Jump to content

ivkeboss

Members
 View Profile  See their activity

  • Posts

    13

  • Joined

  • Last visited

Reputation

0 Neutral
  1. ivkeboss
    Thanks Charlie, just 1 more question, when i uninstalled AdwCleaner , there was message "quarantine folder will be emptied", does that means malware is on my pc again, or is it just like recycle bin for windows beeing emptied ?
  2. ivkeboss
    Greetings Charlie checkup.txt : Results of screen317's Security Check version 0.99.80 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! ESET NOD32 Antivirus 6.0 Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Google Chrome 33.0.1750.146 Google Chrome 33.0.1750.154 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log``````````````````````
  3. ivkeboss
    Thank you Charlie for everything ...i feel so much better knowing my pc is clean. One more thing. Can i delete AdwCleaner and quarantine folder made by AdwCleaner in program files without releasing malware in my pc again, and can i also delete FRST with all logs.txt?
  4. ivkeboss
    Greetings Charlie AdwCleaner[s0].txt : # AdwCleaner v3.022 - Report created 17/03/2014 at 01:57:34 # Updated 13/03/2014 by Xplode# Operating System : Windows 8.1 Enterprise N (64 bits)# Username : Ivan - IVAN# Running from : C:\Users\Ivan\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBinFolder Deleted : C:\Users\Ivan\AppData\Local\ConduitFolder Deleted : C:\Users\Ivan\AppData\Local\NativeMessagingFolder Deleted : C:\Users\Ivan\AppData\Local\SearchProtectFolder Deleted : C:\Users\Ivan\AppData\Local\Temp\NativeMessagingFolder Deleted : C:\Users\Ivan\AppData\LocalLow\ConduitFile Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}Key Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\ConduitKey Deleted : HKCU\Software\AppDataLow\Software\SmartBar ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Google Chrome v33.0.1750.154 [ File : C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1417 octets] - [17/03/2014 01:52:58]AdwCleaner[R1].txt - [1477 octets] - [17/03/2014 01:54:46]AdwCleaner[s0].txt - [1391 octets] - [17/03/2014 01:57:34] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1451 octets] ########## Malwarebytes after quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.17.01 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16518Ivan :: IVAN [administrator] Protection: Disabled 3/17/2014 2:11:51 AMmbam-log-2014-03-17 (02-11-51).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 218742Time elapsed: 1 minute(s), 8 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) For now there is only one instance of "winlogon.exe" and 2 instances of "csrss.exe" .
  5. ivkeboss
    I cleaned temp files Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014Ran by Ivan at 2014-03-17 01:10:56 Run:1Running from C:\Users\Ivan\Desktop\New folderBoot Mode: Normal============================================== Content of fixlist:*****************C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exeC:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dllC:\Users\Ivan\AppData\Local\Temp\raptrpatch.exeC:\Users\Ivan\AppData\Local\Temp\safeguard.exeC:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dllC:\Windows\KMS\KMS.exeC:\Windows\KMSCHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect ***************** "C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exe" => File/Directory not found.C:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dll => Moved successfully."C:\Users\Ivan\AppData\Local\Temp\raptrpatch.exe" => File/Directory not found."C:\Users\Ivan\AppData\Local\Temp\safeguard.exe" => File/Directory not found."C:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll" => File/Directory not found.C:\Windows\KMS\KMS.exe => Moved successfully.C:\Windows\KMS => Moved successfully.HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully.C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully.HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully."C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found.KMS => Service deleted successfully.WinDivert1.1 => Unable to stop serviceWinDivert1.1 => Service deleted successfully.C:\Program Files (x86)\SearchProtect => Moved successfully. The system needed a reboot. ==== End of Fixlog ====
  6. ivkeboss
    FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Ivan (administrator) on IVAN on 17-03-2014 00:26:30Running from C:\Users\Ivan\Desktop\New folderWindows 8.1 Enterprise N (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe() C:\Windows\KMS\KMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-23] (Advanced Micro Devices, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1438085890-1962341810-462119800-1002\...\MountPoints2: E - "E:\Autorun.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93E496442430CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USBHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.0.1 Chrome: =======CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-15] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-15] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-15] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 00:24 - 2014-03-17 00:26 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder2014-03-16 15:08 - 2014-03-17 00:26 - 00000000 ____D () C:\FRST2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 12:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-13 18:10 - 2014-03-14 19:54 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump2014-03-06 00:06 - 2014-03-06 00:08 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe2014-03-03 20:48 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD2014-02-27 16:25 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\ATI Technologies2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log2014-02-27 14:56 - 2014-02-27 16:00 - 00000000 ____D () C:\AMD2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM2014-02-23 11:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll2014-02-23 11:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2014-02-23 11:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll2014-02-23 11:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll2014-02-23 11:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll2014-02-23 11:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll2014-02-23 11:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll2014-02-23 11:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll2014-02-23 11:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll2014-02-23 11:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll2014-02-23 11:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll2014-02-23 11:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll2014-02-23 11:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll2014-02-23 11:02 - 2014-02-23 11:03 - 00053710 _____ () C:\Windows\DirectX.log2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE2014-02-23 11:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll2014-02-23 11:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll2014-02-23 11:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll2014-02-23 11:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll2014-02-23 11:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll2014-02-23 11:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll2014-02-23 11:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll2014-02-23 11:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll2014-02-23 11:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll2014-02-23 11:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll2014-02-23 11:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll2014-02-23 11:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll2014-02-23 11:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll2014-02-23 11:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll2014-02-23 11:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll2014-02-23 11:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll2014-02-23 11:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll2014-02-23 11:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll2014-02-23 11:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll2014-02-23 11:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll2014-02-23 11:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll2014-02-23 11:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll2014-02-23 11:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll2014-02-23 11:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll2014-02-23 11:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll2014-02-23 11:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll2014-02-23 11:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll2014-02-23 11:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll2014-02-23 11:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll2014-02-23 11:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll2014-02-23 11:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll2014-02-23 11:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll2014-02-23 11:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll2014-02-23 11:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll2014-02-23 11:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll2014-02-23 11:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll2014-02-23 11:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll2014-02-23 11:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll2014-02-23 11:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll2014-02-23 11:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll2014-02-23 11:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll2014-02-23 11:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll2014-02-23 11:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll2014-02-23 11:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll2014-02-23 11:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll2014-02-23 11:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll2014-02-23 11:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll2014-02-23 11:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll2014-02-23 11:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll2014-02-23 11:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll2014-02-23 11:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll2014-02-23 11:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll2014-02-23 11:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll2014-02-23 11:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll2014-02-23 11:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll2014-02-23 11:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll2014-02-23 11:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll2014-02-23 11:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll2014-02-23 11:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit2014-02-23 00:51 - 2014-02-23 12:04 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent2014-02-19 21:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-19 21:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-19 21:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-19 21:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-19 21:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-19 21:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-19 21:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-19 21:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-19 21:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-19 21:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-19 21:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-19 21:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-19 21:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-19 21:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-19 21:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-19 21:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-19 21:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-19 21:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-19 21:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-19 21:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-19 21:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-19 21:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-19 21:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-19 21:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-19 21:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-19 21:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-19 21:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-19 21:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-19 21:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-19 21:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-19 21:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-19 21:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-19 21:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-19 21:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-19 21:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-19 21:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-19 21:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-19 21:13 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2014-02-19 21:13 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-02-19 21:13 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll2014-02-19 21:13 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll2014-02-19 21:13 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll2014-02-19 21:13 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll2014-02-19 21:13 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll2014-02-19 21:13 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll2014-02-19 21:13 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll2014-02-19 21:13 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe2014-02-19 21:13 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll2014-02-19 21:13 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll2014-02-19 21:13 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll2014-02-19 21:13 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-02-19 21:13 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll2014-02-19 21:13 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll2014-02-19 21:13 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll2014-02-19 21:13 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms2014-02-19 21:12 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe2014-02-19 21:12 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe2014-02-19 21:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-02-19 21:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-02-19 21:12 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-02-19 21:12 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-02-19 21:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-19 21:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-19 21:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-19 21:12 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll2014-02-19 21:12 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll2014-02-19 21:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-19 21:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-02-19 21:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-02-17 21:16 - 2014-03-13 18:53 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt ==================== One Month Modified Files and Folders ======= 2014-03-17 00:26 - 2014-03-17 00:24 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder2014-03-17 00:26 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST2014-03-17 00:24 - 2014-02-11 15:41 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-17 00:24 - 2014-02-11 15:39 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-17 00:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-17 00:24 - 2013-08-22 15:44 - 00471048 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-17 00:23 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan2014-03-17 00:23 - 2014-02-10 16:44 - 00065536 _____ () C:\Windows\system32\spu_storage.bin2014-03-17 00:23 - 2014-02-09 07:04 - 00014306 _____ () C:\Windows\PFRO.log2014-03-17 00:11 - 2014-02-10 20:03 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC8ACE5A-6730-4824-A6F2-447F938620E9}2014-03-17 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru2014-03-16 23:49 - 2014-02-10 20:00 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438085890-1962341810-462119800-10022014-03-16 23:44 - 2013-08-22 20:12 - 00000000 ____D () C:\Windows\ShellNew2014-03-16 23:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-03-16 23:42 - 2014-02-09 07:14 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-03-16 23:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System2014-03-16 23:42 - 2013-08-22 14:25 - 00000076 _____ () C:\Windows\win.ini2014-03-16 22:24 - 2014-02-10 20:34 - 00007597 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg2014-03-16 21:57 - 2014-02-09 07:09 - 01841977 _____ () C:\Windows\WindowsUpdate.log2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt2014-03-14 19:54 - 2014-03-13 18:10 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt2014-03-14 12:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 11:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness2014-03-13 18:53 - 2014-02-17 21:16 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-12 16:09 - 2014-02-11 15:46 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Skype2014-03-11 20:37 - 2014-03-03 20:48 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump2014-03-06 00:08 - 2014-03-06 00:06 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe2014-03-05 01:20 