Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:03-05-2016
Ran by uthmin (administrator) on DROTHMAN (04-05-2016 01:34:18)
Running from C:\Users\uthmin\Desktop
Loaded Profiles: uthmin (Available Profiles: uthmin)
Platform: Windows 10 Pro (X64) Language: الإنجليزية (الولايات المتحدة)‏
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Plays.tv, LLC) C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(AntGROUP) C:\Program Files (x86)\Ant Download Manager\antCH\antCH.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-30] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3936936 2016-05-01] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PlaysTV] => C:\Program Files (x86)\Raptr Inc\PlaysTV\playstv_launcher.exe [71440 2016-04-27] (Plays.tv, LLC)
HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr Inc\Raptr\raptrstub.exe [58640 2016-04-27] (Raptr, Inc)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-28] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3477640 2012-09-23] (Adobe Systems Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Run: [antMR] => C:\Program Files (x86)\Ant Download Manager\antMR.exe [130048 2016-03-28] (AntGROUP)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Run: [AntDM] => C:\Program Files (x86)\Ant Download Manager\AntDM.exe [4474368 2016-04-08] (AntGROUP)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Run: [Viber] => C:\Users\uthmin\AppData\Local\Viber\Viber.exe [69268048 2016-04-13] (Viber Media S.Ã  r.l.)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Thaker.lnk [2016-04-28]
ShortcutTarget: Thaker.lnk -> C:\Program Files (x86)\منبه الذاكرين\Thaker.exe ()
Startup: C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\إرسال إلى OneNote.lnk [2016-05-03]
ShortcutTarget: إرسال إلى OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)


Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2791196081-3455553443-96247009-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com/?ilc=8
SearchScopes: HKU\S-1-5-21-2791196081-3455553443-96247009-1001 -> DefaultScope {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
SearchScopes: HKU\S-1-5-21-2791196081-3455553443-96247009-1001 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}&fr=mkg028
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE64.dll [2016-04-08] (AntGROUP)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2012-10-01] (Microsoft Corporation)
BHO-x32: Ant Download Manager BHO -> {8ABC6AE5-74BD-4c73-BB34-44526792D2AE} -> C:\Program Files (x86)\Ant Download Manager\antIE\antIE.dll [2016-04-08] (AntGROUP)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2012-10-01] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2012-09-23] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2012-10-01] (Microsoft Corporation)

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2012-10-01] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2016-04-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2016-04-27] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2013-05-28] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2012-10-01] (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-05-03] [not signed]
FF HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\Firefox\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi
FF Extension: AntFF - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi [2016-02-26]
FF HKU\S-1-5-21-2791196081-3455553443-96247009-1001\...\SeaMonkey\Extensions: [antgroup@antdownloadmanager.com] - C:\Program Files (x86)\Ant Download Manager\antFF\antFF.xpi

Chrome: 
=======
CHR HomePage: Default -> hxxp://eg.hao222.com/
CHR StartupUrls: Default -> "hxxp://eg.hao222.com/" 
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.135\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (عروض Google التقديمية) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-27]
CHR Extension: (محرّر مستندات Google) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-27]
CHR Extension: (Google Drive) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-27]
CHR Extension: (Youtube) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-27]
CHR Extension: (بحث Google) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-04-27]
CHR Extension: (Adobe Acrobat) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-04-29]
CHR Extension: (جداول بيانات Google ) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-27]
CHR Extension: (AntDM Integration Extension) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdfkgijmihakgkpgfihkhoflogmiphp [2016-04-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-27]
CHR Extension: (Gmail) - C:\Users\uthmin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-27]
CHR HKU\S-1-5-21-2791196081-3455553443-96247009-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fgdfkgijmihakgkpgfihkhoflogmiphp] - C:\Program Files (x86)\Ant Download Manager\antCH\antCH.crx [2016-04-27]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2016-04-28] (Broadcom Corporation.)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2519904 2016-04-13] (ESET)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 LDrvSvc; C:\Program Files (x86)\OSTotoSoft\DriverTalent\LDrvSvc.dll [147216 2016-03-09] ()
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 PlaysService; C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe [32528 2016-04-27] (Plays.tv, LLC)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [237736 2016-05-01] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2016-04-28] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7593176 2015-07-10] (Broadcom Corporation)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [264552 2016-04-13] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2016-04-13] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2016-04-13] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2016-04-13] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [198096 2016-04-13] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [53384 2016-04-13] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [84800 2016-04-13] (ESET)
R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2016-04-28] (REALiX(tm))
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185384 2015-12-24] (Intel Corporation)
R2 memudrv; C:\Program Files\Microvirt\MEmuHyperv\MEmuDrv.sys [260368 2015-11-02] (Microvirt Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [936192 2016-04-28] (Realtek                                            )
U5 RTSPER; C:\Windows\System32\Drivers\RTSPER.sys [761560 2015-09-25] (Realsil Semiconductor Corporation)
U5 RTSUER; C:\Windows\System32\Drivers\RTSUER.sys [407768 2015-09-25] (Realsil Semiconductor Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 2016-05-01] (Synaptics Incorporated)
S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2016-05-04] (SlimWare Utilities, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-04] ()
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 01:34 - 2016-05-04 01:34 - 00016776 _____ C:\Users\uthmin\Desktop\FRST.txt
2016-05-04 01:21 - 2016-05-04 01:22 - 00002927 _____ C:\Users\uthmin\Desktop\fixlist.txt.txt
2016-05-04 01:15 - 2016-05-04 01:15 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-04 00:40 - 2016-05-04 00:41 - 00000298 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_uthmin.job
2016-05-04 00:40 - 2016-05-04 00:40 - 00002488 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_uthmin
2016-05-04 00:39 - 2015-09-25 02:08 - 09890008 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsCRIcon.dll
2016-05-04 00:39 - 2015-09-25 02:08 - 00761560 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsPer.sys
2016-05-04 00:39 - 2015-09-25 02:08 - 00407768 _____ (Realsil Semiconductor Corporation) C:\WINDOWS\system32\Drivers\RtsUer.sys
2016-05-04 00:39 - 2015-09-25 02:08 - 00367320 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsPStor.sys
