Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

3 csrss.exe and 2 winlogon.exe


Recommended Posts

Today i noticed that i have 3 csrss.exe and 2 winlogon.exe in task manager under "details" tab. I did full pc scan with malwarebytes PRO but nothing was found. I am using Windows 8 64-bit, and i bought this pc just 1 month ago, so i don't understand how can i be infected in such short period, since i don't visit any of suspicious websites and i don't download anything. Both winlogon.exe are located in "C:\Windows\System32\" and they are marked as "SYSTEM" , and same thing is for 3 instances of csrss.exe, they are also located in "C:\Windows\System32" and marked as "SYSTEM". I know having multiple of these isn't normal, so can please someone tell me what to do? Thanks in advance.

Link to post
Share on other sites

Welcome to the forum.

First:

Please run a Quick Scan with Malwarebytes like this and post the log:

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

---------------------

Then please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt (DDS may not run on W8)

(please don't put logs in code or quotes and use the default font)

(Please don't forget to run the RogueKiller scan below)

General Forum P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes and use the default font)

MrC

Note:

Please read all of my instructions completely including these.

Make sure system restore is turned on and running, please create a new restore point

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...unlikely but things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>When we are done, I'll give to instructions on how to cleanup all the tools and logs

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

Malwarebytes after quick scan: 

 

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.15.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Ivan :: IVAN [administrator]
 
Protection: Disabled
 
3/16/2014 1:09:25 AM
mbam-log-2014-03-16 (01-09-25).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 221028
Time elapsed: 1 minute(s), 21 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
  
 
 
DDS.txt has compatibility issues and i can't open it. 
 
 
RogueKiller report: 
 
RogueKiller V8.8.11 _x64_ [Mar 14 2014] by Adlice Software
 
Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Ivan [Admin rights]
Mode : Scan -- Date : 03/16/2014 01:16:18
| ARK || FAK || MBR |
 
¤¤¤ Bad processes : 0 ¤¤¤
 
¤¤¤ Registry Entries : 6 ¤¤¤
[HJ POL][PUM] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
 
¤¤¤ Scheduled tasks : 0 ¤¤¤
 
¤¤¤ Startup Entries : 0 ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ Browser Addons : 0 ¤¤¤
 
¤¤¤ Particular Files / Folders: ¤¤¤
 
¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤
 
¤¤¤ External Hives: ¤¤¤
 
¤¤¤ Infection :  ¤¤¤
 
¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts
 
 
 
 
¤¤¤ MBR Check: ¤¤¤
 
+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) TOSHIBA DT01ACA050 ATA Device +++++
--- User ---
[MBR] 0086f36f0b7bc8b257f89fc226376c3d
[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1 | Size: 2097152 Mo
User = LL1 ... OK!
User = LL2 ... OK!
 
Finished : << RKreport[0]_S_03162014_011618.txt >>
 
 
 
 
Link to post
Share on other sites

Run FRST instead of DDS:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.
(use correct version for your system.....Which system am I using?)
FRST <----for 32 bit systems
FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.
reply1.jpg

New window that comes up.
replyer1.jpg

MrC

Link to post
Share on other sites

FRST: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ivan (administrator) on IVAN on 16-03-2014 15:08:53
Running from C:\Users\Ivan\Desktop\New folder
Windows 8.1 Enterprise N (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Windows\KMS\KMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-23] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1438085890-1962341810-462119800-1002\...\MountPoints2: E - "E:\Autorun.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93E496442430CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.0.1
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-15] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-15] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-15] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST
2014-03-16 15:07 - 2014-03-16 15:08 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder
2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt
2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 12:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-13 18:10 - 2014-03-14 19:54 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP
2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp
2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 00:06 - 2014-03-06 00:08 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe
2014-03-03 20:48 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind
2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD
2014-02-27 16:25 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log
2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log
2014-02-27 14:56 - 2014-02-27 16:00 - 00000000 ____D () C:\AMD
2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir
2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log
2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe
2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap
2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll
2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-02-23 11:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-23 11:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR
2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM
2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-23 11:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-23 11:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-23 11:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-23 11:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-23 11:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-23 11:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-23 11:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-23 11:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-23 11:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-23 11:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-23 11:02 - 2014-02-23 11:03 - 00053710 _____ () C:\Windows\DirectX.log
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 11:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-23 11:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-23 11:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-23 11:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-23 11:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-23 11:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-23 11:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-23 11:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-23 11:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-23 11:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-23 11:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-23 11:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-23 11:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-23 11:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-23 11:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-23 11:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-23 11:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-23 11:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-23 11:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-23 11:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-23 11:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-23 11:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-23 11:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-23 11:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-23 11:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-23 11:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-23 11:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-23 11:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-23 11:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-23 11:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-23 11:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-23 11:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-23 11:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-23 11:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-23 11:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-23 11:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-23 11:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-23 11:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-23 11:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-23 11:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-23 11:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-23 11:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-23 11:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-23 11:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-23 11:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-23 11:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-23 11:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-23 11:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-23 11:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit
2014-02-23 00:51 - 2014-02-23 12:04 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent
2014-02-19 21:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 21:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 21:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-19 21:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 21:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 21:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 21:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 21:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 21:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 21:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 21:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 21:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 21:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 21:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 21:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 21:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 21:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 21:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 21:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 21:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 21:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 21:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 21:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 21:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 21:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 21:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 21:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 21:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 21:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 21:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 21:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 21:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 21:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 21:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 21:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 21:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 21:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 21:13 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-02-19 21:13 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-19 21:13 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-02-19 21:13 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-02-19 21:13 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-02-19 21:13 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-02-19 21:13 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-19 21:13 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-02-19 21:13 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-19 21:13 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-02-19 21:13 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-02-19 21:13 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-19 21:13 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-19 21:13 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-19 21:13 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-02-19 21:13 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-02-19 21:13 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-19 21:13 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-02-19 21:12 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-02-19 21:12 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-19 21:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-19 21:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-19 21:12 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-19 21:12 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-19 21:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 21:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 21:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-19 21:12 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-19 21:12 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-19 21:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-19 21:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-19 21:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 21:16 - 2014-03-13 18:53 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt
 