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Packages2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD2014-02-27 16:26 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI Technologies2014-02-27 16:26 - 2013-08-22 15:45 - 00010418 _____ () C:\Windows\setupact.log2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log2014-02-27 16:00 - 2014-02-27 14:56 - 00000000 ____D () C:\AMD2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir2014-02-27 14:02 - 2014-02-10 16:45 - 00000000 ____D () C:\ProgramData\AMD2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log2014-02-27 13:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-02-26 23:55 - 2014-02-09 07:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-26 22:01 - 2014-02-10 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-02-26 15:18 - 2014-02-08 23:40 - 00000000 ____D () C:\ProgramData\Adobe2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2014-02-24 05:08 - 2013-12-13 10:23 - 10169896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2014-02-24 05:08 - 2013-12-13 10:23 - 01328328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2014-02-24 05:08 - 2013-12-13 10:23 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2014-02-23 12:04 - 2014-02-23 00:51 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2014-02-23 11:03 - 2014-02-23 11:02 - 00053710 _____ () C:\Windows\DirectX.log2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit2014-02-21 21:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera2014-02-19 21:16 - 2014-02-08 22:25 - 00000000 ____D () C:\Windows\system32\MRT2014-02-19 21:15 - 2014-02-08 22:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP:====================C:\Users\Ivan\AppData\Local\Temp\drm_dyndata_7380014.dllC:\Users\Ivan\AppData\Local\Temp\gpuz.exeC:\Users\Ivan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exeC:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dllC:\Users\Ivan\AppData\Local\Temp\raptrpatch.exeC:\Users\Ivan\AppData\Local\Temp\safeguard.exeC:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 14:43 ==================== End Of Log ============================ Addition.txt Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014Ran by Ivan at 2014-03-17 00:26:47Running from C:\Users\Ivan\Desktop\New folderBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) HiddenCatalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) HiddenCCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hiddenccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) HiddenESET NOD32 Antivirus (HKLM\...\{87CA8C0A-D865-48B6-B521-B3DB1771D565}) (Version: 6.0.308.0 - ESET, spol s r. o.)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) HiddenGrand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) HiddenIntel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)League of Legends (x32 Version: 3.0.1 - Riot Games) HiddenMalwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) HiddenSkype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - ) ==================== Restore Points ========================= 27-02-2014 15:00:47 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.5072707-03-2014 21:41:12 Windows Update15-03-2014 09:33:41 Scheduled Checkpoint16-03-2014 22:41:00 Removed Microsoft Office Professional Plus 201316-03-2014 22:41:13 PROPLUS ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {03461256-EA79-46C3-9EFE-12DE1E524D2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)Task: {0BBA5EB4-A5EF-492C-BC22-B3D85DC8549B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {0F932D8E-9118-4094-A341-40B96839E930} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {392BC788-C97F-4CD2-A750-A1E1041F73BC} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {3C2866E4-A07D-4927-A56B-B4B7F56E9CCB} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {3E676A85-B1CC-4E94-A930-9C0214EE8115} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {543751FC-D185-4C74-8F6A-9D18AF3724F3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {59DE7D46-940E-441C-B979-44BAB99D9115} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {5A5F9A27-863B-4043-A782-37E4FE21EA2B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {5D159A38-3917-4791-AB32-38044092628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)Task: {5D995BC4-BFA7-493A-9EC1-CD55AD66071A} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {62DF4AE2-2FFC-4A09-AAEF-421775C511D5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exeTask: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {6A82CF27-7CF0-4C5D-95D0-076861B84611} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {79D1FAC0-7A97-4193-8DF0-4A5765B737DA} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {8B804C88-703B-4B69-9181-DA5CD380F1B7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exeTask: {98F49E92-8A4B-4EFB-BADA-C0C35773148A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {A90FBA31-2726-4AA0-AE13-4D23F81805A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-02-19] (Microsoft Corporation)Task: {AC61A7FA-D235-4603-9DCF-625BCB5168FF} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {B3805F3E-2FF3-4FF3-98BA-6323C487698C} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {E14AFE67-7292-44ED-83D4-2362B8190702} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {E8A76586-10E2-4180-8156-AC9B910B3722} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EB514087-D2BD-473B-8DC9-5DBE6B695F1E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exeTask: {ECEFDD38-F394-425B-8D03-F7816CAB1D45} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-09 07:09 - 2014-01-04 12:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe2014-02-09 07:09 - 2013-12-03 21:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll2014-02-08 23:43 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )Description: License acquisition failure details. hr=0x80072EFD Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )Description: License acquisition failure details. hr=0x80072EFD Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service) (User: )Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service) (User: )Description: License acquisition failure details. hr=0x80072EFD Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service) (User: )Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service) (User: )Description: License acquisition failure details. hr=0x80072EFD Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service) (User: )Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service) (User: )Description: License acquisition failure details. hr=0x80072EFD System errors:=============Error: (03/17/2014 00:24:14 AM) (Source: DCOM) (User: IVAN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable Error: (03/16/2014 03:21:35 PM) (Source: DCOM) (User: IVAN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable Error: (03/16/2014 03:21:10 PM) (Source: EventLog) (User: )Description: The previous system shutdown at 2:54:32 PM on ‎3/‎16/‎2014 was unexpected. Error: (03/16/2014 11:46:23 AM) (Source: DCOM) (User: IVAN)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (03/16/2014 11:45:53 AM) (Source: DCOM) (User: IVAN)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (03/16/2014 11:34:58 AM) (Source: DCOM) (User: IVAN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable Error: (03/16/2014 11:34:32 AM) (Source: EventLog) (User: )Description: The previous system shutdown at 2:21:46 AM on ‎3/‎16/‎2014 was unexpected. Error: (03/16/2014 11:34:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)Description: 32212254851084224 Error: (03/16/2014 01:02:05 AM) (Source: DCOM) (User: IVAN)Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable Error: (03/16/2014 01:01:27 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)Description: 32212254851085184 Microsoft Office Sessions:=========================Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD00010001(0x00000000, 00:26:02:489 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)00020001(0x00000000, 00:26:02:489)00030001(0x00000000, 00:26:02:489 - https://validation-v2.sls.microsoft.com)00030002(0x00000000, 00:26:02:489 - 1)00020005(0x00000000, 00:26:02:489 - 0)00020008(0x80072EFD, 00:26:02:490 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"Content-Type: text/xml; charset=utf-8, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>ef374a87-7b8d-4f1c-93d4-ab4fb5d0afa2</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)00010002(0x80072EFD, 00:26:02:490 - <NULL>)00010003(0x80072EFD, 00:26:02:490) Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD00010001(0x00000000, 00:26:02:474 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)00020001(0x00000000, 00:26:02:474)00030001(0x00000000, 00:26:02:474 - https://validation-v2.sls.microsoft.com)00030002(0x00000000, 00:26:02:474 - 1)00020005(0x00000000, 00:26:02:474 - 0)00020008(0x80072EFD, 00:26:02:474 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"Content-Type: text/xml; charset=utf-8, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>fc40a053-e61d-46c7-b35c-3e3db0f06f76</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)00010002(0x80072EFD, 00:26:02:475 - <NULL>)00010003(0x80072EFD, 00:26:02:475) Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD00010001(0x00000000, 00:25:58:117 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)00020001(0x00000000, 00:25:58:117)00030001(0x00000000, 00:25:58:117 - https://validation-v2.sls.microsoft.com)00030002(0x00000000, 00:25:58:117 - 1)00020005(0x00000000, 00:25:58:117 - 0)00020008(0x80072EFD, 00:25:58:117 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"Content-Type: text/xml; charset=utf-8, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7455ae20-8479-4942-89d0-79198bb0add2</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)00010002(0x80072EFD, 00:25:58:117 - <NULL>)00010003(0x80072EFD, 00:25:58:117) Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD00010001(0x00000000, 00:25:55:475 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)00020001(0x00000000, 00:25:55:475)00030001(0x00000000, 00:25:55:475 - https://validation-v2.sls.microsoft.com)00030002(0x00000000, 00:25:55:475 - 1)00020005(0x00000000, 00:25:55:475 - 0)00020008(0x80072EFD, 00:25:55:476 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"Content-Type: text/xml; charset=utf-8, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>2d349ba6-54f2-46d2-aed1-906bbebdbf8e</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)00010002(0x80072EFD, 00:25:55:476 - <NULL>)00010003(0x80072EFD, 00:25:55:476) Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f} Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service)(User: )Description: hr=0x80072EFD00010001(0x00000000, 00:25:47:257 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)00020001(0x00000000, 00:25:47:320)00030001(0x00000000, 00:25:47:320 - https://validation-v2.sls.microsoft.com)00030002(0x00000000, 00:25:47:320 - 0)00040001(0x00000000, 00:25:47:320 - https://validation-v2.sls.microsoft.com)00040002(0x00000000, 00:25:47:320 - 1, <NULL>, <NULL>, <NULL>)00050002(0x80072F94, 00:25:47:320 - 0, 1)00040006(0x00000001, 00:25:47:320 - 0, https://validation-v2.sls.microsoft.com, <N/A>, <N/A>)00020005(0x00000000, 00:25:47:320 - 0)00020008(0x80072EFD, 00:25:47:398 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"Content-Type: text/xml; charset=utf-8, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>1ae69e55-0ec5-4b87-8ed0-15fa8f1abf35</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)00010002(0x80072EFD, 00:25:47:398 - <NULL>)00010003(0x80072EFD, 00:25:47:398) ==================== Memory info =========================== Percentage of memory in use: 14%Total physical RAM: 8137.73 MBAvailable physical RAM: 6925.32 MBTotal Pagefile: 16329.73 MBAvailable Pagefile: 15026.62 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:197.43 GB) (Free:163.26 GB) NTFSDrive d: () (Fixed) (Total:267.81 GB) (Free:263.76 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Thats it.