2016-05-04 00:39 - 2015-09-25 02:08 - 00313048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsBaStor.sys
2016-05-04 00:39 - 2015-09-25 02:08 - 00302808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RtsP2Stor.sys
2016-05-04 00:32 - 2016-05-04 00:32 - 00016148 _____ C:\WINDOWS\system32\DROTHMAN_uthmin_HistoryPrediction.bin
2016-05-03 20:46 - 2016-05-03 20:46 - 00000000 _____ C:\autoexec.bat
2016-05-03 20:40 - 2016-05-04 00:47 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-03 20:39 - 2016-05-03 20:40 - 00000000 ____D C:\sh4ldr
2016-05-03 20:33 - 2016-05-03 20:33 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-03 20:32 - 2016-05-04 00:51 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Wise Disk Cleaner
2016-05-03 20:32 - 2016-05-03 20:32 - 00001291 _____ C:\Users\Public\Desktop\Wise Disk Cleaner.lnk
2016-05-03 20:32 - 2016-05-03 20:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2016-05-03 20:32 - 2016-05-03 20:32 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-03 20:32 - 2016-05-03 20:32 - 00000000 ____D C:\Program Files (x86)\Wise
2016-05-03 20:31 - 2016-05-03 20:31 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\WinRAR
2016-05-03 20:31 - 2016-05-03 20:31 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-03 20:31 - 2016-05-03 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-05-03 20:30 - 2016-05-03 20:31 - 00000000 ____D C:\Program Files\WinRAR
2016-05-03 20:24 - 2016-05-04 01:34 - 00000000 ____D C:\FRST
2016-05-03 20:22 - 2016-05-03 20:23 - 02377216 _____ (Farbar) C:\Users\uthmin\Desktop\FRST64.exe
2016-05-03 20:03 - 2016-05-03 20:33 - 00000000 ____D C:\Users\uthmin\Compressed
2016-05-03 18:00 - 2016-05-03 18:00 - 00000000 ____D C:\Users\uthmin\Documents\دفاتر ملاحظات OneNote
2016-05-03 17:47 - 2016-05-03 17:51 - 19779656 _____ C:\Users\uthmin\Downloads\RogueKiller.exe
2016-05-03 03:21 - 2016-05-03 03:21 - 00002487 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2016-05-03 03:21 - 2016-05-03 03:21 - 00002096 _____ C:\Users\Public\Desktop\Adobe Reader X.lnk
2016-05-03 03:18 - 2016-05-03 03:18 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2016-05-03 03:14 - 2016-05-03 03:14 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2016-05-03 03:14 - 2016-05-03 03:14 - 00002307 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2016-05-03 03:14 - 2016-05-03 03:14 - 00002128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2016-05-03 03:14 - 2016-05-03 03:14 - 00002105 _____ C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2016-05-03 03:12 - 2016-05-03 03:21 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-05-03 03:05 - 2016-05-03 03:05 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-05-03 02:56 - 2016-05-03 02:56 - 00541168 _____ C:\Users\uthmin\Downloads\0B6MWhl1Ptj4bVjBuZGp6S01FMlE
2016-05-01 21:25 - 2016-05-04 00:47 - 00000000 ____D C:\Users\uthmin\AppData\Local\CrashDumps
2016-05-01 20:10 - 2016-05-01 20:10 - 00004296 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-05-01 20:10 - 2016-05-01 20:10 - 00000000 ____D C:\ProgramData\ATI
2016-05-01 19:26 - 2016-05-01 19:26 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Canon
2016-05-01 19:17 - 2016-05-01 19:17 - 00002151 _____ C:\Users\Public\Desktop\Canon MF Toolbox 4.9.lnk
2016-05-01 19:01 - 2016-05-01 19:01 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Synaptics
2016-05-01 19:01 - 2016-05-01 19:01 - 00000000 ____D C:\ProgramData\Synaptics
2016-05-01 18:56 - 2016-05-01 18:56 - 00000000 ___HD C:\WINDOWS\system32\CanonMF Uninstaller Information
2016-05-01 18:56 - 2016-05-01 18:56 - 00000000 ____D C:\Program Files\Canon
2016-05-01 18:56 - 2007-06-25 18:44 - 00189952 _____ (CANON INC.) C:\WINDOWS\system32\CNCC4010.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00063488 _____ (Canon Inc.) C:\WINDOWS\system32\CNCLSD31.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00045056 _____ (Canon Inc.) C:\WINDOWS\system32\CNCLST31.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00038912 _____ (Canon Inc.) C:\WINDOWS\system32\cncilsc.dll
2016-05-01 18:56 - 2007-06-25 18:44 - 00037376 _____ (Canon Inc.) C:\WINDOWS\system32\CNCLSI31.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00032768 _____ (Canon Inc.) C:\WINDOWS\system32\CNCLSC31.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00025600 _____ (CANON INC.) C:\WINDOWS\system32\CNCL4010.DLL
2016-05-01 18:56 - 2007-06-25 18:44 - 00021504 _____ (Canon Inc.) C:\WINDOWS\system32\CNCLSU31.DLL
2016-05-01 18:56 - 2007-06-25 18:43 - 00032256 _____ (CANON INC.) C:\WINDOWS\system32\CNCI4010.DLL
2016-05-01 18:56 - 2007-04-18 17:13 - 00066048 _____ (Canon Inc.) C:\WINDOWS\system32\CNAS0MMK.DLL
2016-05-01 18:56 - 2007-01-29 16:08 - 00000332 _____ C:\WINDOWS\system32\CNCMFP31.INI
2016-05-01 18:48 - 2016-05-01 19:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2016-05-01 18:42 - 2016-05-01 18:42 - 00000000 ____D C:\Users\uthmin\AppData\Local\ElevatedDiagnostics
2016-05-01 18:35 - 2016-05-01 18:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriversCloud.com
2016-05-01 18:35 - 2016-05-01 18:35 - 00000000 ____D C:\ProgramData\DriversCloud.com
2016-05-01 18:35 - 2016-05-01 18:35 - 00000000 ____D C:\Program Files\DriversCloud.com
2016-05-01 18:26 - 2016-05-01 19:17 - 00000000 ____D C:\Program Files (x86)\Canon
2016-05-01 18:14 - 2016-05-01 18:14 - 00000000 ____D C:\Users\uthmin\AppData\Local\Apps\2.0
2016-05-01 02:33 - 2016-05-01 02:33 - 00000000 ____D C:\WINDOWS\LastGood
2016-05-01 02:31 - 2016-05-01 02:31 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2016-05-01 02:31 - 2016-05-01 02:31 - 00755880 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2016-05-01 02:31 - 2016-05-01 02:31 - 00610472 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2016-05-01 02:31 - 2016-05-01 02:31 - 00410792 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2016-05-01 02:31 - 2016-05-01 02:31 - 00260264 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2016-05-01 02:31 - 2016-05-01 02:31 - 00248488 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31-1.dll
2016-05-01 02:31 - 2016-05-01 02:31 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2016-05-01 02:31 - 2016-05-01 02:31 - 00033448 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2016-05-01 02:21 - 2016-05-01 02:22 - 00000000 ____D C:\Program Files\CCleaner
2016-05-01 02:21 - 2016-05-01 02:21 - 00002858 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-05-01 02:21 - 2016-05-01 02:21 - 00000865 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-01 02:11 - 2016-05-03 17:48 - 00000000 ____D C:\Users\uthmin\Desktop\مجلد جديد
2016-04-29 21:18 - 2016-05-04 00:48 - 00000000 ____D C:\Users\uthmin\AppData\Local\Viber
2016-04-29 19:49 - 2016-04-29 19:49 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-04-29 19:48 - 2016-05-01 02:31 - 00033960 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2016-04-29 19:48 - 2016-04-29 19:48 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-04-29 19:48 - 2016-04-29 19:48 - 00000000 ____D C:\Program Files\Synaptics
2016-04-29 02:34 - 2016-04-29 02:36 - 00000000 ____D C:\Program Files (x86)\ZHPFix
2016-04-29 02:34 - 2016-04-29 02:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2016-04-28 22:43 - 2016-04-28 22:43 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-04-28 22:36 - 2016-05-03 20:44 - 00005232 _____ C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for Drothman-uthmin Drothman
2016-04-28 18:29 - 2016-04-28 18:29 - 06027569 ____H C:\Users\uthmin\Documents\â‌گ. ط¹ظ„ظ… ظ…ظ†ط§ظ‡ط¬ ط§ظ„طھط±ط.57223A59.partial
2016-04-28 18:23 - 2016-04-28 18:23 - 00000000 ____D C:\Users\uthmin\AppData\LocalLow\Adobe
2016-04-28 17:52 - 2016-05-03 17:03 - 00000000 ____D C:\Users\uthmin\Documents\ViberDownloads
2016-04-28 17:43 - 2016-04-28 17:43 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-04-28 17:32 - 2016-04-28 17:32 - 00000000 ____D C:\Users\uthmin\AppData\Local\ESET
2016-04-28 17:29 - 2016-04-28 17:29 - 00002100 _____ C:\Users\Public\Desktop\ESETحماية الدفع المصرفي.lnk
2016-04-28 17:29 - 2016-04-28 17:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2016-04-28 17:29 - 2016-04-28 17:29 - 00000000 ____D C:\ProgramData\ESET
2016-04-28 17:29 - 2016-04-28 17:29 - 00000000 ____D C:\Program Files\ESET
2016-04-28 17:01 - 2016-04-28 17:49 - 00002059 _____ C:\Users\uthmin\Desktop\MEmu.lnk
2016-04-28 16:54 - 2016-04-28 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-04-28 16:54 - 2016-04-28 16:54 - 00000000 ____D C:\Program Files\ATI Technologies
2016-04-28 16:48 - 2016-04-28 16:54 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-04-28 16:48 - 2016-04-28 16:48 - 12814752 _____ (Intel Corporation) C:\WINDOWS\system32\igdumd64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 09016320 _____ (Intel Corporation) C:\WINDOWS\system32\igfxress.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 03520000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 03129856 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 01981696 _____ C:\WINDOWS\system32\iglhxa64.cpa
2016-04-28 16:48 - 2016-04-28 16:48 - 01067696 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00957472 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00584192 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00551424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00544552 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00539312 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00523184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
2016-04-28 16:48 - 2016-04-28 16:48 - 00453552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
2016-04-28 16:48 - 2016-04-28 16:48 - 00451584 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdev.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00449024 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrell.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00448512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfra.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00448512 _____ (Intel Corporation) C:\WINDOWS\system32\igfxresn.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00448000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrus.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00448000 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrrom.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsky.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptg.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrplk.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnld.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrita.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhrv.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00447488 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdeu.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrhun.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrfin.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446976 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcsy.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtrk.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrsve.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrslv.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrptb.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00446464 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrnor.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00445952 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrtha.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00445952 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrdan.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00444416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrheb.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00444416 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrara.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00440832 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrjpn.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00439808 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrkor.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00437760 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrcht.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00437248 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrchs.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00418816 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTMM.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00393216 _____ (Intel Corporation) C:\WINDOWS\system32\igfxpph.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00339456 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxdv32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00294912 _____ (Intel Corporation) C:\WINDOWS\system32\igfxrenu.lrc
2016-04-28 16:48 - 2016-04-28 16:48 - 00290224 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2016-04-28 16:48 - 2016-04-28 16:48 - 00272928 _____ C:\WINDOWS\SysWOW64\igvpkrng600.bin
2016-04-28 16:48 - 2016-04-28 16:48 - 00272928 _____ C:\WINDOWS\system32\igvpkrng600.bin
2016-04-28 16:48 - 2016-04-28 16:48 - 00266152 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2016-04-28 16:48 - 2016-04-28 16:48 - 00231312 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00194880 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00183216 _____ (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
2016-04-28 16:48 - 2016-04-28 16:48 - 00151040 _____ (Intel Corporation) C:\WINDOWS\system32\igfxdo.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00135680 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcpl.cpl
2016-04-28 16:48 - 2016-04-28 16:48 - 00124928 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4229.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00072704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00059425 _____ C:\WINDOWS\system32\iglhxo64.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00059398 _____ C:\WINDOWS\system32\iglhxg64.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00059230 _____ C:\WINDOWS\system32\iglhxc64.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00059104 _____ C:\WINDOWS\system32\iglhxc64_dev.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00058796 _____ C:\WINDOWS\system32\iglhxg64_dev.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00058109 _____ C:\WINDOWS\system32\iglhxo64_dev.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00041288 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00033792 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00018432 _____ ( ) C:\WINDOWS\system32\IGFXDEVLib.dll
2016-04-28 16:48 - 2016-04-28 16:48 - 00017082 _____ C:\WINDOWS\system32\iglhxs64.vp
2016-04-28 16:48 - 2016-04-28 16:48 - 00001074 _____ C:\WINDOWS\system32\iglhxa64.vp
2016-04-28 16:47 - 2016-04-28 16:48 - 11223896 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumd32.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 13059896 _____ (Intel Corporation) C:\WINDOWS\system32\igd10umd64.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 13037568 _____ (Intel Corporation) C:\WINDOWS\system32\ig4icd64.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 11352688 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10umd32.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 10820096 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig4icd32.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 05916080 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUI.exe
2016-04-28 16:47 - 2016-04-28 16:47 - 05384176 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2016-04-28 16:47 - 2016-04-28 16:47 - 00963452 _____ C:\WINDOWS\SysWOW64\igcodeckrng600.bin
2016-04-28 16:47 - 2016-04-28 16:47 - 00963452 _____ C:\WINDOWS\system32\igcodeckrng600.bin
2016-04-28 16:47 - 2016-04-28 16:47 - 00411056 _____ (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