==================== One Month Modified Files and Folders =======
 
2014-03-16 15:08 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST
2014-03-16 15:08 - 2014-03-16 15:07 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder
2014-03-16 15:02 - 2014-02-10 20:03 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC8ACE5A-6730-4824-A6F2-447F938620E9}
2014-03-16 14:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-16 11:53 - 2014-02-09 07:09 - 01838031 _____ () C:\Windows\WindowsUpdate.log
2014-03-16 11:45 - 2014-02-10 20:00 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438085890-1962341810-462119800-1002
2014-03-16 11:35 - 2014-02-11 15:41 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-16 11:34 - 2014-02-11 15:39 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-16 11:34 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-16 01:01 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan
2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt
2014-03-14 23:07 - 2014-02-10 16:44 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-14 22:24 - 2014-02-10 20:34 - 00007597 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg
2014-03-14 19:54 - 2014-03-13 18:10 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt
2014-03-14 12:45 - 2014-02-09 07:04 - 00013948 _____ () C:\Windows\PFRO.log
2014-03-14 12:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-13 18:53 - 2014-02-17 21:16 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:09 - 2014-02-11 15:46 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Skype
2014-03-11 20:37 - 2014-03-03 20:48 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind
2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP
2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp
2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 14:53 - 2013-08-22 15:44 - 00474816 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-06 00:08 - 2014-03-06 00:06 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe
2014-03-05 01:20 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Packages
2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD
2014-02-27 16:26 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-27 16:26 - 2013-08-22 15:45 - 00010418 _____ () C:\Windows\setupact.log
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log
2014-02-27 16:00 - 2014-02-27 14:56 - 00000000 ____D () C:\AMD
2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log
2014-02-27 15:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir
2014-02-27 14:02 - 2014-02-10 16:45 - 00000000 ____D () C:\ProgramData\AMD
2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log
2014-02-27 13:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-26 23:55 - 2014-02-09 07:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:01 - 2014-02-10 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-26 15:18 - 2014-02-08 23:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 10169896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 01328328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe
2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap
2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll
2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-02-23 12:04 - 2014-02-23 00:51 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent
2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR
2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM
2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-23 11:03 - 2014-02-23 11:02 - 00053710 _____ () C:\Windows\DirectX.log
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit
2014-02-21 21:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-02-19 21:16 - 2014-02-08 22:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 21:15 - 2014-02-08 22:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Ivan\AppData\Local\Temp\gpuz.exe
C:\Users\Ivan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exe
C:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Ivan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ivan\AppData\Local\Temp\safeguard.exe
C:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 14:43
 
==================== End Of Log ============================ 
 
 
Addition.txt attached.

Addition.txt

Link to post
Share on other sites

Hi, i got MC Office from internet as free trial, it's not cracked as far as i know. Anyways is my pc infected i did every scan what you asked for? I'm really worried because i heard that having multiple of winlogon.exe and csrss.exe means that you have keylogger or some serious infection on pc? Thanks in advance.

Link to post
Share on other sites

Hi mr Charlie, did i do something wrong or is that standard procedure for every topic? If you really think that i have "cracked" MS Office then i can just delete it and we are all happy, right? I came to this website desperate for help because i have really important stuff on my pc [ bank account, etc...] and i don't want to risk logging in to any of my accounts just because i think my pc is terribly infected and im looking for help. I really appreciate everything you did for me, then everything suddenly stopped just because you started suspecting that i have "cracked" MS Office on my pc. I think that doesn't make any sense since i came here looking for help because i think my pc is infected just like i said. Anyway sir thank you for your time and everything, but im going to be in serious problem if i don't find solution for my problem.  :( 
 

Link to post
Share on other sites

First of all I have to go by the rules just like you do.

If I see something in the logs that doesn't look right, I have to inquire about it.

All topics are screened and if administration comes by and spots any cracks or illegal software...the post will be closed and you won't get any help.

This would be a waste of both of our times.

It appears you have suspicious programs and files on the system.

I've asked the forum administrator to have a look at the topic.

Just be patient until he chimes in.

MrC

The forums topic on Piracy:

https://forums.malwarebytes.org/index.php?showtopic=97700

Link to post
Share on other sites

Greetings Charlie, i've completely removed MS - Office from my pc, but im still kinda confused about that. Should i do re-scan of everything? Anyway i would greatly appreciate your help. 

 

There is one thing what i noticed after re-booting my pc, i opened my task manager and i went to "details" tab, then suddenly i saw just 1 instance of winlogon.exe [ there was 2 ] and 2 instances of csrss.exe [there was 3]. After i re-booted again they were back [2 winlogon.exe and 3 csrss.exe]. I just felt that could be important thing to mention.

Link to post
Share on other sites

FRST: 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Ivan (administrator) on IVAN on 17-03-2014 00:26:30
Running from C:\Users\Ivan\Desktop\New folder
Windows 8.1 Enterprise N (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
() C:\Windows\KMS\KMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\WinStore\WSHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-02-23] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1438085890-1962341810-462119800-1002\...\MountPoints2: E - "E:\Autorun.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x93E496442430CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.20 192.168.0.1
 
Chrome: 
=======
CHR Extension: (Google Drive) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-11]
CHR Extension: (YouTube) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-11]
CHR Extension: (Google Search) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-11]
CHR Extension: (Google Wallet) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-11]
CHR Extension: (Gmail) - C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-11]
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
 
==================== Services (Whitelisted) =================
 
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1333424 2012-12-21] (ESET)
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [213416 2012-12-21] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [150616 2012-12-21] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [139768 2012-12-21] (ESET)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-01-15] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-22] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-01-15] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-01-15] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)
S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-17 00:24 - 2014-03-17 00:26 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder
2014-03-16 15:08 - 2014-03-17 00:26 - 00000000 ____D () C:\FRST
2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt
2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 12:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-13 18:10 - 2014-03-14 19:54 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP
2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp
2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 00:06 - 2014-03-06 00:08 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe
2014-03-03 20:48 - 2014-03-11 20:37 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind
2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD
2014-02-27 16:25 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log
2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log
2014-02-27 14:56 - 2014-02-27 16:00 - 00000000 ____D () C:\AMD
2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir
2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log
2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe
2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap
2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll
2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-02-23 11:21 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00069448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-02-23 11:21 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-02-23 11:21 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR
2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM
2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-23 11:03 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-02-23 11:03 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-02-23 11:03 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-02-23 11:03 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-02-23 11:03 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-02-23 11:03 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-02-23 11:03 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-02-23 11:03 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-02-23 11:03 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-02-23 11:03 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-02-23 11:03 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-02-23 11:03 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-02-23 11:03 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-02-23 11:02 - 2014-02-23 11:03 - 00053710 _____ () C:\Windows\DirectX.log
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 11:02 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-02-23 11:02 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-02-23 11:02 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-02-23 11:02 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-02-23 11:02 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-02-23 11:02 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-02-23 11:02 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-02-23 11:02 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-02-23 11:02 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-02-23 11:02 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-02-23 11:02 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-02-23 11:02 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-02-23 11:02 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-02-23 11:02 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-02-23 11:02 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-02-23 11:02 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-02-23 11:02 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-02-23 11:02 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-02-23 11:02 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-02-23 11:02 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-02-23 11:02 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-02-23 11:02 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-02-23 11:02 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-02-23 11:02 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-02-23 11:02 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-02-23 11:02 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-02-23 11:02 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-02-23 11:02 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-02-23 11:02 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-02-23 11:02 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-02-23 11:02 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-02-23 11:02 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-02-23 11:02 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-02-23 11:02 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-02-23 11:02 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-02-23 11:02 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-02-23 11:02 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-02-23 11:02 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-02-23 11:02 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-02-23 11:02 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-02-23 11:02 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-02-23 11:02 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-02-23 11:02 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-02-23 11:02 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-02-23 11:02 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-02-23 11:02 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-02-23 11:02 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-02-23 11:02 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-02-23 11:02 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-02-23 11:02 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-02-23 11:02 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-02-23 11:02 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-02-23 11:02 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-02-23 11:02 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-02-23 11:02 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-02-23 11:02 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-02-23 11:02 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit
2014-02-23 00:51 - 2014-02-23 12:04 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent
2014-02-19 21:14 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-19 21:14 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-19 21:14 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-19 21:14 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-19 21:14 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-19 21:14 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-19 21:14 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-19 21:14 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-19 21:14 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-19 21:14 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-19 21:14 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-19 21:14 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-19 21:14 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-19 21:14 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-19 21:14 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-19 21:14 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-19 21:14 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-19 21:14 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-19 21:14 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-19 21:14 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-19 21:14 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-19 21:14 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-19 21:14 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-19 21:14 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-19 21:14 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-19 21:14 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-19 21:14 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-19 21:14 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-19 21:14 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-19 21:14 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-19 21:14 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-19 21:14 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-19 21:14 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-19 21:14 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-19 21:14 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-19 21:14 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-19 21:14 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-19 21:13 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-02-19 21:13 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-02-19 21:13 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-02-19 21:13 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-02-19 21:13 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-02-19 21:13 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-02-19 21:13 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-02-19 21:13 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-02-19 21:13 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-02-19 21:13 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-02-19 21:13 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-02-19 21:13 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-02-19 21:13 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-02-19 21:13 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-02-19 21:13 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-02-19 21:13 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-02-19 21:13 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-02-19 21:13 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-19 21:13 - 2013-12-21 03:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-02-19 21:12 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-02-19 21:12 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-02-19 21:12 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-19 21:12 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-19 21:12 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-02-19 21:12 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-02-19 21:12 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-19 21:12 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-19 21:12 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-19 21:12 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-19 21:12 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-19 21:12 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-19 21:12 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-19 21:12 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-17 21:16 - 2014-03-13 18:53 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt
 
==================== One Month Modified Files and Folders =======
 
2014-03-17 00:26 - 2014-03-17 00:24 - 00000000 ____D () C:\Users\Ivan\Desktop\New folder
2014-03-17 00:26 - 2014-03-16 15:08 - 00000000 ____D () C:\FRST
2014-03-17 00:24 - 2014-02-11 15:41 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 00:24 - 2014-02-11 15:39 - 00000934 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 00:24 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-17 00:24 - 2013-08-22 15:44 - 00471048 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-17 00:23 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan
2014-03-17 00:23 - 2014-02-10 16:44 - 00065536 _____ () C:\Windows\system32\spu_storage.bin
2014-03-17 00:23 - 2014-02-09 07:04 - 00014306 _____ () C:\Windows\PFRO.log
2014-03-17 00:11 - 2014-02-10 20:03 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{BC8ACE5A-6730-4824-A6F2-447F938620E9}
2014-03-17 00:02 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-03-16 23:49 - 2014-02-10 20:00 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1438085890-1962341810-462119800-1002
2014-03-16 23:44 - 2013-08-22 20:12 - 00000000 ____D () C:\Windows\ShellNew
2014-03-16 23:44 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-03-16 23:42 - 2014-02-09 07:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-16 23:42 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-03-16 23:42 - 2013-08-22 14:25 - 00000076 _____ () C:\Windows\win.ini
2014-03-16 22:24 - 2014-02-10 20:34 - 00007597 _____ () C:\Users\Ivan\AppData\Local\resmon.resmoncfg
2014-03-16 21:57 - 2014-02-09 07:09 - 01841977 _____ () C:\Windows\WindowsUpdate.log
2014-03-15 13:04 - 2014-03-15 13:04 - 00000058 _____ () C:\Users\Ivan\Documents\qweqwe22.txt
2014-03-14 19:54 - 2014-03-13 18:10 - 00000096 _____ () C:\Users\Ivan\Documents\wqeqwe.txt
2014-03-14 12:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-03-14 12:30 - 2014-03-14 12:30 - 00001121 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-14 12:30 - 2014-03-14 12:30 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-03-14 11:01 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-03-13 18:53 - 2014-02-17 21:16 - 00000290 _____ () C:\Users\Ivan\Documents\thermaltake commander msi.txt
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Malwarebytes
2014-03-13 13:59 - 2014-03-13 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-12 16:09 - 2014-02-11 15:46 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\Skype
2014-03-11 20:37 - 2014-03-03 20:48 - 00000000 ____D () C:\Users\Ivan\Documents\ADCkeybind
2014-03-07 22:16 - 2014-03-07 22:16 - 424175808 _____ () C:\Windows\MEMORY.DMP
2014-03-07 22:16 - 2014-03-07 22:16 - 00280632 _____ () C:\Windows\Minidump\030714-13156-01.dmp
2014-03-07 22:16 - 2014-03-07 22:16 - 00000000 ____D () C:\Windows\Minidump
2014-03-06 00:08 - 2014-03-06 00:06 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Adobe
2014-03-05 01:20 - 2014-02-10 19:48 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Packages
2014-03-01 00:17 - 2014-03-01 00:17 - 00000520 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-02-27 16:32 - 2014-02-27 16:32 - 00000000 ____D () C:\ProgramData\ATI
2014-02-27 16:27 - 2014-02-27 16:27 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271627012163.log
2014-02-27 16:26 - 2014-02-27 16:26 - 00000000 ____D () C:\Program Files\AMD
2014-02-27 16:26 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-27 16:26 - 2013-08-22 15:45 - 00010418 _____ () C:\Windows\setupact.log
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files\ATI
2014-02-27 16:25 - 2014-02-27 16:25 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-02-27 16:00 - 2014-02-27 16:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271600329945.log
2014-02-27 16:00 - 2014-02-27 14:56 - 00000000 ____D () C:\AMD
2014-02-27 15:06 - 2014-02-27 15:06 - 00061173 _____ () C:\Windows\SysWOW64\CCCInstall_201402271506300711.log
2014-02-27 14:15 - 2014-02-27 14:15 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\library_dir
2014-02-27 14:02 - 2014-02-10 16:45 - 00000000 ____D () C:\ProgramData\AMD
2014-02-27 14:00 - 2014-02-27 14:00 - 00060328 _____ () C:\Windows\SysWOW64\CCCInstall_201402271400130259.log
2014-02-27 13:41 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-02-26 23:55 - 2014-02-09 07:12 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-26 22:01 - 2014-02-10 16:44 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-26 15:18 - 2014-02-08 23:40 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-24 05:08 - 2014-02-24 05:08 - 08759296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 01106360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00127872 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\amdhcp64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00126336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00117560 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\amdhcp32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00116024 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00098496 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-02-24 05:08 - 2014-02-24 05:08 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 10169896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 01328328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-02-24 05:08 - 2013-12-13 10:23 - 00143304 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10899624 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 10145128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 07892000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-02-24 05:07 - 2014-02-24 05:07 - 06716264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-02-24 05:01 - 2014-02-24 05:01 - 13929472 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-02-24 04:48 - 2014-02-24 04:48 - 00230912 _____ () C:\Windows\system32\clinfo.exe
2014-02-24 04:48 - 2014-02-24 04:48 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 28424704 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-02-24 04:47 - 2014-02-24 04:47 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-02-24 04:45 - 2014-02-24 04:45 - 23903232 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-24 04:42 - 2014-02-24 04:42 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-24 04:30 - 2014-02-24 04:30 - 00415744 _____ () C:\Windows\system32\amdmiracast.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 27152384 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-02-24 04:28 - 2014-02-24 04:28 - 00126464 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 05392896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00575744 _____ () C:\Windows\system32\atiapfxx.blb
2014-02-24 04:27 - 2014-02-24 04:27 - 00368640 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-02-24 04:27 - 2014-02-24 04:27 - 00113152 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-02-24 04:26 - 2014-02-24 04:26 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-02-24 04:22 - 2014-02-24 04:22 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-02-24 04:13 - 2014-02-24 04:13 - 04319232 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-02-24 04:07 - 2014-02-24 04:07 - 22834688 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00586240 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-02-24 04:05 - 2014-02-24 04:05 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-02-24 04:05 - 2014-02-24 04:05 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-02-24 04:04 - 2014-02-24 04:04 - 00240128 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-02-24 04:02 - 2014-02-24 04:02 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00081920 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-02-24 04:00 - 2014-02-24 04:00 - 00079360 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00044544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-02-24 03:50 - 2014-02-24 03:50 - 00035840 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-02-24 03:46 - 2014-02-24 03:46 - 03434288 _____ () C:\Windows\system32\atiumd6a.cap
2014-02-24 03:40 - 2014-02-24 03:40 - 00806912 _____ (AMD) C:\Windows\system32\coinst_13.350.dll
2014-02-24 03:35 - 2014-02-24 03:35 - 03468336 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-02-24 03:28 - 2014-02-24 03:28 - 01148416 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00828416 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00146432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-02-24 03:28 - 2014-02-24 03:28 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-02-24 03:27 - 2014-02-24 03:27 - 00636928 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-02-24 03:27 - 2014-02-24 03:27 - 00133120 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00095744 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdave64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00090112 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdave32.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00089088 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atisamu64.dll
2014-02-24 03:26 - 2014-02-24 03:26 - 00080896 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atisamu32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00134144 _____ () C:\Windows\system32\amdhdl64.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00123392 _____ () C:\Windows\SysWOW64\amdhdl32.dll
2014-02-24 03:23 - 2014-02-24 03:23 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-02-23 12:04 - 2014-02-23 00:51 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\uTorrent
2014-02-23 11:26 - 2014-02-23 11:26 - 00000000 __SHD () C:\ProgramData\SecuROM
2014-02-23 11:20 - 2014-02-23 11:20 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\WinRAR
2014-02-23 11:04 - 2014-02-23 11:04 - 00000000 __RHD () C:\Users\Ivan\AppData\Roaming\SecuROM
2014-02-23 11:03 - 2014-02-23 11:03 - 00178800 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt_x64.dll
2014-02-23 11:03 - 2014-02-23 11:02 - 00053710 _____ () C:\Windows\DirectX.log
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\xlive
2014-02-23 11:02 - 2014-02-23 11:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2014-02-23 10:48 - 2014-02-23 10:48 - 00000000 ____D () C:\Users\Ivan\AppData\Roaming\PowerISO
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Users\Ivan\AppData\Local\SearchProtect
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\NativeMessaging
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\CRE
2014-02-23 00:52 - 2014-02-23 00:52 - 00000000 ____D () C:\Users\Ivan\AppData\Local\Conduit
2014-02-21 21:34 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\FileManager
2014-02-19 21:19 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\Camera
2014-02-19 21:16 - 2014-02-08 22:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-19 21:15 - 2014-02-08 22:25 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\Ivan\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Ivan\AppData\Local\Temp\gpuz.exe
C:\Users\Ivan\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exe
C:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Ivan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ivan\AppData\Local\Temp\safeguard.exe
C:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-11 14:43
 
==================== End Of Log ============================ 
 
 
Addition.txt 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Ivan at 2014-03-17 00:26:47
Running from C:\Users\Ivan\Desktop\New folder
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 6.0 (Enabled - Up to date) {CCBF4E09-A773-1FC5-1F11-1A056723366C}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{A081D35B-0AF0-588A-D0D6-259D25C03E50}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0223.2238.40626 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0223.2239.40626 - Advanced Micro Devices, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{87CA8C0A-D865-48B6-B521-B3DB1771D565}) (Version: 6.0.308.0 - ESET, spol s r. o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3379 - Intel Corporation)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Skype™ 6.13 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.13.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )
 
==================== Restore Points  =========================
 
27-02-2014 15:00:47 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
07-03-2014 21:41:12 Windows Update
15-03-2014 09:33:41 Scheduled Checkpoint
16-03-2014 22:41:00 Removed Microsoft Office Professional Plus 2013
16-03-2014 22:41:13 PROPLUS
 
==================== Hosts content: ==========================
 
2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {03461256-EA79-46C3-9EFE-12DE1E524D2B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {0BBA5EB4-A5EF-492C-BC22-B3D85DC8549B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {0F932D8E-9118-4094-A341-40B96839E930} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {392BC788-C97F-4CD2-A750-A1E1041F73BC} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {3C2866E4-A07D-4927-A56B-B4B7F56E9CCB} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {3E676A85-B1CC-4E94-A930-9C0214EE8115} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {543751FC-D185-4C74-8F6A-9D18AF3724F3} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {59DE7D46-940E-441C-B979-44BAB99D9115} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {5A5F9A27-863B-4043-A782-37E4FE21EA2B} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {5D159A38-3917-4791-AB32-38044092628F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-11] (Google Inc.)
Task: {5D995BC4-BFA7-493A-9EC1-CD55AD66071A} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {62DF4AE2-2FFC-4A09-AAEF-421775C511D5} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {6A59C583-FBB0-4F2B-A452-307A30BEF6BC} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {6A82CF27-7CF0-4C5D-95D0-076861B84611} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {79D1FAC0-7A97-4193-8DF0-4A5765B737DA} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {8B804C88-703B-4B69-9181-DA5CD380F1B7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: {98F49E92-8A4B-4EFB-BADA-C0C35773148A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {A90FBA31-2726-4AA0-AE13-4D23F81805A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-02-19] (Microsoft Corporation)
Task: {AC61A7FA-D235-4603-9DCF-625BCB5168FF} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {B3805F3E-2FF3-4FF3-98BA-6323C487698C} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {E14AFE67-7292-44ED-83D4-2362B8190702} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {E8A76586-10E2-4180-8156-AC9B910B3722} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EB514087-D2BD-473B-8DC9-5DBE6B695F1E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {ECEFDD38-F394-425B-8D03-F7816CAB1D45} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-02-09 07:09 - 2014-01-04 12:52 - 00032256 _____ () C:\Windows\KMS\KMS.exe
2014-02-09 07:09 - 2013-12-03 21:01 - 00016896 _____ () C:\Windows\KMS\WinDivert.dll
2014-02-08 23:43 - 2006-12-11 02:14 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service) (User: )
Description: Acquisition of genuine ticket failed (hr=0x80072EFD) for template Id {99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service) (User: )
Description: License acquisition failure details. 
hr=0x80072EFD
 
 
System errors:
=============
Error: (03/17/2014 00:24:14 AM) (Source: DCOM) (User: IVAN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/16/2014 03:21:35 PM) (Source: DCOM) (User: IVAN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/16/2014 03:21:10 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:54:32 PM on ‎3/‎16/‎2014 was unexpected.
 
Error: (03/16/2014 11:46:23 AM) (Source: DCOM) (User: IVAN)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (03/16/2014 11:45:53 AM) (Source: DCOM) (User: IVAN)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (03/16/2014 11:34:58 AM) (Source: DCOM) (User: IVAN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/16/2014 11:34:32 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 2:21:46 AM on ‎3/‎16/‎2014 was unexpected.
 
Error: (03/16/2014 11:34:19 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212254851084224
 
Error: (03/16/2014 01:02:05 AM) (Source: DCOM) (User: IVAN)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}IVANIvanS-1-5-21-1438085890-1962341810-462119800-1002LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/16/2014 01:01:27 AM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212254851085184
 
 
Microsoft Office Sessions:
=========================
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD00010001(0x00000000, 00:26:02:489 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 00:26:02:489)
00030001(0x00000000, 00:26:02:489 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 00:26:02:489 - 1)
00020005(0x00000000, 00:26:02:489 - 0)
00020008(0x80072EFD, 00:26:02:490 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>ef374a87-7b8d-4f1c-93d4-ab4fb5d0afa2</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 00:26:02:490 - <NULL>)
00010003(0x80072EFD, 00:26:02:490)
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:26:02 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD00010001(0x00000000, 00:26:02:474 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 00:26:02:474)
00030001(0x00000000, 00:26:02:474 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 00:26:02:474 - 1)
00020005(0x00000000, 00:26:02:474 - 0)
00020008(0x80072EFD, 00:26:02:474 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>fc40a053-e61d-46c7-b35c-3e3db0f06f76</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 00:26:02:475 - <NULL>)
00010003(0x80072EFD, 00:26:02:475)
 
Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:58 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD00010001(0x00000000, 00:25:58:117 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 00:25:58:117)
00030001(0x00000000, 00:25:58:117 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 00:25:58:117 - 1)
00020005(0x00000000, 00:25:58:117 - 0)
00020008(0x80072EFD, 00:25:58:117 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>7455ae20-8479-4942-89d0-79198bb0add2</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 00:25:58:117 - <NULL>)
00010003(0x80072EFD, 00:25:58:117)
 
Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:55 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD00010001(0x00000000, 00:25:55:475 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 00:25:55:475)
00030001(0x00000000, 00:25:55:475 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 00:25:55:475 - 1)
00020005(0x00000000, 00:25:55:475 - 0)
00020008(0x80072EFD, 00:25:55:476 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>2d349ba6-54f2-46d2-aed1-906bbebdbf8e</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 00:25:55:476 - <NULL>)
00010003(0x80072EFD, 00:25:55:476)
 
Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD{99d92734-d682-4d71-983e-d6ec3f16059f}
 
Error: (03/17/2014 00:25:47 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x80072EFD00010001(0x00000000, 00:25:47:257 - https://validation-v2.sls.microsoft.com/SLWGA/slwga.asmx)
00020001(0x00000000, 00:25:47:320)
00030001(0x00000000, 00:25:47:320 - https://validation-v2.sls.microsoft.com)
00030002(0x00000000, 00:25:47:320 - 0)
00040001(0x00000000, 00:25:47:320 - https://validation-v2.sls.microsoft.com)
00040002(0x00000000, 00:25:47:320 - 1, <NULL>, <NULL>, <NULL>)
00050002(0x80072F94, 00:25:47:320 - 0, 1)
00040006(0x00000001, 00:25:47:320 - 0, https://validation-v2.sls.microsoft.com, <N/A>, <N/A>)
00020005(0x00000000, 00:25:47:320 - 0)
00020008(0x80072EFD, 00:25:47:398 - SOAPAction: "http://microsoft.com/SL/GenuineAdvantageService/IssueToken"
Content-Type: text/xml; charset=utf-8
, <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><RequestSecurityToken xmlns="http://schemas.xmlsoap.org/ws/2004/04/security/trust"><TokenType>SLWGA</TokenType><RequestType>http://schemas.xmlsoap.org/ws/2004/04/security/trust/Issue</RequestType><UseKey><Values xsi:nil="1"/></UseKey><Claims><Values xmlns:q1="http://schemas.xmlsoap.org/ws/2004/04/security/trust" soapenc:arrayType="q1:TokenEntry[6]"><TokenEntry><Name>GenuineAdvantagePhase</Name><Value>GenuineAdvantagePhase1</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageVersion</Name><Value>1.0</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageTemplateId</Name><Value>{99d92734-d682-4d71-983e-d6ec3f16059f}</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientTransactionId</Name><Value>1ae69e55-0ec5-4b87-8ed0-15fa8f1abf35</Value></TokenEntry><TokenEntry><Name>GenuineAdvantageClientToken</Name><Value></Value></TokenEntry><TokenEntry><Name>GenuineAdvantageParameters</Name><Value>OSArch=9;OSVersion=6.3.9600.16402;ServiceVersion=6.3.9600.16402;AvailablePID2s=00261-40000-00000-AA633\3,10005-50010-00044-AA531\2;TemplateId={99d92734-d682-4d71-983e-d6ec3f16059f};</Value></TokenEntry></Values></Claims></RequestSecurityToken></soap:Body></soap:Envelope>)
00010002(0x80072EFD, 00:25:47:398 - <NULL>)
00010003(0x80072EFD, 00:25:47:398)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 8137.73 MB
Available physical RAM: 6925.32 MB
Total Pagefile: 16329.73 MB
Available Pagefile: 15026.62 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:197.43 GB) (Free:163.26 GB) NTFS
Drive d: () (Fixed) (Total:267.81 GB) (Free:263.76 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================ 
 
 
Thats it.
Link to post
Share on other sites

Clean out temp files:

http://corel.force.com/pinnacle/articles/en_US/Master_Article/How-to-delete-temporary-files-from-Windows-8?&source=kba

Then...........

Download the attached fixlist.txt to the same folder as FRST.

Run FRST.exe and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

I cleaned temp files 

 

Fixlog: 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Ivan at 2014-03-17 01:10:56 Run:1
Running from C:\Users\Ivan\Desktop\New folder
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exe
C:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dll
C:\Users\Ivan\AppData\Local\Temp\raptrpatch.exe
C:\Users\Ivan\AppData\Local\Temp\safeguard.exe
C:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll
C:\Windows\KMS\KMS.exe
C:\Windows\KMS
CHR HKCU\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
CHR HKLM-x32\...\Chrome\Extension: [cflheckfmhopnialghigdlggahiomebp] - C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx [2014-02-22]
R2 KMS; C:\Windows\KMS\KMS.exe [32256 2014-01-04] ()
R3 WinDivert1.1; C:\Windows\KMS\WinDivert.sys [35376 2013-12-03] (Basil Projects)
2014-02-23 10:47 - 2014-02-23 10:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
 
 
 
*****************
 
"C:\Users\Ivan\AppData\Local\Temp\nsz6586.tmp.exe" => File/Directory not found.
C:\Users\Ivan\AppData\Local\Temp\ntdll_dump.dll => Moved successfully.
"C:\Users\Ivan\AppData\Local\Temp\raptrpatch.exe" => File/Directory not found.
"C:\Users\Ivan\AppData\Local\Temp\safeguard.exe" => File/Directory not found.
"C:\Users\Ivan\AppData\Local\Temp\swt-win32-3349.dll" => File/Directory not found.
C:\Windows\KMS\KMS.exe => Moved successfully.
C:\Windows\KMS => Moved successfully.
HKCU\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully.
C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp => Key deleted successfully.
"C:\Users\Ivan\AppData\Local\CRE\cflheckfmhopnialghigdlggahiomebp.crx" => File/Directory not found.
KMS => Service deleted successfully.
WinDivert1.1 => Unable to stop service
WinDivert1.1 => Service deleted successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====
Link to post
Share on other sites

Lets clean out any adware/spyware now: (this will require a reboot so save all your work)

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

Greetings Charlie

  

 

AdwCleaner[s0].txt :  

 

 

 

# AdwCleaner v3.022 - Report created 17/03/2014 at 01:57:34

# Updated 13/03/2014 by Xplode
# Operating System : Windows 8.1 Enterprise N  (64 bits)
# Username : Ivan - IVAN
# Running from : C:\Users\Ivan\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Windows\SysWOW64\AI_RecycleBin
Folder Deleted : C:\Users\Ivan\AppData\Local\Conduit
Folder Deleted : C:\Users\Ivan\AppData\Local\NativeMessaging
Folder Deleted : C:\Users\Ivan\AppData\Local\SearchProtect
Folder Deleted : C:\Users\Ivan\AppData\Local\Temp\NativeMessaging
Folder Deleted : C:\Users\Ivan\AppData\LocalLow\Conduit
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16518
 
 
-\\ Google Chrome v33.0.1750.154
 
[ File : C:\Users\Ivan\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [1417 octets] - [17/03/2014 01:52:58]
AdwCleaner[R1].txt - [1477 octets] - [17/03/2014 01:54:46]
AdwCleaner[s0].txt - [1391 octets] - [17/03/2014 01:57:34]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1451 octets] ##########
 
 
Malwarebytes after quick scan: 
 
 
Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.17.01
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Ivan :: IVAN [administrator]
 
Protection: Disabled
 
3/17/2014 2:11:51 AM
mbam-log-2014-03-17 (02-11-51).txt
 
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 218742
Time elapsed: 1 minute(s), 8 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)
 
For now there is only one instance of "winlogon.exe" and 2 instances of "csrss.exe" . 
Link to post
Share on other sites

I found a good explanation of csrss.exe:
 

Having multiple instances of csrss.exe in the task manager is normal. There should be one instance of csrss.exe for system processes and another instance for interactive logons. If you have multiple users logged in, you can have even more instances of crss.exe in the Task Manager.

The "one csrss.exe only" rule applies to XP and earlier.

 


---------------------------------------

For the winlogon.exe, I found that this has been observed in W8.

---------------------------------------

So far as I can tell your system is fine now.

I suggest you update your ESET anti-virus and run a scan.



Let me know, MrC

Link to post
Share on other sites

Thank you Charlie for everything ...i feel so much better knowing my pc is clean. 

 

One more thing. Can i delete AdwCleaner and quarantine folder made by AdwCleaner in program files without releasing malware in my pc again, and can i also delete FRST with all logs.txt?

Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Greetings Charlie 

 

 

checkup.txt : 

 

 Results of screen317's Security Check version 0.99.80  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 6.0   
Windows Defender           
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

That looks perfect....

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter. (it may look like CF is re-installing but it's not)

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

Please download OTC to your desktop. (This will clean up most of the tools and logs)

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")

Click on the CleanUp! button and follow the prompts.

(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)

You will be asked to reboot the machine to finish the Cleanup process, choose Yes.

After the reboot all the tools we used should be gone.

Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete. (right click.....Delete)

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall.

Note:

If you used FRST and can't delete the quarantine folder:

Download the fixlist.txt to the same folder as FRST.exe.

Run FRST.exe and click Fix only once and wait

That will delete the quarantine folder created by FRST.

The rest you can manually delete.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (PM also found HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.