  7. ivkeboss
    Greetings Charlie, i've completely removed MS - Office from my pc, but im still kinda confused about that. Should i do re-scan of everything? Anyway i would greatly appreciate your help. There is one thing what i noticed after re-booting my pc, i opened my task manager and i went to "details" tab, then suddenly i saw just 1 instance of winlogon.exe [ there was 2 ] and 2 instances of csrss.exe [there was 3]. After i re-booted again they were back [2 winlogon.exe and 3 csrss.exe]. I just felt that could be important thing to mention.
  8. ivkeboss
    Hi mr Charlie, did i do something wrong or is that standard procedure for every topic? If you really think that i have "cracked" MS Office then i can just delete it and we are all happy, right? I came to this website desperate for help because i have really important stuff on my pc [ bank account, etc...] and i don't want to risk logging in to any of my accounts just because i think my pc is terribly infected and im looking for help. I really appreciate everything you did for me, then everything suddenly stopped just because you started suspecting that i have "cracked" MS Office on my pc. I think that doesn't make any sense since i came here looking for help because i think my pc is infected just like i said. Anyway sir thank you for your time and everything, but im going to be in serious problem if i don't find solution for my problem.
  9. ivkeboss
    Hi, i got MC Office from internet as free trial, it's not cracked as far as i know. Anyways is my pc infected i did every scan what you asked for? I'm really worried because i heard that having multiple of winlogon.exe and csrss.exe means that you have keylogger or some serious infection on pc? Thanks in advance.
  10. ivkeboss
    FRST: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014Ran by Ivan (administrator) on IVAN on 16-03-2014 15:08:53Running from C:\Users\Ivan\Desktop\New folderWindows 8.1 Enterprise N (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(AMD) C:\Windows\system32\atieclxx.exe(Microsoft Corporation) C:\Windows\system32\dashost.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe() C:\Windows\KMS\KMS.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe ==================== Registry (Whitelisted) ================== HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-23] (Advanced Micro Devices, Inc.)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-1438085890-1962341810-462119800-1002\...\MountPoints2: E - "E:\Autorun.exe" ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93E496442430CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-USBHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.0.1 Chrome: =======CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-15] (Microsoft Corporation)S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-15] (Microsoft Corporation)S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-15] (Microsoft Corporation)S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST2014-03-16 15:07 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 12:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2014-03-13 18:10 - 2014-03-14 19:54 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump2014-03-06 00:06 - 2014-03-06 00:08 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe2014-03-03 20:48 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD2014-02-27 16:25 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\ATI Technologies2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log2014-02-27 14:56 - 2014-02-27 16:00 - 00000000 ____D () C:\AMD2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM2014-02-23 11:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll2014-02-23 11:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll2014-02-23 11:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2014-02-23 11:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll2014-02-23 11:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll2014-02-23 11:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll2014-02-23 11:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll2014-02-23 11:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll2014-02-23 11:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll2014-02-23 11:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll2014-02-23 11:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll2014-02-23 11:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll2014-02-23 11:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll2014-02-23 11:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll2014-02-23 11:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll2014-02-23 11:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll2014-02-23 11:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll2014-02-23 11:02 - 2014-02-23 11:03 - 00053710 _____ () C:\Windows\DirectX.log2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE2014-02-23 11:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll2014-02-23 11:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll2014-02-23 11:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll2014-02-23 11:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll2014-02-23 11:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll2014-02-23 11:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll2014-02-23 11:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll2014-02-23 11:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll2014-02-23 11:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll2014-02-23 11:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll2014-02-23 11:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll2014-02-23 11:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll2014-02-23 11:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll2014-02-23 11:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll2014-02-23 11:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll2014-02-23 11:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll2014-02-23 11:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll2014-02-23 11:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll2014-02-23 11:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll2014-02-23 11:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll2014-02-23 11:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll2014-02-23 11:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll2014-02-23 11:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll2014-02-23 11:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll2014-02-23 11:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll2014-02-23 11:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll2014-02-23 11:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll2014-02-23 11:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll2014-02-23 11:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll2014-02-23 11:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll2014-02-23 11:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll2014-02-23 11:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll2014-02-23 11:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll2014-02-23 11:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll2014-02-23 11:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll2014-02-23 11:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll2014-02-23 11:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll2014-02-23 11:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll2014-02-23 11:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll2014-02-23 11:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll2014-02-23 11:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll2014-02-23 11:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll2014-02-23 11:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll2014-02-23 11:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll2014-02-23 11:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll2014-02-23 11:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll2014-02-23 11:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll2014-02-23 11:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll2014-02-23 11:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll2014-02-23 11:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll2014-02-23 11:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll2014-02-23 11:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll2014-02-23 11:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll2014-02-23 11:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll2014-02-23 11:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll2014-02-23 11:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll2014-02-23 11:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll2014-02-23 11:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll2014-02-23 11:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll2014-02-23 11:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll2014-02-23 11:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll2014-02-23 11:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll2014-02-23 11:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll2014-02-23 11:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll2014-02-23 11:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit2014-02-23 00:51 - 2014-02-23 12:04 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent2014-02-19 21:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-19 21:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-19 21:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-19 21:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-19 21:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-19 21:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-19 21:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-19 21:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-19 21:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-19 21:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-19 21:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-19 21:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-19 21:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-19 21:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-19 21:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-19 21:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-19 21:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-19 21:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-19 21:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-19 21:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-19 21:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-19 21:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-19 21:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-19 21:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-19 21:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-19 21:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-19 21:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-19 21:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-19 21:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-19 21:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-19 21:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-19 21:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-19 21:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-19 21:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-19 21:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-19 21:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-19 21:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-19 21:13 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2014-02-19 21:13 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll2014-02-19 21:13 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll2014-02-19 21:13 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll2014-02-19 21:13 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll2014-02-19 21:13 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll2014-02-19 21:13 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll2014-02-19 21:13 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll2014-02-19 21:13 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll2014-02-19 21:13 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe2014-02-19 21:13 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll2014-02-19 21:13 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll2014-02-19 21:13 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll2014-02-19 21:13 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll2014-02-19 21:13 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll2014-02-19 21:13 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll2014-02-19 21:13 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll2014-02-19 21:13 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms2014-02-19 21:12 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe2014-02-19 21:12 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe2014-02-19 21:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-02-19 21:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-02-19 21:12 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll2014-02-19 21:12 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll2014-02-19 21:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-19 21:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-19 21:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-19 21:12 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll2014-02-19 21:12 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll2014-02-19 21:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-19 21:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-02-19 21:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-02-17 21:16 - 2014-03-13 18:53 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt ==================== One Month Modified Files and Folders ======= 2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST2014-03-16 15:08 - 2014-03-16 15:07 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder2014-03-16 15:02 - 2014-02-10 20:03 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC8ACE5A-6730-4824-A6F2-447F938620E9}2014-03-16 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru2014-03-16 11:53 - 2014-02-09 07:09 - 01838031 _____ () C:\Windows\WindowsUpdate.log2014-03-16 11:45 - 2014-02-10 20:00 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438085890-1962341810-462119800-10022014-03-16 11:35 - 2014-02-11 15:41 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-03-16 11:34 - 2014-02-11 15:39 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-03-16 11:34 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-03-16 01:01 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt2014-03-14 23:07 - 2014-02-10 16:44 - 00065536 _____ () C:\Windows\system32\spu_storage.bin2014-03-14 22:24 - 2014-02-10 20:34 - 00007597 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg2014-03-14 19:54 - 2014-03-13 18:10 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt2014-03-14 12:45 - 2014-02-09 07:04 - 00013948 _____ () C:\Windows\PFRO.log2014-03-14 12:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-03-14 11:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness2014-03-13 18:53 - 2014-02-17 21:16 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-03-12 16:09 - 2014-02-11 15:46 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Skype2014-03-11 20:37 - 2014-03-03 20:48 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump2014-03-06 14:53 - 2013-08-22 15:44 - 00474816 _____ () C:\Windows\system32\FNTCACHE.DAT2014-03-06 00:08 - 2014-03-06 00:06 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe2014-03-05 01:20 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Packages2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD2014-02-27 16:26 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI Technologies2014-02-27 16:26 - 2013-08-22 15:45 - 00010418 _____ () C:\Windows\setupact.log2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log2014-02-27 16:00 - 2014-02-27 14:56 - 00000000 ____D () C:\AMD2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log2014-02-27 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir2014-02-27 14:02 - 2014-02-10 16:45 - 00000000 ____D () C:\ProgramData\AMD2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log2014-02-27 13:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports2014-02-26 23:55 - 2014-02-09 07:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-26 22:01 - 2014-02-10 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-02-26 15:18 - 2014-02-08 23:40 - 00000000 ____D () C:\ProgramData\Adobe2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll2014-02-24 05:08 - 2013-12-13 10:23 - 10169896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll2014-02-24 05:08 - 2013-12-13 10:23 - 01328328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll2014-02-24 05:08 - 2013-12-13 10:23 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll2014-02-23 12:04 - 2014-02-23 00:51 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll2014-02-23 11:03 - 2014-02-23 11:02 - 00053710 _____ () C:\Windows\DirectX.log2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit2014-02-21 21:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera2014-02-19 21:16 - 2014-02-08 22:25 - 00000000 ____D () C:\Windows\system32\MRT2014-02-19 21:15 - 2014-02-08 22:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP:====================C:\Users\Ivan\AppData\Local\Temp\drm_dyndata_7380014.dllC:\Users\Ivan\AppData\Local\Temp\gpuz.exeC:\Users\Ivan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exeC:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dllC:\Users\Ivan\AppData\Local\Temp\raptrpatch.exeC:\Users\Ivan\AppData\Local\Temp\safeguard.exeC:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-11 14:43 ==================== End Of Log ============================ Addition.txt attached.Addition.txt
  11. ivkeboss
    Malwarebytes after quick scan: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.03.15.06 Windows 8 x64 NTFSInternet Explorer 11.0.9600.16518Ivan :: IVAN [administrator] Protection: Disabled 3/16/2014 1:09:25 AMmbam-log-2014-03-16 (01-09-25).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 221028Time elapsed: 1 minute(s), 21 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end) DDS.txt has compatibility issues and i can't open it. RogueKiller report: RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 8.1 (6.3.9200 ) 64 bits versionStarted in : Normal modeUser : Ivan [Admin rights]Mode : Scan -- Date : 03/16/2014 01:16:18| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA DT01ACA050 ATA Device +++++--- User ---[MBR] 0086f36f0b7bc8b257f89fc226376c3d[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_03162014_011618.txt >>
  12. ivkeboss
    Anyone?
  13. ivkeboss
    Today i noticed that i have 3 csrss.exe and 2 winlogon.exe in task manager under "details" tab. I did full pc scan with malwarebytes PRO but nothing was found. I am using Windows 8 64-bit, and i bought this pc just 1 month ago, so i don't understand how can i be infected in such short period, since i don't visit any of suspicious websites and i don't download anything. Both winlogon.exe are located in "C:\Windows\System32\" and they are marked as "SYSTEM" , and same thing is for 3 instances of csrss.exe, they are also located in "C:\Windows\System32" and marked as "SYSTEM". I know having multiple of these isn't normal, so can please someone tell me what to do? Thanks in advance.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.