2016-04-28 16:47 - 2016-04-28 16:47 - 00223664 _____ C:\WINDOWS\system32\Gfxres.th-TH.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00210106 _____ C:\WINDOWS\system32\Gfxres.el-GR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00197040 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2016-04-28 16:47 - 2016-04-28 16:47 - 00194245 _____ C:\WINDOWS\system32\Gfxres.ru-RU.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00183808 _____ (Intel Corporation) C:\WINDOWS\system32\gfxSrvc.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 00166170 _____ C:\WINDOWS\system32\Gfxres.ar-SA.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00163421 _____ C:\WINDOWS\system32\Gfxres.ja-JP.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00159008 _____ C:\WINDOWS\system32\Gfxres.he-IL.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00149682 _____ C:\WINDOWS\system32\Gfxres.it-IT.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00148042 _____ C:\WINDOWS\system32\Gfxres.ko-KR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00147393 _____ C:\WINDOWS\system32\Gfxres.de-DE.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00147288 _____ C:\WINDOWS\system32\Gfxres.es-ES.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00146004 _____ C:\WINDOWS\system32\Gfxres.ro-RO.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00145491 _____ C:\WINDOWS\system32\Gfxres.fr-FR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00144645 _____ C:\WINDOWS\system32\Gfxres.tr-TR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00144260 _____ C:\WINDOWS\system32\Gfxres.pt-BR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00144020 _____ C:\WINDOWS\system32\Gfxres.nl-NL.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00143932 _____ C:\WINDOWS\system32\Gfxres.hu-HU.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00142882 _____ C:\WINDOWS\system32\Gfxres.sv-SE.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00142877 _____ C:\WINDOWS\system32\Gfxres.pt-PT.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00142717 _____ C:\WINDOWS\system32\Gfxres.pl-PL.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00142289 _____ C:\WINDOWS\system32\Gfxres.cs-CZ.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00142008 _____ C:\WINDOWS\system32\Gfxres.fi-FI.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00141838 _____ C:\WINDOWS\system32\Gfxres.sk-SK.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00141049 _____ C:\WINDOWS\system32\Gfxres.hr-HR.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00137889 _____ C:\WINDOWS\system32\Gfxres.sl-SI.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00137784 _____ C:\WINDOWS\system32\Gfxres.nb-NO.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00137141 _____ C:\WINDOWS\system32\Gfxres.da-DK.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00132623 _____ C:\WINDOWS\system32\Gfxres.en-US.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00126300 _____ C:\WINDOWS\system32\Gfxres.zh-TW.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00124650 _____ C:\WINDOWS\system32\Gfxres.zh-CN.resources
2016-04-28 16:47 - 2016-04-28 16:47 - 00119296 _____ (Intel Corporation) C:\WINDOWS\system32\hccutils.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 00110080 _____ C:\WINDOWS\system32\igdde64.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 00090112 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2016-04-28 16:47 - 2016-04-28 16:47 - 00000268 _____ C:\WINDOWS\system32\GfxUI.exe.config
2016-04-28 16:46 - 2016-04-28 16:46 - 00000000 ____D C:\Users\Default\AppData\Roaming\ATI
2016-04-28 16:46 - 2016-04-28 16:46 - 00000000 ____D C:\Users\Default\AppData\Local\ATI
2016-04-28 16:46 - 2016-04-28 16:46 - 00000000 ____D C:\Users\Default User\AppData\Roaming\ATI
2016-04-28 16:46 - 2016-04-28 16:46 - 00000000 ____D C:\Users\Default User\AppData\Local\ATI
2016-04-28 16:44 - 2016-04-28 16:45 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2016-04-28 16:43 - 2016-04-28 16:43 - 47794160 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 39720944 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 30775792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atio6axx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 27544560 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\amdocl12cl64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 25320432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atioglxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 22327280 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\amdocl12cl.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 21648880 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmdag.sys
2016-04-28 16:43 - 2016-04-28 16:43 - 15725552 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticaldd64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 14310896 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticaldd.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 12088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atidxx64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 10211016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atidxx32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 09355016 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdxc64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 08982432 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd6a.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 08864920 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiumd64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 08009360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdva.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 07683096 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdxc32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 07482560 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiumdag.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 06686192 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmantle64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 05216240 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmantle32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 03471376 _____ C:\WINDOWS\SysWOW64\atiumdva.cap
2016-04-28 16:43 - 2016-04-28 16:43 - 03437632 _____ C:\WINDOWS\system32\atiumd6a.cap
2016-04-28 16:43 - 2016-04-28 16:43 - 01479808 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\aticfx64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 01256432 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiadlxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 01196032 _____ C:\WINDOWS\system32\amdocl_as64.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 01070592 _____ C:\WINDOWS\system32\amdocl_ld64.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 01004032 _____ C:\WINDOWS\SysWOW64\amdocl_as32.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxy.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00935408 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\atiadlxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00833800 _____ C:\WINDOWS\system32\amdicdxx.dat
2016-04-28 16:43 - 2016-04-28 16:43 - 00807424 _____ C:\WINDOWS\SysWOW64\amdocl_ld32.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00674288 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\atikmpag.sys
2016-04-28 16:43 - 2016-04-28 16:43 - 00662400 _____ C:\WINDOWS\SysWOW64\atiapfxx.blb
2016-04-28 16:43 - 2016-04-28 16:43 - 00662400 _____ C:\WINDOWS\system32\atiapfxx.blb
