaza we have in our cities. Help is going to be discontinued. Just help me out, I think i have been scammed

I will update to original windows if it's a problem.
Psychosis is offline  
Old 10-26-2016, 06:40 PM   #16
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Sorry, we can't address machines with illegal Windows.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 10-28-2016, 12:52 AM   #17
Registered Member
 
Join Date: Mar 2009
Posts: 78
OS: Windows XP Server Pack 3



Please wait, i am working on updating the original windows.
Psychosis is offline  
Closed Thread

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
BSOD happening frequently
Hello, I bought a laptop recently for my studies and I was a bit reluctant to the idea of having windows 8.1 as I had the "opportunity" to see on friends computers how much I disliked it. But I couldn't really avoid it to get my brand new ASUS ROG JM551 so I finally purchased it. Now I'm having...
TraxXx44 BSOD, App Crashes And Hangs 1 05-19-2015 12:42 AM
BSOD special pool detected memory corruption
Im getting this BSOD lately when im playing games, browsing on the internet and generaly by using the pc. This is the report i have found in the event viewer: - <Event xmlns="https://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-Kernel-Power"...
Klavon BSOD, App Crashes And Hangs 13 04-04-2013 10:25 AM
Norton Security/firewall/svchost help
I have the problem with svchost taking all my cpu up, but i didnt want to post the same question... ive been wanting to fix my cpu but i still havent figured out what is wrong with it yet. just to dig deeper into the svchost process, i have 8 full pages in security history under tab firewall -...
Justin053191 Security and Firewalls 1 01-12-2012 02:20 PM
IE Explorer Home Page Default
My system administrator in his infinite wisdom has reset my home page to the company newsletter page. He has also somehow locked me out so I cannot change it. Is there any way to change out a locked home page? Thanks, Carl
aintnorock Internet Explorer & Edge Forum 1 01-04-2011 12:03 AM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 02:11 PM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts