Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 8.1 detected ntdll code modification


  • This topic is locked This topic is locked
12 replies to this topic

#1 MadHatter2014

MadHatter2014

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 21 April 2014 - 09:53 PM

I have been struggling with a nasty rootkit that has survived several low level drive wipes/formatting and fresh installs. After a clean installation I ran catchme.exe from the gmer website and received the following in my log file.

 

catchme.exe

detected NTDLL code modification:
ZwEnumerateKey 0 != 49, ZwQueryKey 0 != 21, ZwOpenKey 0 != 17, ZwClose 0 != 196622, ZwEnumerateValueKey 0 != 18, ZwQueryValueKey 0 != 22, ZwOpenFile 0 != 50, ZwQueryDirectoryFile 0 != 52, ZwQuerySystemInformation 0 != 53Initialization error
 
I am unable to run DDS due to the systems specs, Windows 8.1 x64 System.
 
Waiting further instructions before proceeding. Thank you.


BC AdBot (Login to Remove)

 


#2 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 22 April 2014 - 05:07 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
 
HijackThis is not the preferred initial scanning tool in this forum. With today's malware, a more comprehensive set of logs is required to determine the presence of malware.
 
 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)
 
  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 
 
 
 
 
Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please attach this file to your next reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#3 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 22 April 2014 - 09:51 AM

FRST.EXE Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014

Ran by FedServ1 (administrator) on FEDERAL1 on 22-04-2014 10:48:56
Running from C:\Users\FedServ1\Desktop
Windows 8.1 Pro (Update 1) (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
() C:\Program Files\pia_manager\pia_manager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(http://www.ruby-lang.org/) C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VirtualBox.exe
(Oracle Corporation) C:\Program Files\Oracle\VirtualBox\VBoxSVC.exe
(Microsoft Corporation) C:\Windows\system32\dashost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\FedServ1\Desktop\OTL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files\pia_manager\openvpn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKU\S-1-5-21-762851687-2403243248-509913355-1001\...\Run: [GoogleChromeAutoLaunch_DD600996D0B4403DAAE80211AD2A13BB] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032 2014-04-01] (Google Inc.)
HKU\S-1-5-21-762851687-2403243248-509913355-1001\...\MountPoints2: {144c8396-2980-11e3-8250-806e6f6e6963} - "I:\setup.exe" 
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689 URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218
 
FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR Extension: (Google Docs) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (YouTube) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (Google Search) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Gmail) - C:\Users\FedServ1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
 