2016-04-28 16:43 - 2016-04-28 16:43 - 00631792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\amdlvr64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00524272 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\SysWOW64\amdlvr32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00471320 _____ C:\WINDOWS\system32\amdmiracast.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00451056 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atidemgy.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00375792 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\atiapfxx.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00341488 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODE.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00243696 _____ C:\WINDOWS\system32\clinfo.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00213488 _____ C:\WINDOWS\system32\amdgfxinfo64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00199664 _____ (AMD) C:\WINDOWS\system32\atitmm64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00198640 _____ C:\WINDOWS\SysWOW64\amdgfxinfo32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00177344 _____ C:\WINDOWS\system32\ativce03.dat
2016-04-28 16:43 - 2016-04-28 16:43 - 00175648 _____ C:\WINDOWS\system32\amde31a.dat
2016-04-28 16:43 - 2016-04-28 16:43 - 00168944 _____ C:\WINDOWS\system32\atieah64.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00165360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6txx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00162232 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiuxp64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00152560 _____ C:\WINDOWS\SysWOW64\atieah32.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00150512 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atigktxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00143344 _____ C:\WINDOWS\system32\amdhdl64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00143056 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiuxpag.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00136176 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantle64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00132080 _____ C:\WINDOWS\SysWOW64\amdhdl32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00130064 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiu9p64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00122352 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantle32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00112360 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiu9pag.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00111600 _____ C:\WINDOWS\system32\hsa-thunk64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00111088 _____ C:\WINDOWS\SysWOW64\hsa-thunk.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00103408 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\mantleaxl64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00100816 _____ C:\WINDOWS\system32\ativce02.dat
2016-04-28 16:43 - 2016-04-28 16:43 - 00096752 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\mantleaxl32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atimpc64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00088000 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdpcom64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00083952 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atig6pxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atimpc32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00081160 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdpcom32.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\atiglpxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00078320 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\atiglpxx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00073712 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00071152 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalrt64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00068080 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00064496 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\system32\aticalcl64.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00060912 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalrt.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00059888 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\ATIODCLI.exe
2016-04-28 16:43 - 2016-04-28 16:43 - 00059376 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\system32\amdmmcl6.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00057840 _____ (Advanced Micro Devices Inc.) C:\WINDOWS\SysWOW64\aticalcl.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00052208 _____ (Advanced Micro Devices, Inc.) C:\WINDOWS\system32\Drivers\ati2erec.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00048112 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\amdmmcl.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00038384 _____ (AMD) C:\WINDOWS\system32\atimuixx.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\detoured.dll
2016-04-28 16:43 - 2016-04-28 16:43 - 00012784 _____ (Microsoft Corporation) C:\WINDOWS\system32\detoured.dll
2016-04-28 15:35 - 2016-04-28 15:35 - 00000000 ____D C:\WINDOWS\SysWOW64\XPSViewer
2016-04-28 15:35 - 2016-04-28 15:35 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-04-28 15:35 - 2016-04-28 15:35 - 00000000 ____D C:\Program Files\MSBuild
2016-04-28 15:35 - 2016-04-28 15:35 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-04-28 15:35 - 2016-04-28 15:35 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-04-28 15:33 - 2015-05-29 21:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-04-28 15:33 - 2015-05-29 21:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-04-28 15:33 - 2015-05-29 21:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-04-28 15:32 - 2015-06-17 18:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-04-28 15:32 - 2015-06-17 18:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-04-28 15:32 - 2015-06-17 18:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-04-28 14:56 - 2016-04-28 14:56 - 00001802 _____ C:\Users\uthmin\Desktop\Word 2013.lnk
2016-04-28 14:19 - 2016-04-28 14:19 - 00082544 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-04-28 14:10 - 2016-05-01 02:23 - 00000000 ____D C:\WINDOWS\Minidump
2016-04-28 14:06 - 2016-04-28 14:06 - 02255064 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BtwRSupportService.exe
2016-04-28 14:06 - 2016-04-28 14:06 - 02232024 _____ (Broadcom Corporation.) C:\WINDOWS\system32\BcmBtRSupport.dll
2016-04-28 14:06 - 2016-04-28 14:06 - 00170712 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\bcbtums.sys
2016-04-28 14:06 - 2016-04-28 14:06 - 00166104 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwampfl.sys
2016-04-28 14:06 - 2016-04-28 14:06 - 00066264 _____ (Broadcom Corporation.) C:\WINDOWS\system32\btwdi.dll
2016-04-28 14:00 - 2016-04-28 14:00 - 00000000 ____D C:\WINDOWS\IObit
2016-04-28 05:37 - 2016-04-28 01:40 - 00000000 ___DC C:\WINDOWS\Panther
2016-04-28 05:35 - 2016-04-28 05:35 - 00000000 ____D C:\Windows.old
2016-04-28 05:34 - 2016-04-28 05:34 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-04-28 02:49 - 2016-04-28 02:49 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\منبه الذاكرين
2016-04-28 02:48 - 2016-05-01 20:45 - 00000000 ____D C:\Users\uthmin\.MemuHyperv
2016-04-28 02:48 - 2016-04-28 17:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEmu
2016-04-28 02:48 - 2016-04-28 02:49 - 00000000 ____D C:\Program Files (x86)\منبه الذاكرين
2016-04-28 02:48 - 2016-04-28 02:48 - 00050176 _____ (instyler installation software) C:\WINDOWS\uninstyler.exe
2016-04-28 02:48 - 2016-04-28 02:48 - 00000000 ____D C:\Users\uthmin\AppData\Local\PeerDistRepub
2016-04-28 02:47 - 2016-04-28 17:00 - 00000000 ____D C:\Program Files\Microvirt
2016-04-28 02:47 - 2016-04-28 02:50 - 00000000 ____D C:\Users\uthmin\Documents\Readiris
2016-04-28 02:46 - 2016-04-28 02:46 - 00001309 _____ C:\Users\uthmin\Desktop\Readiris Corporate 12 Middle East.lnk
2016-04-28 02:46 - 2016-04-28 02:46 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Readiris Corporate 12 Middle East Edition
2016-04-28 02:45 - 2016-04-28 02:47 - 00000000 ____D C:\Program Files (x86)\Readiris Corporate 12 Middle East Edition
2016-04-28 02:40 - 2016-04-28 02:40 - 00001427 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-04-28 02:40 - 2016-04-28 02:40 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-04-28 02:37 - 2016-04-28 02:37 - 00026528 _____ (REALiX(tm)) C:\WINDOWS\SysWOW64\Drivers\HWiNFO64A.SYS
2016-04-28 02:34 - 2016-05-01 21:41 - 00000000 ____D C:\Users\uthmin\AppData\Local\Adobe
2016-04-28 02:34 - 2016-04-28 02:34 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2016-04-28 02:30 - 2016-05-03 03:13 - 00000000 ____D C:\ProgramData\Adobe
2016-04-28 02:09 - 2016-04-27 19:24 - 00008192 __RSH C:\BOOTSECT.BAK
2016-04-28 01:11 - 2016-04-28 01:11 - 00014501 _____ C:\ProgramData\Duplicaterecord.js
2016-04-28 01:11 - 2016-04-28 01:11 - 00003720 _____ C:\WINDOWS\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2016-04-28 01:11 - 2016-04-28 01:11 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\PC Faster
2016-04-28 01:11 - 2016-04-28 01:11 - 00000000 ____D C:\ProgramData\Baidu
2016-04-28 01:10 - 2016-04-28 01:10 - 00000000 ____D C:\Users\Public\Documents\PC Faster
2016-04-27 23:02 - 2016-04-27 23:02 - 00000000 ____D C:\Users\Public\Thunder Network
2016-04-27 23:02 - 2016-04-27 23:02 - 00000000 ____D C:\ProgramData\Thunder Network
2016-04-27 23:01 - 2016-04-27 23:01 - 00000000 ____D C:\Program Files (x86)\Intel
2016-04-27 23:00 - 2016-04-27 23:01 - 00000000 ____D C:\ProgramData\DriverTalent
2016-04-27 23:00 - 2016-04-27 23:00 - 00001273 _____ C:\Users\Public\Desktop\Driver Talent.lnk
2016-04-27 23:00 - 2016-04-27 23:00 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\DriverTalent
2016-04-27 23:00 - 2016-04-27 23:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Talent
2016-04-27 23:00 - 2016-04-27 23:00 - 00000000 ____D C:\OSTotoFolder
2016-04-27 22:59 - 2016-04-27 22:59 - 00000000 ____D C:\Program Files (x86)\OSTotoSoft
2016-04-27 22:29 - 2016-05-04 00:39 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-04-27 22:29 - 2015-09-25 02:08 - 00083160 _____ (Realtek Semiconductor.) C:\WINDOWS\system32\RtCRX64.dll
2016-04-27 22:13 - 2016-04-27 22:13 - 01390960 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-04-27 22:13 - 2016-04-27 22:13 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-27 22:13 - 2016-04-27 22:13 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Intel Corporation
2016-04-27 22:13 - 2016-04-27 22:13 - 00000000 ____D C:\ProgramData\Intel
2016-04-27 22:12 - 2016-04-27 22:12 - 00000000 ____D C:\Users\uthmin\Intel
2016-04-27 22:00 - 2016-05-04 00:39 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-04-27 22:00 - 2016-05-01 18:48 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-04-27 22:00 - 2016-04-28 14:19 - 00936192 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys
2016-04-27 21:59 - 2016-04-27 21:59 - 00000000 ____D C:\Users\uthmin\Documents\قوالب Office المخصصة
2016-04-27 21:56 - 2016-04-27 21:57 - 00883019 _____ (AMD Inc.) C:\Users\uthmin\Downloads\amd-catalyst-15.7.1-win10-64bit.exe.rvrv18l.partial
2016-04-27 21:45 - 2016-04-27 22:12 - 00000000 ____D C:\Program Files\Intel
2016-04-27 21:44 - 2016-05-04 00:27 - 00000000 ____D C:\SWSetup
2016-04-27 21:39 - 2016-04-27 21:39 - 00000000 ____D C:\ProgramData\SlimWare Utilities, Inc
2016-04-27 21:37 - 2016-05-04 00:35 - 00016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys
2016-04-27 21:37 - 2016-04-27 21:37 - 00000000 ____D C:\Users\uthmin\AppData\Local\SlimWare Utilities Inc
2016-04-27 21:37 - 2016-04-27 21:37 - 00000000 ____D C:\Users\uthmin\AppData\IObit
2016-04-27 21:37 - 2016-04-27 21:37 - 00000000 ____D C:\Users\Public\Documents\Downloaded Installers
2016-04-27 21:36 - 2016-05-01 20:37 - 00000000 ____D C:\ProgramData\ProductData
2016-04-27 21:36 - 2016-05-01 20:37 - 00000000 ____D C:\ProgramData\IObit
2016-04-27 21:36 - 2016-04-28 02:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-04-27 21:36 - 2016-04-27 21:36 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\ProductData
2016-04-27 21:36 - 2016-04-27 21:36 - 00000000 ____D C:\Users\uthmin\AppData\LocalLow\IObit
2016-04-27 21:36 - 2016-04-27 21:36 - 00000000 ____D C:\Users\uthmin\AppData\Local\MicrosoftEdge
2016-04-27 21:35 - 2016-05-01 22:03 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-27 21:35 - 2016-04-28 02:40 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\IObit
2016-04-27 21:35 - 2016-04-27 21:35 - 00000000 ____D C:\Users\Public\Documents\Baidu
2016-04-27 21:35 - 2016-04-27 21:35 - 00000000 ____D C:\ProgramData\Baidu Security
2016-04-27 21:35 - 2016-04-27 21:35 - 00000000 ____D C:\Program Files (x86)\Baidu Security
2016-04-27 21:26 - 2016-04-27 21:26 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\ATI
2016-04-27 21:26 - 2016-04-27 21:26 - 00000000 ____D C:\Users\uthmin\AppData\Local\ATI
2016-04-27 21:07 - 2016-04-27 21:07 - 00000146 _____ C:\Users\uthmin\Desktop\Device Manager - Shortcut.lnk
2016-04-27 20:36 - 2015-07-09 20:25 - 16736256 _____ (Microsoft Corporation) C:\WINDOWS\system32\prm0001.dll
2016-04-27 20:25 - 2016-04-27 20:25 - 00000000 ____D C:\Users\uthmin\AppData\Local\NetworkTiles
2016-04-27 20:25 - 2016-04-27 20:25 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-04-27 20:22 - 2016-04-27 20:22 - 00001047 _____ C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2016-04-27 20:11 - 2016-04-27 20:19 - 00002366 _____ C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-27 20:11 - 2016-04-27 20:19 - 00000000 ___RD C:\Users\uthmin\OneDrive
2016-04-27 20:10 - 2016-04-27 20:10 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-04-27 20:08 - 2016-04-27 20:08 - 00000000 ____D C:\Users\uthmin\AppData\Local\Publishers
2016-04-27 20:07 - 2016-04-27 20:09 - 00000000 ____D C:\Users\uthmin\AppData\Local\Comms
2016-04-27 20:07 - 2016-04-27 20:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-04-27 20:07 - 2016-04-27 20:07 - 00000000 ____D C:\Users\uthmin\AppData\Local\TileDataLayer
2016-04-27 20:06 - 2016-04-27 20:06 - 00000020 ___SH C:\Users\uthmin\ntuser.ini
2016-04-27 20:04 - 2015-12-01 09:01 - 02115936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-27 20:03 - 2015-11-18 08:36 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-04-27 20:03 - 2015-11-18 07:56 - 04047280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-04-27 20:03 - 2015-08-19 06:50 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-04-27 20:01 - 2015-07-22 05:52 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-27 19:57 - 2016-04-27 19:57 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-04-27 19:55 - 2016-04-27 23:01 - 01367428 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-27 19:49 - 2016-04-27 19:49 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-04-27 19:45 - 2016-04-27 19:45 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-04-27 19:44 - 2016-05-03 20:03 - 00000000 ____D C:\Users\uthmin
2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\My Documents
2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Videos
2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Pictures
2016-04-27 19:44 - 2016-04-27 19:44 - 00000000 _SHDL C:\Users\uthmin\Documents\My Music
2016-04-27 19:43 - 2015-07-10 12:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-04-27 19:41 - 2016-04-27 19:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-04-27 19:14 - 2016-04-28 01:41 - 00000000 ___HD C:\$Windows.~BT
2016-04-27 19:09 - 2016-04-27 20:13 - 72519592 _____ (Lenovo Group Limited ) C:\Users\uthmin\Downloads\j9dp06ww.exe
2016-04-27 19:06 - 2016-05-01 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2016-04-27 19:05 - 2016-05-01 20:19 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\PlaysTV
2016-04-27 19:03 - 2016-04-27 19:58 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2016-04-27 19:03 - 2016-04-27 19:58 - 00009528 _____ C:\WINDOWS\diagerr.xml
2016-04-27 19:01 - 2016-04-27 19:01 - 00000000 ____D C:\Intel
2016-04-27 18:58 - 2016-04-27 18:58 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Macromedia
2016-04-27 18:57 - 2016-05-03 04:08 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Yahoo!