==================== Services (Whitelisted) =================
 
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-10] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-29] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-25] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-22 10:48 - 2014-04-22 10:48 - 00012169 _____ () C:\Users\FedServ1\Desktop\FRST.txt
2014-04-22 10:48 - 2014-04-22 10:48 - 00000000 ____D () C:\FRST
2014-04-22 10:47 - 2014-04-22 10:47 - 02061312 _____ (Farbar) C:\Users\FedServ1\Desktop\FRST64.exe
2014-04-21 22:47 - 2014-04-21 22:47 - 00688992 _____ (Swearware) C:\Users\FedServ1\Desktop\dds.com
2014-04-21 22:43 - 2014-04-21 22:43 - 00288552 _____ () C:\Users\FedServ1\Desktop\OTL.Txt
2014-04-21 22:43 - 2014-04-21 22:43 - 00041998 _____ () C:\Users\FedServ1\Desktop\Extras.Txt
2014-04-21 22:31 - 2014-04-21 22:32 - 00602112 _____ (OldTimer Tools) C:\Users\FedServ1\Desktop\OTL.exe
2014-04-21 22:29 - 2014-04-21 22:29 - 00000279 _____ () C:\Users\FedServ1\Desktop\catchme.log
2014-04-21 12:41 - 2014-04-21 12:41 - 00002425 _____ () C:\Users\FedServ1\Desktop\General.lnk
2014-04-21 11:49 - 2014-02-22 06:34 - 11742720 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2014-04-21 11:49 - 2014-02-07 21:08 - 00139600 _____ () C:\Windows\system32\systemsf.ebd
2014-04-21 11:48 - 2014-02-22 12:59 - 01519520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 01290688 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 00526304 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 00461176 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-04-21 11:48 - 2014-02-22 12:59 - 00407536 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 00289752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 00209160 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2014-04-21 11:48 - 2014-02-22 12:59 - 00139464 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2014-04-21 11:48 - 2014-02-22 12:59 - 00123448 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-04-21 11:48 - 2014-02-22 12:15 - 01929608 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2014-04-21 11:48 - 2014-02-22 12:15 - 01206000 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2014-04-21 11:48 - 2014-02-22 12:15 - 00531128 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-04-21 11:48 - 2014-02-22 12:15 - 00188464 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2014-04-21 11:48 - 2014-02-22 12:02 - 00170952 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2014-04-21 11:48 - 2014-02-22 12:02 - 00083120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-21 11:48 - 2014-02-22 12:00 - 00590168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-21 11:48 - 2014-02-22 12:00 - 00249688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-04-21 11:48 - 2014-02-22 12:00 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-04-21 11:48 - 2014-02-22 12:00 - 00151384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-04-21 11:48 - 2014-02-22 11:59 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-04-21 11:48 - 2014-02-22 11:55 - 01435304 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2014-04-21 11:48 - 2014-02-22 11:55 - 00388408 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-04-21 11:48 - 2014-02-22 11:55 - 00244848 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2014-04-21 11:48 - 2014-02-22 11:55 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2014-04-21 11:48 - 2014-02-22 11:55 - 00105864 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-04-21 11:48 - 2014-02-22 11:53 - 03394384 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-04-21 11:48 - 2014-02-22 11:50 - 02588168 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-04-21 11:48 - 2014-02-22 11:50 - 00761792 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-04-21 11:48 - 2014-02-22 11:50 - 00645104 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-04-21 11:48 - 2014-02-22 11:50 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-04-21 11:48 - 2014-02-22 11:50 - 00258784 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-04-21 11:48 - 2014-02-22 11:49 - 00384856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-04-21 11:48 - 2014-02-22 11:49 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-21 11:48 - 2014-02-22 11:49 - 00280920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-04-21 11:48 - 2014-02-22 11:49 - 00148824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-04-21 11:48 - 2014-02-22 11:48 - 02574240 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-21 11:48 - 2014-02-22 11:48 - 01791752 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2014-04-21 11:48 - 2014-02-22 11:48 - 00210736 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-04-21 11:48 - 2014-02-22 11:46 - 01927600 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-04-21 11:48 - 2014-02-22 11:46 - 01445616 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-04-21 11:48 - 2014-02-22 11:46 - 01000424 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2014-04-21 11:48 - 2014-02-22 11:46 - 00669896 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-21 11:48 - 2014-02-22 11:44 - 00539992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-04-21 11:48 - 2014-02-22 11:44 - 00424280 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-04-21 11:48 - 2014-02-22 11:44 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-04-21 11:48 - 2014-02-22 11:44 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-04-21 11:48 - 2014-02-22 11:43 - 01727760 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-21 11:48 - 2014-02-22 11:43 - 01659056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-04-21 11:48 - 2014-02-22 11:43 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-04-21 11:48 - 2014-02-22 11:43 - 01487520 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-04-21 11:48 - 2014-02-22 11:43 - 01356360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-04-21 11:48 - 2014-02-22 11:43 - 00142576 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-21 11:48 - 2014-02-22 11:41 - 02142976 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00609456 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00391008 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2014-04-21 11:48 - 2014-02-22 11:41 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-04-21 11:48 - 2014-02-22 11:40 - 01118552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-04-21 11:48 - 2014-02-22 10:52 - 01767440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2014-04-21 11:48 - 2014-02-22 10:51 - 01063976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2014-04-21 11:48 - 2014-02-22 10:42 - 01017936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-04-21 11:48 - 2014-02-22 10:42 - 00422968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-21 11:48 - 2014-02-22 10:42 - 00410568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-04-21 11:48 - 2014-02-22 10:42 - 00369288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-04-21 11:48 - 2014-02-22 10:42 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2014-04-21 11:48 - 2014-02-22 10:42 - 00098072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-04-21 11:48 - 2014-02-22 10:38 - 01374384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-04-21 11:48 - 2014-02-22 10:38 - 01077944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-04-21 11:48 - 2014-02-22 10:38 - 00506120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2014-04-21 11:48 - 2014-02-22 10:38 - 00336232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-04-21 11:48 - 2014-02-22 10:38 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-04-21 11:48 - 2014-02-22 10:25 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-04-21 11:48 - 2014-02-22 10:25 - 00180240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-04-21 11:48 - 2014-02-22 10:18 - 00477744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-04-21 11:48 - 2014-02-22 10:18 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-04-21 11:48 - 2014-02-22 10:11 - 00490136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-21 11:48 - 2014-02-22 10:08 - 01474104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 01206000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 01011280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00650736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00518552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00317584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2014-04-21 11:48 - 2014-02-22 10:04 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-04-21 11:48 - 2014-02-22 08:24 - 02825216 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2014-04-21 11:48 - 2014-02-22 08:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2014-04-21 11:48 - 2014-02-22 08:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2014-04-21 11:48 - 2014-02-22 08:15 - 04192768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-21 11:48 - 2014-02-22 08:14 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-04-21 11:48 - 2014-02-22 08:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2014-04-21 11:48 - 2014-02-22 08:11 - 00272896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-21 11:48 - 2014-02-22 08:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-04-21 11:48 - 2014-02-22 08:08 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2014-04-21 11:48 - 2014-02-22 08:07 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-04-21 11:48 - 2014-02-22 08:07 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\WofUtil.dll
2014-04-21 11:48 - 2014-02-22 08:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\clrhost.dll
2014-04-21 11:48 - 2014-02-22 08:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2014-04-21 11:48 - 2014-02-22 07:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2014-04-21 11:48 - 2014-02-22 07:54 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2014-04-21 11:48 - 2014-02-22 07:47 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2014-04-21 11:48 - 2014-02-22 07:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-21 11:48 - 2014-02-22 07:44 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-21 11:48 - 2014-02-22 07:41 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2014-04-21 11:48 - 2014-02-22 07:34 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll
2014-04-21 11:48 - 2014-02-22 07:28 - 02428928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2014-04-21 11:48 - 2014-02-22 07:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2014-04-21 11:48 - 2014-02-22 07:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-21 11:48 - 2014-02-22 07:17 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2014-04-21 11:48 - 2014-02-22 07:16 - 00617472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-04-21 11:48 - 2014-02-22 07:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clrhost.dll
2014-04-21 11:48 - 2014-02-22 07:06 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2014-04-21 11:48 - 2014-02-22 07:05 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll
2014-04-21 11:48 - 2014-02-22 07:05 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2014-04-21 11:48 - 2014-02-22 07:00 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-21 11:48 - 2014-02-22 07:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-21 11:48 - 2014-02-22 06:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-21 11:48 - 2014-02-22 06:56 - 02862592 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-04-21 11:48 - 2014-02-22 06:56 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2014-04-21 11:48 - 2014-02-22 06:54 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-21 11:48 - 2014-02-22 06:52 - 02288640 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2014-04-21 11:48 - 2014-02-22 06:50 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2014-04-21 11:48 - 2014-02-22 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\dfp.exe
2014-04-21 11:48 - 2014-02-22 06:44 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-21 11:48 - 2014-02-22 06:41 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-04-21 11:48 - 2014-02-22 06:41 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-04-21 11:48 - 2014-02-22 06:39 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-04-21 11:48 - 2014-02-22 06:38 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\DfpCommon.dll
2014-04-21 11:48 - 2014-02-22 06:37 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2014-04-21 11:48 - 2014-02-22 06:36 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-21 11:48 - 2014-02-22 06:36 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-04-21 11:48 - 2014-02-22 06:33 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-21 11:48 - 2014-02-22 06:25 - 01428480 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2014-04-21 11:48 - 2014-02-22 06:22 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-04-21 11:48 - 2014-02-22 06:18 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-04-21 11:48 - 2014-02-22 06:17 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2014-04-21 11:48 - 2014-02-22 06:15 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2014-04-21 11:48 - 2014-02-22 06:14 - 02811392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-04-21 11:48 - 2014-02-22 06:14 - 02165760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2014-04-21 11:48 - 2014-02-22 06:14 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2014-04-21 11:48 - 2014-02-22 06:12 - 00797696 _____ (Microsoft Corporation) C:\Windows\system32\PurchaseWindowsLicense.dll
2014-04-21 11:48 - 2014-02-22 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-04-21 11:48 - 2014-02-22 06:09 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2014-04-21 11:48 - 2014-02-22 06:09 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-21 11:48 - 2014-02-22 06:08 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-04-21 11:48 - 2014-02-22 06:06 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-04-21 11:48 - 2014-02-22 06:05 - 01757184 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2014-04-21 11:48 - 2014-02-22 06:04 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2014-04-21 11:48 - 2014-02-22 06:04 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll
2014-04-21 11:48 - 2014-02-22 06:03 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-04-21 11:48 - 2014-02-22 06:02 - 08946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2014-04-21 11:48 - 2014-02-22 06:02 - 00258560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-04-21 11:48 - 2014-02-22 06:01 - 02648064 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-04-21 11:48 - 2014-02-22 06:01 - 01227776 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-04-21 11:48 - 2014-02-22 06:01 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-04-21 11:48 - 2014-02-22 06:01 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-04-21 11:48 - 2014-02-22 06:00 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-21 11:48 - 2014-02-22 06:00 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-04-21 11:48 - 2014-02-22 05:59 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-04-21 11:48 - 2014-02-22 05:57 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2014-04-21 11:48 - 2014-02-22 05:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2014-04-21 11:48 - 2014-02-22 05:53 - 00825344 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-04-21 11:48 - 2014-02-22 05:52 - 01132032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-04-21 11:48 - 2014-02-22 05:48 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-21 11:48 - 2014-02-22 05:48 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-04-21 11:48 - 2014-02-22 05:47 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-04-21 11:48 - 2014-02-22 05:46 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-04-21 11:48 - 2014-02-22 05:45 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-04-21 11:48 - 2014-02-22 05:45 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2014-04-21 11:48 - 2014-02-22 05:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-21 11:48 - 2014-02-22 05:44 - 00675328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-04-21 11:48 - 2014-02-22 05:44 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-21 11:48 - 2014-02-22 05:43 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2014-04-21 11:48 - 2014-02-22 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-21 11:48 - 2014-02-22 05:38 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2014-04-21 11:48 - 2014-02-22 05:37 - 02220032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-04-21 11:48 - 2014-02-22 05:36 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2014-04-21 11:48 - 2014-02-22 05:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-21 11:48 - 2014-02-22 05:35 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WofTasks.dll
2014-04-21 11:48 - 2014-02-22 05:34 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\energy.dll
2014-04-21 11:48 - 2014-02-22 05:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2014-04-21 11:48 - 2014-02-22 05:33 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-21 11:48 - 2014-02-22 05:33 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-21 11:48 - 2014-02-22 05:33 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\DismApi.dll
2014-04-21 11:48 - 2014-02-22 05:32 - 01162752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-04-21 11:48 - 2014-02-22 05:31 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2014-04-21 11:48 - 2014-02-22 05:28 - 02643456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-04-21 11:48 - 2014-02-22 05:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2014-04-21 11:48 - 2014-02-22 05:26 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2014-04-21 11:48 - 2014-02-22 05:26 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-04-21 11:48 - 2014-02-22 05:25 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-04-21 11:48 - 2014-02-22 05:25 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-04-21 11:48 - 2014-02-22 05:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-04-21 11:48 - 2014-02-22 05:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2014-04-21 11:48 - 2014-02-22 05:25 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
2014-04-21 11:48 - 2014-02-22 05:24 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2014-04-21 11:48 - 2014-02-22 05:23 - 03494912 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-04-21 11:48 - 2014-02-22 05:23 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-04-21 11:48 - 2014-02-22 05:23 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2014-04-21 11:48 - 2014-02-22 05:23 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\msTextPrediction.dll
2014-04-21 11:48 - 2014-02-22 05:23 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-04-21 11:48 - 2014-02-22 05:21 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-04-21 11:48 - 2014-02-22 05:16 - 11776000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-21 11:48 - 2014-02-22 05:15 - 00211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2014-04-21 11:48 - 2014-02-22 05:14 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-21 11:48 - 2014-02-22 05:14 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2014-04-21 11:48 - 2014-02-22 05:13 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2014-04-21 11:48 - 2014-02-22 05:12 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DismApi.dll
2014-04-21 11:48 - 2014-02-22 05:11 - 02395136 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-04-21 11:48 - 2014-02-22 05:11 - 02262016 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-21 11:48 - 2014-02-22 05:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-04-21 11:48 - 2014-02-22 05:10 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2014-04-21 11:48 - 2014-02-22 05:10 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-04-21 11:48 - 2014-02-22 05:09 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2014-04-21 11:48 - 2014-02-22 05:08 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2014-04-21 11:48 - 2014-02-22 05:07 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-04-21 11:48 - 2014-02-22 05:07 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2014-04-21 11:48 - 2014-02-22 05:06 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-04-21 11:48 - 2014-02-22 05:04 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2014-04-21 11:48 - 2014-02-22 05:04 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-04-21 11:48 - 2014-02-22 05:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2014-04-21 11:48 - 2014-02-22 05:01 - 13933568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-21 11:48 - 2014-02-22 05:00 - 01341440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2014-04-21 11:48 - 2014-02-22 05:00 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2014-04-21 11:48 - 2014-02-22 04:59 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2014-04-21 11:48 - 2014-02-22 04:59 - 01403392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-04-21 11:48 - 2014-02-22 04:59 - 00791552 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-04-21 11:48 - 2014-02-22 04:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-04-21 11:48 - 2014-02-22 04:54 - 00647168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-04-21 11:48 - 2014-02-22 04:54 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2014-04-21 11:48 - 2014-02-22 04:54 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2014-04-21 11:48 - 2014-02-22 04:53 - 12027904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-04-21 11:48 - 2014-02-22 04:53 - 00876544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2014-04-21 11:48 - 2014-02-22 04:52 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-04-21 11:48 - 2014-02-22 04:52 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-04-21 11:48 - 2014-02-22 04:51 - 01258496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2014-04-21 11:48 - 2014-02-22 04:51 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-04-21 11:48 - 2014-02-22 04:51 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-04-21 11:48 - 2014-02-22 04:49 - 08874496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-04-21 11:48 - 2014-02-22 04:49 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-21 11:48 - 2014-02-22 04:49 - 00755200 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2014-04-21 11:48 - 2014-02-22 04:48 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-04-21 11:48 - 2014-02-22 04:48 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\BioCredProv.dll