2016-04-27 18:57 - 2016-04-27 18:57 - 00000000 ____D C:\ProgramData\Yahoo! Companion
2016-04-27 18:56 - 2016-04-27 19:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2016-04-27 18:56 - 2016-04-27 18:57 - 00000000 ____D C:\ProgramData\Yahoo!
2016-04-27 18:56 - 2016-04-27 18:56 - 00001181 _____ C:\Users\Public\Desktop\Yahoo! Messenger.lnk
2016-04-27 18:56 - 2016-04-27 18:56 - 00000000 ____D C:\Users\uthmin\AppData\LocalLow\Yahoo! Companion
2016-04-27 18:56 - 2016-04-27 18:56 - 00000000 ____D C:\Users\uthmin\AppData\LocalLow\Yahoo!
2016-04-27 18:53 - 2016-04-27 18:54 - 00000000 ____D C:\Program Files (x86)\Raptr Inc
2016-04-27 18:53 - 2016-04-27 18:53 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\library_dir
2016-04-27 18:51 - 2016-04-27 18:51 - 00000000 ____D C:\Users\uthmin\Downloads\MEmu Download
2016-04-27 18:39 - 2016-05-04 00:34 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\ViberPC
2016-04-27 18:39 - 2016-04-27 18:39 - 00001005 _____ C:\Users\uthmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viber.lnk
2016-04-27 18:39 - 2016-04-27 18:39 - 00000997 _____ C:\Users\uthmin\Desktop\Viber.lnk
2016-04-27 18:38 - 2016-04-27 18:57 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-04-27 18:31 - 2016-05-01 20:11 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Raptr
2016-04-27 18:29 - 2016-04-27 21:44 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-27 18:28 - 2016-05-01 19:57 - 00000000 ____D C:\Program Files\AMD
2016-04-27 18:26 - 2016-05-01 19:54 - 00000000 ____D C:\AMD
2016-04-27 18:07 - 2016-04-28 15:36 - 00508010 _____ C:\WINDOWS\system32\perfh001.dat
2016-04-27 18:07 - 2016-04-28 15:36 - 00080822 _____ C:\WINDOWS\system32\perfc001.dat
2016-04-27 18:07 - 2016-04-27 21:19 - 00296742 _____ C:\WINDOWS\system32\perfi001.dat
2016-04-27 18:07 - 2016-04-27 21:19 - 00033362 _____ C:\WINDOWS\system32\perfd001.dat
2016-04-27 18:07 - 2016-04-27 19:07 - 00739152 _____ C:\WINDOWS\system32\perfh00C.dat
2016-04-27 18:07 - 2016-04-27 19:07 - 00140976 _____ C:\WINDOWS\system32\perfc00C.dat
2016-04-27 18:07 - 2016-04-27 18:02 - 00350772 _____ C:\WINDOWS\system32\perfi00C.dat
2016-04-27 18:07 - 2016-04-27 18:02 - 00040528 _____ C:\WINDOWS\system32\perfd00C.dat
2016-04-27 18:04 - 2016-04-27 21:45 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\AntDM
2016-04-27 18:03 - 2016-04-27 21:19 - 00000000 ____D C:\WINDOWS\system32\ar
2016-04-27 18:03 - 2016-04-27 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ant Download Manager
2016-04-27 18:03 - 2016-04-27 18:03 - 00001084 _____ C:\Users\Public\Desktop\Ant Download Manager.lnk
2016-04-27 18:03 - 2016-04-27 18:03 - 00000000 ____D C:\WINDOWS\SysWOW64\fr
2016-04-27 18:03 - 2016-04-27 18:03 - 00000000 ____D C:\WINDOWS\system32\fr
2016-04-27 18:03 - 2016-04-27 18:03 - 00000000 ____D C:\Program Files (x86)\Ant Download Manager
2016-04-27 18:03 - 2015-10-07 18:18 - 00504896 _____ (The cURL library, hxxp://curl.haxx.se/) C:\WINDOWS\system32\LIBCURL.DLL
2016-04-27 18:03 - 2013-10-05 03:38 - 04449952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfc120u.dll
2016-04-27 18:03 - 2013-10-05 03:38 - 00970912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120.dll
2016-04-27 18:03 - 2013-10-05 03:38 - 00455328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120.dll
2016-04-27 18:03 - 2013-10-05 00:58 - 05634720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfc120u.dll
2016-04-27 18:03 - 2013-10-05 00:58 - 00963232 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120.dll
2016-04-27 18:03 - 2013-10-05 00:58 - 00660128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120.dll
2016-04-27 17:57 - 2016-04-27 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-04-27 17:56 - 2016-04-27 17:56 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2016-04-27 17:55 - 2016-04-27 17:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-04-27 17:54 - 2016-04-27 17:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-04-27 17:54 - 2016-04-27 17:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-27 17:49 - 2016-05-04 00:47 - 00000000 __RHD C:\MSOCache
2016-04-27 17:49 - 2016-04-27 17:54 - 00000000 ____D C:\Program Files\Microsoft Office
2016-04-27 17:49 - 2016-04-27 17:49 - 00000000 ____D C:\Users\uthmin\AppData\Local\Microsoft Help
2016-04-27 17:49 - 2016-04-27 17:49 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2016-04-27 17:49 - 2016-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-04-27 17:49 - 2016-04-27 17:49 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2016-04-27 17:28 - 2016-05-04 00:45 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-27 17:27 - 2016-04-27 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-27 17:27 - 2016-04-27 17:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-04-27 17:27 - 2016-04-27 17:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-04-27 17:27 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-04-27 17:27 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-27 17:27 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-04-27 17:15 - 2016-04-27 17:15 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2016-04-27 16:58 - 2016-04-27 19:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-04-27 16:58 - 2016-04-27 16:58 - 00002275 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-27 16:57 - 2016-04-28 01:44 - 00000860 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-27 16:57 - 2016-04-28 01:44 - 00000856 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-27 16:57 - 2016-04-28 01:41 - 00003456 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-27 16:57 - 2016-04-28 01:41 - 00003228 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-27 16:57 - 2016-04-27 16:57 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-27 16:56 - 2016-04-27 16:58 - 00000000 ____D C:\Users\uthmin\AppData\Local\Google
2016-04-27 16:48 - 2016-04-27 16:50 - 00000000 ____D C:\AdwCleaner
2016-04-27 16:42 - 2016-04-27 16:47 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-27 16:40 - 2016-05-04 01:13 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\ZHP
2016-04-27 16:40 - 2016-04-27 19:57 - 00003704 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2791196081-3455553443-96247009-1001
2016-04-27 16:39 - 2016-04-08 15:55 - 19765320 _____ C:\Users\uthmin\Desktop\RogueKiller.exe
2016-04-27 16:39 - 2016-04-07 23:48 - 02179072 _____ C:\Users\uthmin\Desktop\ZHPDiag3.exe
2016-04-27 16:38 - 2016-05-03 23:17 - 00004152 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{0EE8FBAD-76CF-45AF-AE36-520B3B15EBBB}
2016-04-27 16:38 - 2016-04-28 15:59 - 00000000 __SHD C:\Users\uthmin\AppData\Local\EmieUserList
2016-04-27 16:38 - 2016-04-28 15:59 - 00000000 __SHD C:\Users\uthmin\AppData\Local\EmieSiteList
2016-04-27 16:38 - 2016-04-28 15:58 - 00000000 __SHD C:\Users\uthmin\AppData\LocalLow\EmieUserList
2016-04-27 16:38 - 2016-04-28 15:58 - 00000000 __SHD C:\Users\uthmin\AppData\LocalLow\EmieSiteList
2016-04-27 16:38 - 2016-04-27 16:38 - 00000000 __SHD C:\Users\uthmin\AppData\LocalLow\EmieBrowserModeList
2016-04-27 16:38 - 2016-04-27 16:38 - 00000000 __SHD C:\Users\uthmin\AppData\Local\EmieBrowserModeList
2016-04-27 16:36 - 2016-04-27 16:36 - 00000000 ____D C:\Users\uthmin\AppData\Local\GWX
2016-04-27 16:35 - 2016-05-03 17:38 - 00000000 ____D C:\Users\uthmin\AppData\Local\Packages
2016-04-27 16:35 - 2016-05-03 03:18 - 00000000 ____D C:\Users\uthmin\AppData\Roaming\Adobe
2016-04-27 16:35 - 2016-04-27 18:58 - 00000000 ____D C:\Users\uthmin\AppData\Local\VirtualStore
2016-04-27 16:28 - 2015-03-14 03:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-04-27 16:24 - 2016-04-27 16:24 - 00000000 ____D C:\WINDOWS\CSC
2016-04-26 18:55 - 2016-05-01 22:20 - 00000000 ____D C:\Users\uthmin\Downloads\الرسالة من العراق
2016-04-26 18:34 - 2016-05-03 17:39 - 00000000 ____D C:\Users\uthmin\Downloads\ملف الداون لود قبل الفرمته
2016-04-13 13:31 - 2016-04-13 13:31 - 00264552 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00198096 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00186784 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00142976 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00084800 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00053384 _____ (ESET) C:\WINDOWS\system32\Drivers\EpfwLWF.sys
2016-04-13 13:31 - 2016-04-13 13:31 - 00014976 _____ (ESET) C:\WINDOWS\system32\Drivers\eelam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-04 00:47 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-05-04 00:47 - 2015-07-10 13:02 - 00000000 ____D C:\WINDOWS\INF
2016-05-04 00:32 - 2015-07-10 14:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-04 00:30 - 2015-07-10 11:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2016-05-03 21:25 - 2015-07-10 13:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-03 21:25 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-01 19:01 - 2015-07-10 13:04 - 00000000 __RSD C:\WINDOWS\Media
2016-04-28 17:42 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-04-28 17:30 - 2015-07-10 13:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-04-28 16:43 - 2015-08-09 07:13 - 01223544 _____ (Advanced Micro Devices, Inc. ) C:\WINDOWS\SysWOW64\aticfx32.dll
2016-04-28 16:43 - 2015-08-09 07:10 - 00874480 _____ (AMD) C:\WINDOWS\system32\coinst_15.20.dll
2016-04-28 16:43 - 2015-08-09 07:10 - 00683504 _____ (AMD) C:\WINDOWS\system32\atieclxx.exe
2016-04-28 16:43 - 2015-08-09 07:10 - 00255472 _____ (AMD) C:\WINDOWS\system32\atiesrxx.exe
2016-04-28 15:38 - 2015-07-10 12:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-28 15:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-04-28 15:35 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-04-28 05:37 - 2015-07-10 13:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-04-28 03:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\appcompat
2016-04-27 21:20 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-04-27 21:20 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-04-27 21:20 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-04-27 21:20 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\IME
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-04-27 21:19 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-04-27 21:19 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\servicing
2016-04-27 20:08 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-27 20:08 - 2015-07-10 13:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-04-27 20:04 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-04-27 20:01 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\rescache
2016-04-27 19:58 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Registration
2016-04-27 19:55 - 2015-07-10 13:04 - 00000000 __RHD C:\Users\Public\Libraries
2016-04-27 19:50 - 2015-07-10 15:14 - 00000000 ____D C:\WINDOWS\ShellNew
2016-04-27 19:50 - 2015-07-10 13:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-04-27 19:50 - 2015-07-10 11:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-27 19:49 - 2013-08-22 15:36 - 00000000 ____D C:\Users\Default.migrated
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-04-27 19:47 - 2015-07-10 15:11 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-04-27 19:47 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-04-27 19:47 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-04-27 19:47 - 2015-07-10 11:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-04-27 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2016-04-27 19:47 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2016-04-27 19:46 - 2015-07-10 15:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\InputMethod
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\WINDOWS\Help
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-04-27 19:46 - 2015-07-10 13:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-04-27 19:46 - 2014-11-21 18:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Embedded Lockdown Manager
2016-04-27 19:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2016-04-27 19:46 - 2013-08-22 17:36 - 00000000 ____D C:\WINDOWS\ADFS
2016-04-27 18:08 - 2013-08-22 15:25 - 00000167 _____ C:\WINDOWS\win.ini

==================== Files in the root of some directories =======

2016-04-28 01:11 - 2016-04-28 01:11 - 0014501 _____ () C:\ProgramData\Duplicaterecord.js

Files to move or delete:
====================
C:\ProgramData\Duplicaterecord.js


Some files in TEMP:
====================
C:\Users\uthmin\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-27 19:39

==================== End of FRST.txt ============================