2014-04-21 11:48 - 2014-02-22 04:47 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll
2014-04-21 11:48 - 2014-02-22 04:47 - 00517120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-04-21 11:48 - 2014-02-22 04:47 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-04-21 11:48 - 2014-02-22 04:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\AltTab.dll
2014-04-21 11:48 - 2014-02-22 04:46 - 00824832 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-21 11:48 - 2014-02-22 04:45 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-04-21 11:48 - 2014-02-22 04:45 - 00169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-04-21 11:48 - 2014-02-22 04:44 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-04-21 11:48 - 2014-02-22 04:44 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-04-21 11:48 - 2014-02-22 04:43 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-04-21 11:48 - 2014-02-22 04:43 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2014-04-21 11:48 - 2014-02-22 04:43 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-04-21 11:48 - 2014-02-22 04:43 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2014-04-21 11:48 - 2014-02-22 04:42 - 00943104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlanMM.dll
2014-04-21 11:48 - 2014-02-22 04:42 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2014-04-21 11:48 - 2014-02-22 04:42 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-04-21 11:48 - 2014-02-22 04:41 - 00662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-04-21 11:48 - 2014-02-22 04:40 - 02368512 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-04-21 11:48 - 2014-02-22 04:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2014-04-21 11:48 - 2014-02-22 04:40 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-04-21 11:48 - 2014-02-22 04:39 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2014-04-21 11:48 - 2014-02-22 04:38 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-21 11:48 - 2014-02-22 04:38 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-04-21 11:48 - 2014-02-22 04:37 - 01716736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-04-21 11:48 - 2014-02-22 04:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-04-21 11:48 - 2014-02-22 04:36 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
2014-04-21 11:48 - 2014-02-22 04:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-21 11:48 - 2014-02-22 04:34 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-04-21 11:48 - 2014-02-22 04:34 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-04-21 11:48 - 2014-02-22 04:33 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2014-04-21 11:48 - 2014-02-22 04:32 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-21 11:48 - 2014-02-22 04:31 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-04-21 11:48 - 2014-02-22 04:29 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll
2014-04-21 11:48 - 2014-02-22 04:27 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-21 11:48 - 2014-02-22 04:24 - 02760704 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2014-04-21 11:48 - 2014-02-22 04:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2014-04-21 11:48 - 2014-02-22 04:22 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-04-21 11:48 - 2014-02-22 04:22 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-21 11:48 - 2014-02-22 04:21 - 00854528 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-04-21 11:48 - 2014-02-22 04:21 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-04-21 11:48 - 2014-02-22 04:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2014-04-21 11:48 - 2014-02-22 04:19 - 00698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-04-21 11:48 - 2014-02-22 04:18 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-04-21 11:48 - 2014-02-22 04:17 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-04-21 11:48 - 2014-02-22 04:06 - 01640960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2014-04-21 11:48 - 2014-02-22 04:04 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-04-21 11:48 - 2014-02-22 04:03 - 01496576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2014-04-21 11:48 - 2014-02-22 04:01 - 00978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-04-21 11:48 - 2014-02-22 04:01 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2014-04-21 11:48 - 2014-02-22 04:00 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2014-04-21 11:48 - 2014-02-22 00:33 - 00262335 _____ () C:\Windows\system32\dfpinc.dat
2014-04-21 11:48 - 2014-02-02 10:48 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-21 11:48 - 2014-02-02 09:33 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-21 11:48 - 2014-01-31 05:55 - 03596800 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2014-04-21 11:48 - 2014-01-31 05:35 - 03085824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2014-04-21 11:48 - 2014-01-31 05:10 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2014-04-21 11:48 - 2014-01-31 04:18 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-04-21 11:48 - 2014-01-29 04:53 - 01653352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-21 11:48 - 2014-01-29 04:52 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2014-04-21 11:48 - 2014-01-29 03:44 - 01369736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-21 11:48 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2014-04-21 11:48 - 2014-01-28 20:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2014-04-21 11:48 - 2014-01-27 13:04 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-04-21 11:48 - 2014-01-27 11:38 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-04-21 11:48 - 2014-01-17 13:24 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2014-04-21 11:48 - 2014-01-17 13:04 - 00292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2014-04-21 11:48 - 2014-01-07 21:30 - 00745328 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-04-21 11:48 - 2014-01-07 20:33 - 00552632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-04-21 11:48 - 2013-12-10 03:35 - 00530944 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2014-04-21 11:48 - 2013-12-04 11:16 - 00546304 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-04-21 11:48 - 2013-12-04 09:53 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-04-21 11:48 - 2013-11-10 19:41 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2014-04-21 11:47 - 2014-02-22 12:58 - 00036200 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2014-04-21 11:47 - 2014-02-22 12:15 - 00275312 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2014-04-21 11:47 - 2014-02-22 12:15 - 00071888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2014-04-21 11:47 - 2014-02-22 12:02 - 00080048 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2014-04-21 11:47 - 2014-02-22 12:00 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2014-04-21 11:47 - 2014-02-22 11:59 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\SysResetErr.exe
2014-04-21 11:47 - 2014-02-22 11:55 - 00162176 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2014-04-21 11:47 - 2014-02-22 11:55 - 00131168 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-04-21 11:47 - 2014-02-22 11:50 - 00101216 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2014-04-21 11:47 - 2014-02-22 11:50 - 00054816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2014-04-21 11:47 - 2014-02-22 11:50 - 00043408 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2014-04-21 11:47 - 2014-02-22 11:50 - 00032544 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2014-04-21 11:47 - 2014-02-22 11:49 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-04-21 11:47 - 2014-02-22 11:49 - 00189784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2014-04-21 11:47 - 2014-02-22 11:49 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-04-21 11:47 - 2014-02-22 11:49 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2014-04-21 11:47 - 2014-02-22 11:44 - 00924504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2014-04-21 11:47 - 2014-02-22 11:43 - 00094560 _____ (Microsoft Corporation) C:\Windows\system32\bcd.dll
2014-04-21 11:47 - 2014-02-22 11:41 - 00028416 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-04-21 11:47 - 2014-02-22 10:52 - 00251504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2014-04-21 11:47 - 2014-02-22 10:51 - 00140456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2014-04-21 11:47 - 2014-02-22 10:42 - 00137344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2014-04-21 11:47 - 2014-02-22 10:41 - 00033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2014-04-21 11:47 - 2014-02-22 10:18 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2014-04-21 11:47 - 2014-02-22 10:18 - 00041320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2014-04-21 11:47 - 2014-02-22 10:18 - 00029912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2014-04-21 11:47 - 2014-02-22 10:08 - 00079496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcd.dll
2014-04-21 11:47 - 2014-02-22 08:20 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-power-events.dll
2014-04-21 11:47 - 2014-02-22 08:17 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2014-04-21 11:47 - 2014-02-22 08:17 - 00890880 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2014-04-21 11:47 - 2014-02-22 08:17 - 00874496 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2014-04-21 11:47 - 2014-02-22 08:17 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
2014-04-21 11:47 - 2014-02-22 08:17 - 00008192 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-1.dll
2014-04-21 11:47 - 2014-02-22 08:17 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-session-winsta-l1-1-0.dll
2014-04-21 11:47 - 2014-02-22 08:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll
2014-04-21 11:47 - 2014-02-22 08:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-kernel32-package-l1-1-1.dll
2014-04-21 11:47 - 2014-02-22 08:14 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys
2014-04-21 11:47 - 2014-02-22 08:14 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2014-04-21 11:47 - 2014-02-22 08:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2014-04-21 11:47 - 2014-02-22 08:08 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2014-04-21 11:47 - 2014-02-22 08:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2014-04-21 11:47 - 2014-02-22 08:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-04-21 11:47 - 2014-02-22 08:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-04-21 11:47 - 2014-02-22 08:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-04-21 11:47 - 2014-02-22 08:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-21 11:47 - 2014-02-22 08:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2014-04-21 11:47 - 2014-02-22 08:03 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2014-04-21 11:47 - 2014-02-22 08:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2014-04-21 11:47 - 2014-02-22 08:01 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\spcompat.dll
2014-04-21 11:47 - 2014-02-22 08:00 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-21 11:47 - 2014-02-22 08:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2014-04-21 11:47 - 2014-02-22 08:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\lpksetupproxyserv.dll
2014-04-21 11:47 - 2014-02-22 07:57 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-04-21 11:47 - 2014-02-22 07:50 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2014-04-21 11:47 - 2014-02-22 07:50 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-04-21 11:47 - 2014-02-22 07:48 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2014-04-21 11:47 - 2014-02-22 07:47 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll
2014-04-21 11:47 - 2014-02-22 07:47 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2014-04-21 11:47 - 2014-02-22 07:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-21 11:47 - 2014-02-22 07:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2014-04-21 11:47 - 2014-02-22 07:45 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\fhevents.dll
2014-04-21 11:47 - 2014-02-22 07:42 - 00038680 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2014-04-21 11:47 - 2014-02-22 07:39 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\fhsvcctl.dll
2014-04-21 11:47 - 2014-02-22 07:37 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2014-04-21 11:47 - 2014-02-22 07:32 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2014-04-21 11:47 - 2014-02-22 07:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-21 11:47 - 2014-02-22 07:29 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
2014-04-21 11:47 - 2014-02-22 07:27 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2014-04-21 11:47 - 2014-02-22 07:25 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-04-21 11:47 - 2014-02-22 07:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-04-21 11:47 - 2014-02-22 07:25 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2014-04-21 11:47 - 2014-02-22 07:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\f3ahvoas.dll
2014-04-21 11:47 - 2014-02-22 07:25 - 00008192 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll
2014-04-21 11:47 - 2014-02-22 07:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll
2014-04-21 11:47 - 2014-02-22 07:24 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2014-04-21 11:47 - 2014-02-22 07:24 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2014-04-21 11:47 - 2014-02-22 07:24 - 00780288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2014-04-21 11:47 - 2014-02-22 07:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SSShim.dll
2014-04-21 11:47 - 2014-02-22 07:24 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll
2014-04-21 11:47 - 2014-02-22 07:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll
2014-04-21 11:47 - 2014-02-22 07:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll
2014-04-21 11:47 - 2014-02-22 07:22 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-04-21 11:47 - 2014-02-22 07:22 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-04-21 11:47 - 2014-02-22 07:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2014-04-21 11:47 - 2014-02-22 07:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-04-21 11:47 - 2014-02-22 07:16 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-04-21 11:47 - 2014-02-22 07:16 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2014-04-21 11:47 - 2014-02-22 07:16 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-21 11:47 - 2014-02-22 07:16 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-21 11:47 - 2014-02-22 07:15 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2014-04-21 11:47 - 2014-02-22 07:14 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\cleanmgr.exe
2014-04-21 11:47 - 2014-02-22 07:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2014-04-21 11:47 - 2014-02-22 07:11 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2014-04-21 11:47 - 2014-02-22 07:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-04-21 11:47 - 2014-02-22 07:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2014-04-21 11:47 - 2014-02-22 07:08 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-04-21 11:47 - 2014-02-22 07:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2014-04-21 11:47 - 2014-02-22 07:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-21 11:47 - 2014-02-22 07:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2014-04-21 11:47 - 2014-02-22 07:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-04-21 11:47 - 2014-02-22 07:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\pnpclean.dll
2014-04-21 11:47 - 2014-02-22 07:05 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentHost.dll
2014-04-21 11:47 - 2014-02-22 07:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2014-04-21 11:47 - 2014-02-22 07:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-04-21 11:47 - 2014-02-22 07:02 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContent.dll
2014-04-21 11:47 - 2014-02-22 07:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2014-04-21 11:47 - 2014-02-22 07:01 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-21 11:47 - 2014-02-22 07:01 - 00112640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-04-21 11:47 - 2014-02-22 06:59 - 01283584 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2014-04-21 11:47 - 2014-02-22 06:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2014-04-21 11:47 - 2014-02-22 06:59 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2014-04-21 11:47 - 2014-02-22 06:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-21 11:47 - 2014-02-22 06:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2014-04-21 11:47 - 2014-02-22 06:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\DAConn.dll
2014-04-21 11:47 - 2014-02-22 06:57 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2014-04-21 11:47 - 2014-02-22 06:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-21 11:47 - 2014-02-22 06:56 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-21 11:47 - 2014-02-22 06:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2014-04-21 11:47 - 2014-02-22 06:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2014-04-21 11:47 - 2014-02-22 06:55 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\SrTasks.exe
2014-04-21 11:47 - 2014-02-22 06:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2014-04-21 11:47 - 2014-02-22 06:52 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2014-04-21 11:47 - 2014-02-22 06:51 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2014-04-21 11:47 - 2014-02-22 06:50 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2014-04-21 11:47 - 2014-02-22 06:47 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmdskmgr.dll
2014-04-21 11:47 - 2014-02-22 06:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
2014-04-21 11:47 - 2014-02-22 06:47 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2014-04-21 11:47 - 2014-02-22 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-21 11:47 - 2014-02-22 06:46 - 00283136 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2014-04-21 11:47 - 2014-02-22 06:41 - 02566656 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2014-04-21 11:47 - 2014-02-22 06:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2014-04-21 11:47 - 2014-02-22 06:40 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-04-21 11:47 - 2014-02-22 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-04-21 11:47 - 2014-02-22 06:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-04-21 11:47 - 2014-02-22 06:36 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-04-21 11:47 - 2014-02-22 06:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-21 11:47 - 2014-02-22 06:35 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2014-04-21 11:47 - 2014-02-22 06:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2014-04-21 11:47 - 2014-02-22 06:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2014-04-21 11:47 - 2014-02-22 06:33 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2014-04-21 11:47 - 2014-02-22 06:32 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-21 11:47 - 2014-02-22 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-21 11:47 - 2014-02-22 06:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
2014-04-21 11:47 - 2014-02-22 06:29 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-04-21 11:47 - 2014-02-22 06:28 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-21 11:47 - 2014-02-22 06:27 - 00397824 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2014-04-21 11:47 - 2014-02-22 06:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-21 11:47 - 2014-02-22 06:25 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2014-04-21 11:47 - 2014-02-22 06:21 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2014-04-21 11:47 - 2014-02-22 06:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-04-21 11:47 - 2014-02-22 06:21 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2014-04-21 11:47 - 2014-02-22 06:20 - 01152512 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2014-04-21 11:47 - 2014-02-22 06:18 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-21 11:47 - 2014-02-22 06:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-21 11:47 - 2014-02-22 06:17 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2014-04-21 11:47 - 2014-02-22 06:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2014-04-21 11:47 - 2014-02-22 06:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2014-04-21 11:47 - 2014-02-22 06:16 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2014-04-21 11:47 - 2014-02-22 06:13 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2014-04-21 11:47 - 2014-02-22 06:13 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-04-21 11:47 - 2014-02-22 06:13 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2014-04-21 11:47 - 2014-02-22 06:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2014-04-21 11:47 - 2014-02-22 06:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2014-04-21 11:47 - 2014-02-22 06:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-21 11:47 - 2014-02-22 06:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2014-04-21 11:47 - 2014-02-22 06:03 - 02544128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2014-04-21 11:47 - 2014-02-22 05:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2014-04-21 11:47 - 2014-02-22 05:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-21 11:47 - 2014-02-22 05:56 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2014-04-21 11:47 - 2014-02-22 05:55 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-21 11:47 - 2014-02-22 05:54 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2014-04-21 11:47 - 2014-02-22 05:54 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-21 11:47 - 2014-02-22 05:54 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\deviceassociation.dll
2014-04-21 11:47 - 2014-02-22 05:53 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-04-21 11:47 - 2014-02-22 05:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-21 11:47 - 2014-02-22 05:52 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.exe
2014-04-21 11:47 - 2014-02-22 05:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2014-04-21 11:47 - 2014-02-22 05:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\winbrand.dll
2014-04-21 11:47 - 2014-02-22 05:49 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2014-04-21 11:47 - 2014-02-22 05:48 - 01136128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2014-04-21 11:47 - 2014-02-22 05:48 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2014-04-21 11:47 - 2014-02-22 05:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\winsku.dll
2014-04-21 11:47 - 2014-02-22 05:45 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2014-04-21 11:47 - 2014-02-22 05:45 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-04-21 11:47 - 2014-02-22 05:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2014-04-21 11:47 - 2014-02-22 05:43 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll
2014-04-21 11:47 - 2014-02-22 05:41 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-04-21 11:47 - 2014-02-22 05:40 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-04-21 11:47 - 2014-02-22 05:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-21 11:47 - 2014-02-22 05:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dasHost.exe
2014-04-21 11:47 - 2014-02-22 05:37 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-04-21 11:47 - 2014-02-22 05:36 - 01392640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2014-04-21 11:47 - 2014-02-22 05:36 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2014-04-21 11:47 - 2014-02-22 05:36 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WLanConn.dll
2014-04-21 11:47 - 2014-02-22 05:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2014-04-21 11:47 - 2014-02-22 05:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-04-21 11:47 - 2014-02-22 05:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2014-04-21 11:47 - 2014-02-22 05:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceassociation.dll
2014-04-21 11:47 - 2014-02-22 05:27 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-04-21 11:47 - 2014-02-22 05:27 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2014-04-21 11:47 - 2014-02-22 05:26 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2014-04-21 11:47 - 2014-02-22 05:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
2014-04-21 11:47 - 2014-02-22 05:25 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
2014-04-21 11:47 - 2014-02-22 05:25 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbrand.dll
2014-04-21 11:47 - 2014-02-22 05:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2014-04-21 11:47 - 2014-02-22 05:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2014-04-21 11:47 - 2014-02-22 05:22 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2014-04-21 11:47 - 2014-02-22 05:22 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsku.dll
2014-04-21 11:47 - 2014-02-22 05:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll
2014-04-21 11:47 - 2014-02-22 05:19 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-04-21 11:47 - 2014-02-22 05:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
2014-04-21 11:47 - 2014-02-22 05:18 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2014-04-21 11:47 - 2014-02-22 05:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxshared.dll
2014-04-21 11:47 - 2014-02-22 05:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-04-21 11:47 - 2014-02-22 05:07 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscinterop.dll
2014-04-21 11:47 - 2014-02-22 05:06 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2014-04-21 11:47 - 2014-02-22 05:04 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\slpts.dll
2014-04-21 11:47 - 2014-02-22 05:02 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2014-04-21 11:47 - 2014-02-22 05:02 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-04-21 11:47 - 2014-02-22 04:59 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-04-21 11:47 - 2014-02-22 04:58 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2014-04-21 11:47 - 2014-02-22 04:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-04-21 11:47 - 2014-02-22 04:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-21 11:47 - 2014-02-22 04:55 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\energytask.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slpts.dll
2014-04-21 11:47 - 2014-02-22 04:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2014-04-21 11:47 - 2014-02-22 04:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-04-21 11:47 - 2014-02-22 04:54 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2014-04-21 11:47 - 2014-02-22 04:54 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\AepRoam.dll
2014-04-21 11:47 - 2014-02-22 04:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2014-04-21 11:47 - 2014-02-22 04:49 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2014-04-21 11:47 - 2014-02-22 04:49 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-21 11:47 - 2014-02-22 04:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-04-21 11:47 - 2014-02-22 04:48 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-21 11:47 - 2014-02-22 04:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-04-21 11:47 - 2014-02-22 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2014-04-21 11:47 - 2014-02-22 04:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2014-04-21 11:47 - 2014-02-22 04:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2014-04-21 11:47 - 2014-02-22 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2014-04-21 11:47 - 2014-02-22 04:47 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2014-04-21 11:47 - 2014-02-22 04:46 - 03312128 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2014-04-21 11:47 - 2014-02-22 04:45 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2014-04-21 11:47 - 2014-02-22 04:45 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-04-21 11:47 - 2014-02-22 04:44 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-04-21 11:47 - 2014-02-22 04:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2014-04-21 11:47 - 2014-02-22 04:44 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2014-04-21 11:47 - 2014-02-22 04:43 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BioCredProv.dll
2014-04-21 11:47 - 2014-02-22 04:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-04-21 11:47 - 2014-02-22 04:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Renewal.dll
2014-04-21 11:47 - 2014-02-22 04:40 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2014-04-21 11:47 - 2014-02-22 04:39 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2014-04-21 11:47 - 2014-02-22 04:39 - 00321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2014-04-21 11:47 - 2014-02-22 04:39 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2014-04-21 11:47 - 2014-02-22 04:38 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-04-21 11:47 - 2014-02-22 04:35 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2014-04-21 11:47 - 2014-02-22 04:33 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2014-04-21 11:47 - 2014-02-22 04:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2014-04-21 11:47 - 2014-02-22 04:30 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2014-04-21 11:47 - 2014-02-22 04:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2014-04-21 11:47 - 2014-02-22 04:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncPolicy.dll
2014-04-21 11:47 - 2014-02-22 04:20 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2014-04-21 11:47 - 2014-02-22 04:20 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncPolicy.dll
2014-04-21 11:47 - 2014-02-22 04:19 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2014-04-21 11:47 - 2014-02-22 04:17 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\CloudStorageWizard.exe
2014-04-21 11:47 - 2014-02-22 04:17 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudStorageWizard.exe
2014-04-21 11:47 - 2014-02-22 03:54 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2014-04-21 11:47 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-04-21 11:47 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-04-21 11:47 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-04-21 11:47 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-04-21 11:47 - 2014-02-07 21:08 - 00100197 _____ () C:\Windows\SysWOW64\RacRules.xml
2014-04-21 11:47 - 2014-02-07 21:08 - 00100197 _____ () C:\Windows\system32\RacRules.xml
2014-04-21 11:47 - 2014-02-01 02:00 - 00011109 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00011109 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00007762 _____ () C:\Windows\SysWOW64\connectedsearch-suggestions.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00007762 _____ () C:\Windows\system32\connectedsearch-suggestions.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00007130 _____ () C:\Windows\SysWOW64\connectedsearch-zeroinput.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00007130 _____ () C:\Windows\system32\connectedsearch-zeroinput.searchconnector-ms
2014-04-21 11:47 - 2014-02-01 02:00 - 00002255 _____ () C:\Windows\SysWOW64\WimBootCompress.ini
2014-04-21 11:47 - 2014-02-01 02:00 - 00002255 _____ () C:\Windows\system32\WimBootCompress.ini
2014-04-21 11:47 - 2014-01-31 07:59 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-04-21 11:47 - 2014-01-31 07:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-04-21 11:47 - 2014-01-31 05:19 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2014-04-21 11:47 - 2014-01-31 05:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2014-04-21 11:47 - 2014-01-31 05:08 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2014-04-21 11:47 - 2014-01-31 05:04 - 00409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2014-04-21 11:47 - 2014-01-31 04:24 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-04-21 11:47 - 2014-01-29 04:40 - 00994136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2014-04-21 11:47 - 2014-01-28 20:18 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2014-04-21 11:47 - 2014-01-27 15:53 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-21 11:47 - 2014-01-27 13:54 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-04-21 11:47 - 2014-01-27 07:45 - 00050053 _____ () C:\Windows\system32\srms.dat
2014-04-21 11:47 - 2014-01-22 02:21 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2014-04-21 11:47 - 2014-01-22 01:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2014-04-21 11:47 - 2013-12-04 11:54 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-04-21 11:47 - 2013-12-04 10:19 - 00439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-04-21 11:47 - 2013-11-27 05:47 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2014-04-21 11:47 - 2013-11-27 05:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe
2014-04-21 11:47 - 2013-11-27 05:10 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2014-04-21 11:47 - 2013-11-27 04:56 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2014-04-21 11:47 - 2013-11-08 00:04 - 00488960 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-04-21 11:47 - 2013-11-07 23:47 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-04-21 11:44 - 2014-04-09 08:00 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-21 11:44 - 2014-04-08 23:32 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-04-21 11:44 - 2014-04-08 23:31 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-04-21 11:44 - 2014-04-08 23:23 - 01705984 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-21 11:44 - 2014-04-08 23:21 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-21 11:44 - 2014-03-20 00:19 - 01291200 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-21 11:44 - 2014-03-19 23:48 - 21232792 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-21 11:44 - 2014-03-19 23:41 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-21 11:44 - 2014-03-19 23:41 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-04-21 11:44 - 2014-03-19 23:40 - 01112536 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-21 11:44 - 2014-03-19 21:29 - 04268544 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-04-21 11:44 - 2014-03-19 21:20 - 18679216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-21 11:44 - 2014-03-19 20:53 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-04-21 11:44 - 2014-03-19 20:48 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2014-04-21 11:44 - 2014-03-19 19:55 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-21 11:44 - 2014-03-19 19:39 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-04-21 11:44 - 2014-03-19 19:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2014-04-21 11:44 - 2014-03-19 03:13 - 00836096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-21 11:44 - 2014-03-19 01:57 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-04-21 11:44 - 2014-03-19 01:50 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2014-04-21 11:44 - 2014-03-19 01:31 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-04-21 11:44 - 2014-03-19 01:20 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2014-04-21 11:44 - 2014-03-19 01:08 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-04-21 11:44 - 2014-03-19 00:41 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-04-21 11:44 - 2014-03-19 00:17 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-04-21 11:44 - 2014-03-13 08:35 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2014-04-21 11:44 - 2014-03-12 09:45 - 00387210 _____ () C:\Windows\system32\ApnDatabase.xml
2014-04-21 11:44 - 2014-03-11 12:04 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2014-04-21 11:44 - 2014-03-11 11:45 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2014-04-21 11:44 - 2014-03-11 11:18 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-04-21 11:44 - 2014-03-11 11:02 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2014-04-21 11:44 - 2014-03-11 10:28 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-04-21 11:44 - 2014-03-11 10:25 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2014-04-21 11:44 - 2014-03-11 10:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2014-04-21 11:44 - 2014-03-11 10:03 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2014-04-21 11:44 - 2014-03-11 10:00 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2014-04-21 11:44 - 2014-03-11 09:21 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-04-21 11:44 - 2014-03-11 09:02 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-04-21 11:44 - 2014-03-11 08:42 - 02641920 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-21 11:44 - 2014-03-11 08:35 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-21 11:44 - 2014-03-08 16:47 - 00565536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-21 11:44 - 2014-03-08 16:47 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-21 11:44 - 2014-03-08 16:40 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-04-21 11:44 - 2014-03-08 16:38 - 01542768 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-04-21 11:44 - 2014-03-08 16:35 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-04-21 11:44 - 2014-03-08 16:35 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-04-21 11:44 - 2014-03-08 11:29 - 01339240 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-21 11:44 - 2014-03-08 11:29 - 00356848 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-04-21 11:44 - 2014-03-08 07:34 - 01095488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-04-21 11:44 - 2014-03-08 05:34 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-04-21 11:44 - 2014-03-08 05:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
2014-04-21 11:44 - 2014-03-08 04:44 - 00731648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-04-21 11:44 - 2014-03-08 04:33 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2014-04-21 11:44 - 2014-03-08 04:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\SetNetworkLocation.dll
2014-04-21 11:44 - 2014-03-08 04:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
2014-04-21 11:44 - 2014-03-08 03:53 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-04-21 11:44 - 2014-03-08 03:51 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-04-21 11:44 - 2014-03-08 03:47 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2014-04-21 11:44 - 2014-03-08 03:12 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-04-21 11:44 - 2014-03-08 03:09 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-21 11:44 - 2014-03-08 03:04 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-04-21 11:44 - 2014-03-08 03:03 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-21 11:44 - 2014-03-08 03:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-04-21 11:44 - 2014-03-08 02:50 - 01066496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-04-21 11:44 - 2014-03-08 02:48 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-04-21 11:44 - 2014-03-08 02:46 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-21 11:44 - 2014-03-08 02:41 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-21 11:44 - 2014-03-08 02:40 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-04-21 11:44 - 2014-03-08 02:37 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-04-21 11:44 - 2014-03-08 02:31 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-04-21 11:44 - 2014-03-08 02:30 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-04-21 11:44 - 2014-03-08 02:25 - 00264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-21 11:44 - 2014-03-08 02:09 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-04-21 11:44 - 2014-03-08 02:04 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-21 11:44 - 2014-03-08 02:02 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-04-21 11:44 - 2014-03-08 01:58 - 00567296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-21 11:44 - 2014-03-08 01:41 - 01306624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-04-21 11:44 - 2014-03-08 01:11 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-04-21 11:44 - 2014-03-06 10:35 - 01466864 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-04-21 11:44 - 2014-03-06 10:34 - 02331000 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-21 11:44 - 2014-03-06 10:34 - 00113648 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2014-04-21 11:44 - 2014-03-06 08:53 - 02141912 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-21 11:44 - 2014-03-06 08:53 - 00518552 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-21 11:44 - 2014-03-06 08:51 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-21 11:44 - 2014-03-06 08:51 - 00488280 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-04-21 11:44 - 2014-03-06 08:51 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-21 11:44 - 2014-03-06 08:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-21 11:44 - 2014-03-06 08:40 - 00492256 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-04-21 11:44 - 2014-03-06 08:40 - 00467504 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-04-21 11:44 - 2014-03-06 08:40 - 00463264 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-04-21 11:44 - 2014-03-06 08:40 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-04-21 11:44 - 2014-03-06 08:40 - 00244888 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-04-21 11:44 - 2014-03-06 08:39 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-04-21 11:44 - 2014-03-06 07:20 - 01200296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-04-21 11:44 - 2014-03-06 07:19 - 00390488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-04-21 11:44 - 2014-03-06 07:19 - 00094016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2014-04-21 11:44 - 2014-03-06 07:13 - 01779800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-21 11:44 - 2014-03-06 07:13 - 00406912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-21 11:44 - 2014-03-06 06:46 - 01679128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-04-21 11:44 - 2014-03-06 06:35 - 00406512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-04-21 11:44 - 2014-03-06 06:35 - 00388408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-04-21 11:44 - 2014-03-06 06:35 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-04-21 11:44 - 2014-03-06 06:35 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-04-21 11:44 - 2014-03-06 05:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-04-21 11:44 - 2014-03-06 05:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-21 11:44 - 2014-03-06 05:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-04-21 11:44 - 2014-03-06 05:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2014-04-21 11:44 - 2014-03-06 05:22 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-04-21 11:44 - 2014-03-06 05:22 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-21 11:44 - 2014-03-06 05:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2014-04-21 11:44 - 2014-03-06 05:20 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-04-21 11:44 - 2014-03-06 05:20 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-04-21 11:44 - 2014-03-06 05:20 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-04-21 11:44 - 2014-03-06 05:19 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2014-04-21 11:44 - 2014-03-06 05:19 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2014-04-21 11:44 - 2014-03-06 05:19 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2014-04-21 11:44 - 2014-03-06 05:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-04-21 11:44 - 2014-03-06 05:19 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2014-04-21 11:44 - 2014-03-06 05:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2014-04-21 11:44 - 2014-03-06 05:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll
2014-04-21 11:44 - 2014-03-06 04:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\DevPropMgr.dll
2014-04-21 11:44 - 2014-03-06 04:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-21 11:44 - 2014-03-06 04:37 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-21 11:44 - 2014-03-06 04:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-04-21 11:44 - 2014-03-06 04:20 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-04-21 11:44 - 2014-03-06 04:10 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2gpstore.dll
2014-04-21 11:44 - 2014-03-06 04:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2014-04-21 11:44 - 2014-03-06 04:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2014-04-21 11:44 - 2014-03-06 03:47 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-04-21 11:44 - 2014-03-06 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-04-21 11:44 - 2014-03-06 03:44 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-21 11:44 - 2014-03-06 03:22 - 16875520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-04-21 11:44 - 2014-03-06 03:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2014-04-21 11:44 - 2014-03-06 03:15 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-04-21 11:44 - 2014-03-06 03:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-04-21 11:44 - 2014-03-06 03:02 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2014-04-21 11:44 - 2014-03-06 02:59 - 12732416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-04-21 11:44 - 2014-03-06 02:57 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-04-21 11:44 - 2014-03-06 02:51 - 02900992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-04-21 11:44 - 2014-03-06 02:42 - 00589824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-04-21 11:44 - 2014-03-06 02:39 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-04-21 11:44 - 2014-03-06 02:34 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-04-21 11:44 - 2014-03-06 02:33 - 13286400 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-04-21 11:44 - 2014-03-06 02:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-04-21 11:44 - 2014-03-06 02:31 - 02479616 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-04-21 11:44 - 2014-03-06 02:29 - 11791360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-04-21 11:44 - 2014-03-06 02:29 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2014-04-21 11:44 - 2014-03-06 02:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-04-21 11:44 - 2014-03-06 02:24 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2014-04-21 11:44 - 2014-03-06 02:23 - 02270208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-04-21 11:44 - 2014-03-06 02:23 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-04-21 11:44 - 2014-03-06 02:21 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-04-21 11:44 - 2014-03-06 02:21 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-04-21 11:44 - 2014-03-06 02:16 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-04-21 11:44 - 2014-03-06 02:16 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-04-21 11:44 - 2014-03-06 02:13 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-04-21 11:44 - 2014-03-06 02:13 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-04-21 11:44 - 2014-03-06 02:11 - 02030080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-04-21 11:44 - 2014-03-06 02:09 - 01764864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-04-21 11:44 - 2014-03-06 02:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2014-04-21 11:44 - 2014-03-06 02:05 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-04-21 11:44 - 2014-03-06 02:04 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-04-21 11:44 - 2014-03-06 02:04 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-04-21 11:44 - 2014-03-06 02:01 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2014-04-21 11:44 - 2014-03-06 01:54 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-21 11:44 - 2014-03-06 01:54 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-04-21 11:44 - 2014-03-06 01:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2014-04-21 11:44 - 2014-03-06 01:47 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-04-21 11:44 - 2014-03-06 01:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-04-21 11:44 - 2014-03-06 01:42 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-04-21 11:44 - 2014-03-06 01:35 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-04-21 11:44 - 2014-03-06 01:33 - 00839168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-04-21 11:44 - 2014-03-06 01:32 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-04-21 11:44 - 2014-03-06 01:28 - 08653824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-04-21 11:44 - 2014-03-06 01:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-04-21 11:44 - 2014-03-06 01:21 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-21 11:44 - 2014-03-06 01:20 - 06641152 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-21 11:44 - 2014-03-04 08:25 - 02373784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-04-21 11:44 - 2014-03-04 08:15 - 02519384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-21 11:44 - 2014-03-04 08:15 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-21 11:44 - 2014-03-04 08:14 - 00360512 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-04-21 11:44 - 2014-03-04 07:16 - 02088160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-04-21 11:44 - 2014-03-04 07:10 - 00355832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-04-21 11:44 - 2014-03-04 04:11 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2014-04-21 11:44 - 2014-03-04 03:26 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2014-04-21 11:44 - 2014-03-04 03:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-04-21 11:44 - 2014-03-04 03:13 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-04-21 11:44 - 2014-03-04 03:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2014-04-21 11:44 - 2014-03-04 03:00 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-04-21 11:44 - 2014-03-04 02:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2014-04-21 11:44 - 2014-03-04 02:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-04-21 11:44 - 2014-03-04 02:42 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-04-21 11:44 - 2014-03-04 02:39 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2014-04-21 11:44 - 2014-03-04 02:32 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2014-04-21 11:44 - 2014-03-04 02:15 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2014-04-21 11:44 - 2014-03-04 02:05 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2014-04-21 11:44 - 2014-03-04 02:03 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2014-04-21 11:44 - 2014-03-04 02:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-04-21 11:44 - 2014-03-04 01:54 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-04-21 11:44 - 2014-03-04 01:52 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2014-04-21 11:44 - 2014-03-02 06:20 - 23549952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-21 11:44 - 2014-03-02 05:33 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-21 11:44 - 2014-02-26 02:29 - 02678784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-04-21 11:44 - 2014-02-06 18:59 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-04-21 11:44 - 2014-02-06 17:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-04-21 11:44 - 2013-12-23 19:28 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2014-04-21 11:44 - 2013-12-23 19:26 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2014-04-21 10:39 - 2014-04-21 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-04-21 10:26 - 2014-04-21 10:26 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\NVIDIA
2014-04-21 10:25 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\FedServ1\VirtualBox VMs
2014-04-21 10:23 - 2014-04-21 22:33 - 00000000 ____D () C:\Users\FedServ1\.VirtualBox
2014-04-21 10:23 - 2014-04-21 10:23 - 00001092 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-21 10:23 - 2014-04-21 10:23 - 00000000 ____D () C:\Program Files\Oracle
2014-04-21 10:23 - 2014-03-26 19:01 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-04-21 10:23 - 2014-03-26 19:00 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-04-21 09:28 - 2014-04-21 09:28 - 00002425 _____ () C:\Users\FedServ1\Desktop\MH.lnk
2014-04-18 19:44 - 2014-04-18 19:44 - 00002425 _____ () C:\Users\FedServ1\Desktop\HI.lnk
2014-04-18 18:58 - 2014-04-18 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-18 18:39 - 2010-04-24 08:00 - 00336896 _____ (CANON INC.) C:\Windows\system32\CNMLM9W.DLL
2014-04-18 18:39 - 2009-04-03 19:01 - 01321984 _____ (CANON INC.) C:\Windows\system32\CNC250C.dll
2014-04-18 18:39 - 2009-04-03 19:00 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNC250I.dll
2014-04-18 18:39 - 2009-04-03 18:57 - 00106496 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250U.dll
2014-04-18 18:39 - 2009-03-11 14:36 - 00328192 _____ (CANON INC.) C:\Windows\system32\CNC250L.dll
2014-04-18 18:39 - 2009-03-11 14:34 - 00303104 _____ (CANON INC.) C:\Windows\SysWOW64\CNC250L.dll
2014-04-18 18:39 - 2008-11-18 22:57 - 00012288 _____ () C:\Windows\SysWOW64\CNC173AD.TBL
2014-04-18 18:39 - 2008-08-25 21:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2014-04-18 18:39 - 2008-08-25 21:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2014-04-18 18:01 - 2014-04-18 18:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-18 17:53 - 2014-04-21 21:39 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 17:52 - 2014-04-03 12:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-18 17:52 - 2014-04-03 12:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 17:52 - 2014-04-03 12:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-18 17:36 - 2014-04-18 17:42 - 00000000 ____D () C:\Windows\pss
2014-04-18 17:05 - 2014-04-22 00:10 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-18 17:05 - 2014-04-21 14:10 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-18 17:05 - 2014-04-21 14:10 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-18 17:05 - 2014-04-18 17:05 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-18 17:05 - 2014-04-18 17:05 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-18 17:04 - 2014-04-21 12:41 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-18 17:04 - 2014-04-18 17:05 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 17:04 - 2014-03-31 06:51 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-18 16:55 - 2014-04-21 12:10 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-18 16:55 - 2014-04-18 16:55 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-04-18 16:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-18 16:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-18 16:55 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-18 16:55 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-04-18 16:55 - 2013-08-09 13:32 - 06599968 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-04-18 16:55 - 2013-08-09 13:32 - 03452192 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-04-18 16:55 - 2013-08-09 13:32 - 03310693 _____ () C:\Windows\system32\nvcoproc.bin
2014-04-18 16:55 - 2013-08-09 13:32 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-04-18 16:55 - 2013-08-09 13:32 - 00920864 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-04-18 16:55 - 2013-08-09 13:32 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-04-18 16:55 - 2013-08-09 13:32 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-04-18 16:54 - 2014-04-18 16:55 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-18 16:54 - 2014-04-18 16:55 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Titanium
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Apple Computer
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Local\Apple Computer
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-18 16:54 - 2013-08-27 02:03 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-04-18 16:54 - 2013-08-27 02:03 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-04-18 16:53 - 2014-04-18 16:54 - 00000000 ____D () C:\Program Files\pia_manager
2014-04-18 16:53 - 2014-04-18 16:53 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-04-18 16:53 - 2014-04-18 16:53 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-04-18 16:53 - 2014-04-18 16:53 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-04-18 16:49 - 2014-01-29 02:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-04-18 16:49 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-04-18 16:49 - 2014-01-27 15:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-04-18 16:49 - 2014-01-27 14:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-04-18 16:49 - 2014-01-27 13:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-04-18 16:49 - 2014-01-27 13:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-04-18 16:49 - 2014-01-19 03:38 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-04-18 16:49 - 2014-01-17 19:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-04-18 16:49 - 2014-01-17 17:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-04-18 16:49 - 2014-01-07 01:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-18 16:49 - 2014-01-07 00:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-18 16:49 - 2014-01-04 11:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-04-18 16:49 - 2014-01-04 11:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-04-18 16:49 - 2014-01-02 19:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-18 16:49 - 2014-01-02 19:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-18 16:49 - 2013-12-31 19:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-04-18 16:49 - 2013-12-30 19:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-04-18 16:49 - 2013-12-30 19:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-04-18 16:49 - 2013-12-27 04:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-04-18 16:49 - 2013-12-27 03:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-04-18 16:49 - 2013-12-21 10:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-04-18 16:49 - 2013-12-21 04:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-04-18 16:49 - 2013-12-21 03:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-04-18 16:49 - 2013-12-17 03:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-04-18 16:49 - 2013-11-27 11:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-18 16:49 - 2013-11-27 11:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-04-18 16:49 - 2013-11-27 10:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-04-18 16:49 - 2013-11-27 09:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-18 16:49 - 2013-11-27 08:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-04-18 16:49 - 2013-11-27 07:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-04-18 16:49 - 2013-11-27 06:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-18 16:49 - 2013-11-27 05:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-18 16:49 - 2013-11-27 05:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-04-18 16:49 - 2013-11-27 04:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-04-18 16:49 - 2013-11-24 19:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-04-18 16:49 - 2013-11-24 19:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-04-18 16:49 - 2013-11-23 03:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-04-18 16:49 - 2013-11-23 03:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-04-18 16:49 - 2013-11-23 00:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-04-18 16:49 - 2013-11-21 02:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-04-18 16:49 - 2013-11-21 02:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-18 16:49 - 2013-11-21 01:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-18 16:49 - 2013-11-15 10:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-04-18 16:49 - 2013-11-15 10:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-04-18 16:49 - 2013-11-15 10:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-04-18 16:49 - 2013-10-19 04:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-18 16:49 - 2013-10-19 03:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-18 16:49 - 2013-10-05 04:56 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-04-18 16:49 - 2013-10-05 04:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-04-18 16:49 - 2013-09-17 05:06 - 01067080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-04-18 16:48 - 2014-04-18 16:48 - 00147456 _____ () C:\Users\FedServ1\Desktop\catchme.exe
2014-04-18 16:48 - 2014-02-22 08:16 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-04-18 16:48 - 2014-02-22 07:24 - 00124416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-04-18 16:48 - 2014-01-07 03:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-04-18 16:48 - 2014-01-07 01:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-04-18 16:48 - 2013-12-08 20:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-18 16:48 - 2013-12-08 20:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-18 16:48 - 2013-12-08 19:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-18 16:48 - 2013-12-08 19:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-18 16:48 - 2013-11-23 00:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-18 16:48 - 2013-11-23 00:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-18 16:48 - 2013-11-10 22:48 - 00039768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-04-18 16:48 - 2013-11-08 01:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2014-04-18 16:48 - 2013-11-08 00:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-04-18 16:48 - 2013-11-01 07:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-04-18 16:48 - 2013-10-30 20:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-04-18 16:48 - 2013-10-30 20:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-04-18 16:48 - 2013-10-30 20:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-04-18 16:48 - 2013-10-25 21:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2014-04-18 16:48 - 2013-10-23 07:29 - 00044936 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2014-04-18 16:48 - 2013-10-23 07:21 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-18 16:48 - 2013-10-23 07:13 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2014-04-18 16:48 - 2013-10-22 04:18 - 00096088 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2014-04-18 16:48 - 2013-10-21 23:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-04-18 16:48 - 2013-10-19 01:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-18 16:48 - 2013-10-16 11:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-18 16:48 - 2013-10-16 09:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-04-18 16:48 - 2013-10-08 01:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-04-18 16:48 - 2013-10-08 01:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2014-04-18 16:48 - 2013-10-08 00:50 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-04-18 16:48 - 2013-10-08 00:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2014-04-18 16:48 - 2013-10-05 11:25 - 00057176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2014-04-18 16:48 - 2013-10-05 10:21 - 00699840 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-18 16:48 - 2013-10-05 08:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-18 16:48 - 2013-10-05 07:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-04-18 16:48 - 2013-10-05 05:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-04-18 16:48 - 2013-10-05 05:18 - 01011712 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-04-18 16:48 - 2013-10-05 04:55 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2014-04-18 16:48 - 2013-10-05 04:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-04-18 16:48 - 2013-10-05 04:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2014-04-18 16:48 - 2013-10-05 04:15 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-04-18 16:48 - 2013-10-05 03:43 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-04-18 16:48 - 2013-10-05 03:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-04-18 16:48 - 2013-09-17 02:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-04-18 16:48 - 2013-09-14 10:07 - 02134120 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-04-18 16:48 - 2013-09-14 10:00 - 00391512 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-04-18 16:48 - 2013-09-14 08:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-04-18 16:48 - 2013-09-14 08:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-04-18 16:48 - 2013-09-14 06:05 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-04-18 16:48 - 2013-09-14 05:11 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2014-04-18 16:48 - 2013-09-13 04:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-04-18 16:48 - 2013-09-13 03:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-04-18 16:48 - 2013-09-12 04:45 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-04-18 16:48 - 2013-09-12 04:08 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-04-18 16:48 - 2013-09-12 04:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-04-18 16:48 - 2013-09-12 03:44 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-04-18 16:48 - 2013-09-12 03:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-04-18 16:48 - 2013-09-12 03:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-04-18 16:48 - 2013-09-12 03:16 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-04-18 16:48 - 2013-09-12 03:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2014-04-18 16:48 - 2013-09-10 00:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2014-04-18 16:46 - 2014-04-21 12:41 - 00000000 ____D () C:\Users\FedServ1\AppData\Local\Google
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Macromedia
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
 
==================== One Month Modified Files and Folders =======
 
2014-04-22 10:48 - 2014-04-22 10:48 - 00012169 _____ () C:\Users\FedServ1\Desktop\FRST.txt
2014-04-22 10:48 - 2014-04-22 10:48 - 00000000 ____D () C:\FRST
2014-04-22 10:47 - 2014-04-22 10:47 - 02061312 _____ (Farbar) C:\Users\FedServ1\Desktop\FRST64.exe
2014-04-22 10:47 - 2013-09-29 23:34 - 01391394 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 10:45 - 2013-09-29 23:57 - 00003938 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{6CF15ED9-C87A-45F2-AD2E-17910B09EA55}
2014-04-22 10:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2014-04-22 10:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-04-22 00:10 - 2014-04-18 17:05 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 22:47 - 2014-04-21 22:47 - 00688992 _____ (Swearware) C:\Users\FedServ1\Desktop\dds.com
2014-04-21 22:43 - 2014-04-21 22:43 - 00288552 _____ () C:\Users\FedServ1\Desktop\OTL.Txt
2014-04-21 22:43 - 2014-04-21 22:43 - 00041998 _____ () C:\Users\FedServ1\Desktop\Extras.Txt
2014-04-21 22:33 - 2014-04-21 10:23 - 00000000 ____D () C:\Users\FedServ1\.VirtualBox
2014-04-21 22:32 - 2014-04-21 22:31 - 00602112 _____ (OldTimer Tools) C:\Users\FedServ1\Desktop\OTL.exe
2014-04-21 22:29 - 2014-04-21 22:29 - 00000279 _____ () C:\Users\FedServ1\Desktop\catchme.log
2014-04-21 21:39 - 2014-04-18 17:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 14:54 - 2013-09-29 23:39 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-762851687-2403243248-509913355-1001
2014-04-21 14:10 - 2014-04-18 17:05 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-21 14:10 - 2014-04-18 17:05 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 12:41 - 2014-04-21 12:41 - 00002425 _____ () C:\Users\FedServ1\Desktop\General.lnk
2014-04-21 12:41 - 2014-04-18 17:04 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-21 12:41 - 2014-04-18 16:46 - 00000000 ____D () C:\Users\FedServ1\AppData\Local\Google
2014-04-21 12:40 - 2013-09-30 00:14 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 12:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-04-21 12:14 - 2013-09-29 23:34 - 00000000 ___RD () C:\Users\FedServ1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-21 12:14 - 2013-09-29 23:34 - 00000000 ___RD () C:\Users\FedServ1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-21 12:14 - 2013-08-22 10:46 - 00015818 _____ () C:\Windows\setupact.log
2014-04-21 12:10 - 2014-04-18 16:55 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-21 12:10 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-21 12:10 - 2013-08-22 10:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2014-04-21 12:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\th-TH
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\he-IL
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\et-EE
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2014-04-21 12:04 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-04-21 12:04 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2014-04-21 11:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-04-21 10:39 - 2014-04-21 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2014-04-21 10:26 - 2014-04-21 10:26 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\NVIDIA
2014-04-21 10:25 - 2014-04-21 10:25 - 00000000 ____D () C:\Users\FedServ1\VirtualBox VMs
2014-04-21 10:25 - 2013-09-29 23:34 - 00000000 ____D () C:\Users\FedServ1
2014-04-21 10:23 - 2014-04-21 10:23 - 00001092 _____ () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
2014-04-21 10:23 - 2014-04-21 10:23 - 00000000 ____D () C:\Program Files\Oracle
2014-04-21 09:28 - 2014-04-21 09:28 - 00002425 _____ () C:\Users\FedServ1\Desktop\MH.lnk
2014-04-18 19:44 - 2014-04-18 19:44 - 00002425 _____ () C:\Users\FedServ1\Desktop\HI.lnk
2014-04-18 18:58 - 2014-04-18 18:58 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2014-04-18 18:39 - 2014-04-18 18:39 - 00000000 ___HD () C:\ProgramData\CanonBJ
2014-04-18 18:39 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2014-04-18 18:18 - 2014-04-18 18:01 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-18 17:52 - 2014-04-18 17:52 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-18 17:42 - 2014-04-18 17:36 - 00000000 ____D () C:\Windows\pss
2014-04-18 17:34 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-04-18 17:27 - 2013-09-30 00:02 - 00001120 _____ () C:\Windows\PFRO.log
2014-04-18 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-18 17:22 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-18 17:05 - 2014-04-18 17:05 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-18 17:05 - 2014-04-18 17:05 - 00003656 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-18 17:05 - 2014-04-18 17:04 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-18 17:01 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-04-18 17:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\restore
2014-04-18 16:55 - 2014-04-18 16:55 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
2014-04-18 16:55 - 2014-04-18 16:54 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-18 16:55 - 2014-04-18 16:54 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Titanium
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Apple Computer
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\Users\FedServ1\AppData\Local\Apple Computer
2014-04-18 16:54 - 2014-04-18 16:54 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-18 16:54 - 2014-04-18 16:53 - 00000000 ____D () C:\Program Files\pia_manager
2014-04-18 16:54 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Help
2014-04-18 16:53 - 2014-04-18 16:53 - 00031232 _____ (The OpenVPN Project) C:\Windows\system32\Drivers\tap0901.sys
2014-04-18 16:53 - 2014-04-18 16:53 - 00003164 _____ () C:\Windows\System32\Tasks\Private Internet Access Startup
2014-04-18 16:53 - 2014-04-18 16:53 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Private Internet Access
2014-04-18 16:49 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-04-18 16:48 - 2014-04-18 16:48 - 00147456 _____ () C:\Users\FedServ1\Desktop\catchme.exe
2014-04-18 16:39 - 2014-04-18 16:39 - 00000000 ____D () C:\Users\FedServ1\AppData\Roaming\Macromedia
2014-04-09 08:00 - 2014-04-21 11:44 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-08 23:32 - 2014-04-21 11:44 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-04-08 23:31 - 2014-04-21 11:44 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-04-08 23:23 - 2014-04-21 11:44 - 01705984 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-08 23:21 - 2014-04-21 11:44 - 03408896 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-03 12:51 - 2014-04-18 17:52 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 12:51 - 2014-04-18 17:52 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 12:50 - 2014-04-18 17:52 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-31 17:23 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-31 17:23 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-31 06:51 - 2014-04-18 17:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-26 19:01 - 2014-04-21 10:23 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-03-26 19:00 - 2014-04-21 10:23 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00156448 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys
2014-03-26 19:00 - 2014-03-26 19:00 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-03-26 18:58 - 2014-03-26 18:58 - 00204064 _____ (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll
 
Some content of TEMP:
====================
C:\Users\FedServ1\AppData\Local\Temp\catchme.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-04-19 13:17
 
==================== End Of Log ============================
 
Addition.txt Log:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by FedServ1 at 2014-04-22 10:49:16
Running from C:\Users\FedServ1\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
Canon MP250 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP250_series) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
NVIDIA 3D Vision Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Control Panel 326.60 (Version: 326.60 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 326.60 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 326.60 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2660 - NVIDIA Corporation) Hidden
NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden
Oracle VM VirtualBox 4.3.10 (HKLM\...\{5632714F-6A48-4BF2-89E0-F8B6CE9FE6D1}) (Version: 4.3.10 - Oracle Corporation)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
 
==================== Restore Points  =========================
 
18-04-2014 21:00:57 Windows Update
21-04-2014 14:23:08 Installed Oracle VM VirtualBox 4.3.10
 
==================== Hosts content: ==========================
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {13FECEFC-F746-4F44-942F-887E8B08DBA2} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {1ACEB5CB-AC70-4713-AD44-23B4AD796757} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2014-04-18] ()
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {6A614427-3DBD-472A-804C-23AEBD3696BF} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A80E3EE0-9EB7-45D9-96CE-7D3A7FDC54AE} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {BEDAB583-D6D4-4EA6-8A73-C0F4B2201826} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-03-31] (Microsoft Corporation)
Task: {CCC4AA5A-0B53-4BC0-BD4E-33D36E87F17C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D1D2247D-4670-4B33-B754-39D96346F58F} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EDC33A7C-7B5A-47FF-81BA-C97690CBE25C} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-04-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-04-18 16:53 - 2014-04-18 16:53 - 08757066 _____ () C:\Program Files\pia_manager\pia_manager.exe
2014-04-18 16:53 - 2014-04-18 16:53 - 00176128 _____ () C:\Program Files\pia_manager\pia_tray\pia_tray.exe
2014-03-26 18:59 - 2014-03-26 18:59 - 04477728 _____ () C:\Program Files\Oracle\VirtualBox\VBoxRT.dll
2014-03-26 19:00 - 2014-03-26 19:00 - 02465568 _____ () C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL
2014-03-26 19:01 - 2014-03-26 19:01 - 00671520 _____ () C:\Program Files\Oracle\VirtualBox\VBoxREM.dll
2014-03-26 18:59 - 2014-03-26 18:59 - 00376096 _____ () C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00690176 _____ () C:\Program Files\pia_manager\openvpn.exe
2014-04-18 16:53 - 2014-04-18 16:53 - 00190317 _____ () C:\Program Files\pia_manager\liblzo2-2.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00108441 _____ () C:\Program Files\pia_manager\libpkcs11-helper-1.dll
2014-04-18 17:05 - 2014-04-01 21:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll
2014-04-18 17:05 - 2014-04-01 21:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll
2014-04-18 17:05 - 2014-04-01 21:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll
2014-04-18 17:05 - 2014-04-01 21:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll
2014-04-18 17:05 - 2014-04-01 21:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll
2014-04-18 17:05 - 2014-04-01 21:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll
2014-04-21 12:14 - 2014-04-21 12:14 - 00012800 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00009728 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00014848 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00094208 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\src\rgloader\rgloader193.mswin.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00009216 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00094208 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00126976 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00087552 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00016384 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00127316 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\libffi-6.dll
2014-04-21 12:14 - 2014-04-21 12:14 - 00008704 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00013312 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-04-21 12:14 - 2014-04-21 12:14 - 00095744 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-04-21 12:14 - 2014-04-21 12:15 - 00027648 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00012800 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00009728 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00014848 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00094208 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\src\rgloader\rgloader193.mswin.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00094208 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00118784 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00069120 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00083968 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\zlib1.dll
2014-04-21 12:15 - 2014-04-21 12:15 - 00026624 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00275968 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00015360 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00008192 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00009216 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00023552 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00008704 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00008704 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00008704 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00008704 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00036352 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00126976 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00087552 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00016384 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00127316 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\libffi-6.dll
2014-04-21 12:15 - 2014-04-21 12:15 - 00013312 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00095744 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so
2014-04-21 12:15 - 2014-04-21 12:15 - 00027648 _____ () C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so
2014-04-18 16:53 - 2014-04-18 16:53 - 00815104 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\khost.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 01198592 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoFoundation.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00745472 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\CFLite.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 01234944 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\libxml2.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00059904 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\zlib1.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00200704 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiapp\1.2.0.RC6d\tiappmodule.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00290816 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoUtil.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00511488 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoXML.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00184320 _____ () C:\Program Files\pia_manager\pia_tray\modules\tifilesystem\1.2.0.RC6d\tifilesystemmodule.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00344064 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiui\1.2.0.RC6d\tiuimodule.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00376832 _____ () C:\Program Files\pia_manager\pia_tray\modules\tinetwork\1.2.0.RC6d\tinetworkmodule.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00642048 _____ () C:\Program Files\pia_manager\pia_tray\runtime\1.2.0.RC6d\PocoNet.dll
2014-04-18 16:53 - 2014-04-18 16:53 - 00217088 _____ () C:\Program Files\pia_manager\pia_tray\modules\tiprocess\1.2.0.RC6d\tiprocessmodule.dll
2014-04-18 17:05 - 2014-04-01 21:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29655347.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29655347.sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/22/2014 10:28:00 AM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 11:45:55 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 09:23:17 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 08:15:40 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 08:13:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (04/21/2014 05:59:42 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 02:53:08 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 01:36:55 PM) (Source: Software Protection Platform Service) (User: )
Description: License Activation (slui.exe) failed with the following error code:
hr=0x8007007B
Command-line arguments:
RuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 00:45:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (04/21/2014 00:44:08 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
 
System errors:
=============
Error: (04/22/2014 10:42:43 AM) (Source: DCOM) (User: Federal1)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}
 
Error: (04/22/2014 10:42:12 AM) (Source: DCOM) (User: Federal1)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}
 
Error: (04/21/2014 00:11:05 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (04/21/2014 00:10:57 PM) (Source: Microsoft-Windows-Eventlog) (User: NT AUTHORITY)
Description: The event logging service encountered an error (5) while enabling publisher {0BF2FB94-7B60-4B4D-9766-E82F658DF540} to channel Microsoft-Windows-Kernel-ShimEngine/Operational. This does not affect channel operation, but does affect the ability of the publisher to raise events to the channel. One common reason for this error is that the Provider is using ETW Provider Security and has not granted enable permissions to the Event Log service identity.
 
Error: (04/21/2014 10:44:37 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (04/21/2014 10:43:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (04/21/2014 10:43:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (04/21/2014 10:42:42 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (04/21/2014 10:42:12 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
Error: (04/21/2014 10:37:45 AM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the WSearch service.
 
 
Microsoft Office Sessions:
=========================
Error: (04/22/2014 10:28:00 AM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 11:45:55 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 09:23:17 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 08:15:40 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 08:13:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (04/21/2014 05:59:42 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 02:53:08 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 01:36:55 PM) (Source: Software Protection Platform Service)(User: )
Description: hr=0x8007007BRuleId=eeba1977-569e-4571-b639-7623d8bfecc0;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=c06b6981-d7fd-4a35-b7b4-054742b7af67;NotificationInterval=1440;Trigger=NetworkAvailable
 
Error: (04/21/2014 00:45:04 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\VM Shared\Apps\esetsmartinstaller_enu.exe
 
Error: (04/21/2014 00:44:08 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestD:\Apps\esetsmartinstaller_enu.exe
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-04-18 17:46:01.318
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\FedServ1\AppData\Local\Temp\mbr.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 26%
Total physical RAM: 12270.45 MB
Available physical RAM: 9059.33 MB
Total Pagefile: 14280.5 MB
Available Pagefile: 5892.15 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:199.66 GB) (Free:110.8 GB) NTFS
Drive d: (Work) (Fixed) (Total:1663.02 GB) (Free:1653.96 GB) NTFS
Drive i: (IR1_CPRA_X64FREV_EN-US_DV5) (CDROM) (Total:3.59 GB) (Free:0 GB) UDF
Drive j: (Hankins) (Removable) (Total:14.91 GB) (Free:4.89 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 23AB3C03)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-413373825024) - (Type=07 NTFS)
 
========================================================
Disk: 5 (Size: 15 GB) (Disk ID: 00000000)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 22 April 2014 - 09:56 AM

Thank you for your assistance. I tried to attach the TDSSKiller log as an attachment but receive an error message on the post form " Upload skipped (No file was selected for upload) Should I copy and paste the contents of the log to the body of my post?

 

Edit:

I moved the log to the desktop and was able to attach.

Attached Files


Edited by MadHatter2014, 22 April 2014 - 10:22 AM.


#5 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 23 April 2014 - 04:02 AM

Looks like we have a false positive here.

 

 

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, navigate to the Scan tab, select Custom Scan.
  • Click the Scan Now >> button.
  • Under 'Custom Scanning Options' uncheck all boxes.
  • Select only 'Scan for rootkits'.
  • Do not select any drive letter.
  • Click 'Start Scan'.
  • When the scan is complete, click on 'Cancel'.
  • Click Yes at the next message.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#6 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 23 April 2014 - 12:15 PM

Notes:
Last night I took a look at the event log and found several suspicious entries under the security tab such as the following:
(5+ consecutive entries) An attempt was made to query the existence of a blank password for an account.
Other entries are indicative of privilege escalation.
MalwareBytes also popped up with the following warning: Domain: IP:93.114.43.XXX, Port: Outbound.  I took screenshots and saved the log if needed.
 
I am 100% certain the machine was in fact compromised before I began performing a clean install of the system but did not save the logs thinking the format would remove the infection. I believe Win32/Heur was found by an Avira scan. As a developer I was running a local web sever in a virtual machine which I believe was the original attack vector. I also have an idea of whom is trying to compromise my system and my primary concern is there remains some lower level components of a previous infection (rootkit/bootkit/bios mod as indicated by the catchme.exe log) that could either be re-exploited or is allowing the attacker to compromise the system after I perform a format/wipe or re-install windows(which i have done many times and do so often). Before my last format the machine eventually would not allow me to login unless connected to the internet with an error message along the lines of: "domain service unavailable please connect to the network." I have never connected any of my machines to a domain like that of a workplace.
 
I have also tried Ubuntu previously on both this machine and my laptop(also believed to be infected, kept off the network for now and will deal with next) before returning to windows and posting to this thread. When doing this I ran chkrootkit and rkhunter immediately after a clean install. I understand it may be confusing to discuss other infected devices in this thread however I believe it may provide some additional insight into the infection on this machine as well as the level of sophistication of the attackers methods. Also be assured I have not made any system changes since starting this thread below are just other suspicious indications I have experienced leading me to believe my devices have been infected with a rootkit:
 
This PC (when Ubuntu 13.10 Install) I have the actual logs stored on a usb if needed.
Each reboot I received the message: evms_activate is not available or ready would you like to mount manually..eventually it would start after a short delay.
rkhunter results:
usr/sbin/adduser warning
usr/bin/lda warning
inetd services warning
 
-----------
 
Laptop (With fresh Ubuntu 13.10 Install):
chkrootkit results,
infected by /sbin/init by suckit rootkit
traceroute infected
sniffer wlan0 PF_Packet (usr/sbin/wpa_supplicant)
(suspecting a false positive I installed and ran rkhunter) 
 
rkhunter:
usr/sbin/adduser warning
usr/bin/lda warning
inetd services warning
SSH rootaccess is allowed
SSH v1 protocol is allowed
System toggling config file found
 
My laptop has since been formatted like my pc.
My process is the following: Boot parted magic live, formatted mbr, cleared cmos, performed dban wipe, reboot, configured BIOS, installed fresh copy of windows 8, updated, install PIA VPN, install malwarebytes
-----------
 
Android Phone (device replaced):
Suspicious activity began after connecting it to the network. All suspicious activity on each device started around the same time and escalated quickly. Indications of the infection included strange text messages from @localhost, extreme battery changes, and instances where dialing out would hang and/or freeze the device until reboot. The mobile device has since been replaced but the PC I am on now is my primary development machine that I use for work.
 
-----------
 
Most of my sensitive data is stored in an external, encrypted hard drive. There is only one other person who has had access to this machine and has the technical skills to perform the attacks.  I will also like to note that the above log entries mentioned at the very top "querying the passwords of accounts on this machine" occurred immediately after the suspected individual messaged me on facebook last night, I assume this could possibly have been used to obtain the ip address of my machine. I am in the process of formally documenting all traces of the attacks, logs, communications, etc if you can just please continue to assist me with ensuring this machine is as secure as possible to the absolute best of your abilities. At the moment I do not have the resources to replace the hardware or seek paid technical support and want to be sure I do everything possible to keep my clients and other sensitive data safe.
 
I appreciate you taking the time to help me and hope that you will consider the above as I am certainly being targeted by this individual. I am aware there is no 100% guarantee but just wanted to provide additional context to my situation before concluding this is a false positive. 

 

I have performed the requested scan using Malwarebytes, below is the log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/23/2014
Scan Time: 10:51:58 AM
Logfile: 
Administrator: Yes
 
Version: 2.00.1.1004
Malware Database: v2014.04.23.06
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Enabled
 
OS: Windows 8.1
CPU: x64
File System: NTFS
User: FedServ1
 
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 225977
Time Elapsed: 1 min, 26 sec
 
Memory: Disabled
Startup: Disabled
Filesystem: Disabled
Archives: Disabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)
 
 
--------------------------------------------------


#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 24 April 2014 - 03:21 AM

With your procedure, you have wiped every place where a rootkit could hide.

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 April 2014 - 10:39 AM

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-24 11:37:14
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000002d ST32000641AS rev.CC44 1863.02GB
Running: ew14p1pv.exe; Driver: C:\Users\FedServ1\AppData\Local\Temp\kwlyypow.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\Windows\system32\csrss.exe [560:592]                                                                                                                                                                                                                                fffff960008acb90
---- Processes - GMER 2.1 ----
 
Process  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788] (Ruby interpreter (GUI) 1.9.3p484 [i386-mingw32]/http://www.ruby-lang.org/)(2014-04-21 16:14:35)           0000000000400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788] (Ruby interpreter (DLL) 1.9.3p484 [i386-mingw32]/http://www.ruby-lang.org/)(2014-04-21 16:14:35)  0000000062d00000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:37)                                                            0000000071280000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:37)                                                       0000000070600000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:37)                                                    000000006dd40000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:35)                                                                   0000000010000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:51)                                                                  0000000065000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:39)                                              00000000024c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:56)                                                             000000006ab80000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:56)                                                                   000000006c280000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:56)                                                               0000000070a40000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:36)                                                                                    000000006b740000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:39)                                                         0000000065480000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:39)                                                  000000006d400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:39)                                                00000000628c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocr7B47.tmp\bin\rubyw.exe [4788](2014-04-21 16:14:57)                  0000000066940000
Process  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524] (Ruby interpreter (GUI) 1.9.3p484 [i386-mingw32]/http://www.ruby-lang.org/)(2014-04-21 16:15:06)           0000000000400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\msvcrt-ruby191.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524] (Ruby interpreter (DLL) 1.9.3p484 [i386-mingw32]/http://www.ruby-lang.org/)(2014-04-21 16:15:06)  0000000062d00000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\encdb.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:07)                                                            0000000071280000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\iso_8859_1.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:07)                                                       0000000070600000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\transdb.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:07)                                                    000000006dd40000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\src\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:05)                                                                   0000000010000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\site_ruby\1.9.1\rgloader\rgloader193.mswin.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:08)                                              00000000025c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\socket.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:08)                                                               000000006e600000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\zlib.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:09)                                                                 000000006a400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\zlib1.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:06)                                                                                       00000000025e0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\stringio.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:09)                                                             0000000065080000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\openssl.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:09)                                                              00000000671c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\LIBEAY32.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2014-04-21 16:15:06)              0000000063000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\SSLEAY32.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524] (OpenSSL shared library/The OpenSSL Project, http://www.openssl.org/)(2014-04-21 16:15:06)              000000006e400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\digest.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:09)                                                               0000000068000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\fcntl.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:09)                                                                000000006a1c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\etc.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:10)                                                                  0000000065000000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\parser.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                      000000006fac0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16be.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:10)                                                         0000000070f40000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_16le.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:08)                                                         0000000065480000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32be.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:10)                                                         000000006ffc0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\utf_32le.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                         000000006d100000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\json\ext\generator.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                   000000006adc0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\win32ole.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                             000000006ab80000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\dl.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                                   000000006c280000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\fiddle.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                                                               0000000070a40000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\libffi-6.dll (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:06)                                                                                    000000006b740000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\utf_16_32.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:08)                                                  000000006d400000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\1.9.1\i386-mingw32\enc\trans\single_byte.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:08)                                                00000000628c0000
Library  C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\lib\ruby\gems\1.9.1\gems\win32-api-1.4.8-x86-mingw32\lib\win32\ruby19\win32\api.so (*** suspicious ***) @ C:\Users\FedServ1\AppData\Local\Temp\ocrF78B.tmp\bin\rubyw.exe [3524](2014-04-21 16:15:11)                  0000000066940000
 
---- Registry - GMER 2.1 ----
 
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{59DEBD24-621A-44C1-A017-00E44E678E7F}\Connection@Name                                                                                                                            Reusable ISATAP Interface {59DEBD24-621A-44C1-A017-00E44E678E7F}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{848656CB-962F-4F7C-889F-C96F256DF84C}\Connection@Name                                                                                                                            Reusable ISATAP Interface {848656CB-962F-4F7C-889F-C96F256DF84C}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                      786481286
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalResumeTime                                                                                                                                                                                            114210469
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnFromHandlerTimestamp                                                                                                                                                                           114210061
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@SleeperThreadEndTimestamp                                                                                                                                                                                  114210066
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelReturnSystemPowerState                                                                                                                                                                               114210406
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberHiberFileTime                                                                                                                                                                                         6624
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberInitTime                                                                                                                                                                                              51
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@TotalHibernateTime                                                                                                                                                                                         10748
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@DeviceResumeTime                                                                                                                                                                                           313
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesProcessed                                                                                                                                                                                       690991
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@KernelPagesWritten                                                                                                                                                                                         0x40 0x0E 0x03 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesProcessed                                                                                                                                                                                         42916
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@BootPagesWritten                                                                                                                                                                                           0x46 0x5F 0x00 0x00 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@HiberIoCpuTime                                                                                                                                                                                             900
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@ResumeCompleteTimestamp                                                                                                                                                                                    0x76 0x55 0x48 0x0C ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS@Start                                                                                                                                                                                                                      3
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BITS                                                                                                                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{59DEBD24-621A-44C1-A017-00E44E678E7F}@InterfaceName                                                                                                                                                 Reusable ISATAP Interface {59DEBD24-621A-44C1-A017-00E44E678E7F}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{59DEBD24-621A-44C1-A017-00E44E678E7F}@ReusableType                                                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{59DEBD24-621A-44C1-A017-00E44E678E7F}@DefunctTimestamp                                                                                                                                              0x0A 0x6D 0x58 0x53 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{848656CB-962F-4F7C-889F-C96F256DF84C}@InterfaceName                                                                                                                                                 Reusable ISATAP Interface {848656CB-962F-4F7C-889F-C96F256DF84C}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{848656CB-962F-4F7C-889F-C96F256DF84C}@ReusableType                                                                                                                                                  1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                                                        789
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                                       302
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@DhcpIPAddress                                                                                                                                                10.125.1.10
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@DhcpServer                                                                                                                                                   10.125.1.9
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@LeaseObtainedTime                                                                                                                                            1398303411
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@T1                                                                                                                                                           1414071411
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@T2                                                                                                                                                           1425897411
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3A43E874-AE57-4812-9453-8727AFD705C7}@LeaseTerminatesTime                                                                                                                                          1429839411
 
---- EOF - GMER 2.1 ----


#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 24 April 2014 - 10:49 AM

What is ruby used for on your computer?


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 April 2014 - 10:59 AM

I believe ruby is used for the Private Internet Access VPN application I have installed.

It is probably the source of the MalwareBytes notification I received.

Kill Switch and DNS Leak protection are enabled forcing all traffic through the application.

 

Unknowingly I did leave the VPN running in the system tray while performing the requested gmer scan. 

Once I restored the machine, My intention was to use the VPN to reduce the possibility of MITM attacks in the event there is other infected machines on the network 

Should I close the VPN application and re-run the scan once more?

 

Additional Notes:

Last night I was doing some research into the original catchme.exe log and found this article that may provide some insight into a possible false positive:

LINK: http://msdn.microsoft.com/en-us/library/windows/desktop/aa384274(v=vs.85).aspx

The article discusses WOW64 implementation and its relationship with ntdll, refer to the Global Hooks section.



#11 MadHatter2014

MadHatter2014
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:42 AM

Posted 24 April 2014 - 11:31 AM

While waiting for a reply the following has occurred:

 

MalwareBytes displayed a notification:

Protection Disabled

One or more components of protection are disabled.

 

I clicked fix now.

The pop-up notification re-appears. Every time I click Fix Now. 

 

I opened Malwarebytes Dashboard, entered my access protection password to change the settings.

Clicked Detection & Protection Tab

 

Attempted to enable malicious website protection

Every time I click enable it is immediately disabled, there is no way for me to keep the malicious website protection enabled. 

 

Never experienced anything like this.



#12 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 25 April 2014 - 02:05 AM

The detected ntdll code modification is clearly a false positive.

Let´s see what we can find else:

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:42 PM

Posted 08 May 2014 - 04:20 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users