Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Websearch Malware(I think)


  • This topic is locked This topic is locked
15 replies to this topic

#1 thefrogshateme

thefrogshateme

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 27 December 2014 - 04:40 AM

My computer is infecected. I downloaded nod 32(free trial), ccleaner(free version), and SUPERantispyware(free trial). I'm still getting dirrected to outside sites and nod 32 keeps saying sites have been blocked. So I followed this log and here are my results. (I just want my computer as clean, and free of anything harmful as possible.)

 

Edit-

nothing was ran in safemode

I'm also getting prompt by firefox that most of the sites I visit have a forgery warning.

 

 

 

 

 

These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

 

-Security Check-

 

    Download Security Check by screen317 from here.

        Save it to your Desktop.

        Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.

        A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

    Please download AdwCleaner by Xplode onto your desktop.

        Close all open programs and internet browsers.

        Double click on AdwCleaner.exe to run the tool.

        Click on Delete.

        Confirm each time with Ok.

        Your computer will be rebooted automatically. A text file will open after the restart.

        Please post the content of that logfile with your next answer.

        You can find the logfile at C:\AdwCleaner[S1].txt as well.

 

--RogueKiller--

 

    Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit

        Quit all programs that you may have started.

        Please disconnect any USB or external drives from the computer before you run this scan!

        For Vista or Windows 7, right-click and select "Run as Administrator to start"

        For Windows XP, double-click to start.

        Wait until Prescan has finished ...

        Then Click on "Scan" button

        Wait until the Status box shows "Scan Finished"

        click on "delete"

        Wait until the Status box shows "Deleting Finished"

        Click on "Report" and copy/paste the content of the Notepad into your next reply.

        The log should be found in RKreport[1].txt on your Desktop

        Exit/Close RogueKiller+

 

 

 

 

 

 

 

Results of screen317's Security Check version 0.99.93 

   x64 (UAC is enabled) 

Internet Explorer 11 

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled! 

ESET NOD32 Antivirus 8.0  

Windows Defender          

Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

Adobe Flash Player  16.0.0.235 

Adobe Reader XI 

Mozilla Firefox (34.0.5)

````````Process Check: objlist.exe by Laurent````````

ESET NOD32 Antivirus egui.exe 

ESET NOD32 Antivirus ekrn.exe 

`````````````````System Health check`````````````````

Total Fragmentation on Drive C:  %

````````````````````End of Log``````````````````````

 

 

# AdwCleaner v4.106 - Report created 27/12/2014 at 04:14:11

# Updated 21/12/2014 by Xplode

# Database : 2014-12-21.4 [Live]

# Operating System : Windows 8.1 Pro  (64 bits)

# Username : compaq - RANDALL

# Running from : C:\Users\compaq\Downloads\adwcleaner_4.106.exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\prizeccoiupon

Folder Deleted : C:\ProgramData\c9680475303d6826

Folder Deleted : C:\Program Files (x86)\predm

Folder Deleted : C:\Program Files (x86)\prizeccoiupon

Folder Deleted : C:\Users\compaq\AppData\Local\Smartbar

File Deleted : C:\END

File Deleted : C:\Users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zbj2ibl7.default\searchplugins\trovi-search.xml

File Deleted : C:\Users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zbj2ibl7.default\user.js

 

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}

Key Deleted : HKCU\Software\Compete

Key Deleted : HKCU\Software\TutoTag

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\CompeteInc

Key Deleted : HKLM\SOFTWARE\TBID

Key Deleted : [x64] HKLM\SOFTWARE\TBID

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518

 

-\\ Mozilla Firefox v34.0.5 (x86 en-US)

 

[zbj2ibl7.default\prefs.js] - Line Deleted : user_pref("Q", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx1[...]

[zbj2ibl7.default\prefs.js] - Line Deleted : user_pref("Z", "Dzt4WGZMDe4TDyVLBSYPW6mGWfJ7gfsYDftIoiZ6Ae4UB6CKC7lIhS4IB7qZDyVLBS4OCMlMscIYhy0TDe8VBNnKg70LA7VVujJPhSZ8CMEKAe4UhfZohSYSgeqVgM0LAGsPoS9FXzF8CMEKAe4UhfZohSYSD7xGBMxIhft9rjwKg70JsSU+vjx1[...]

*************************

AdwCleaner[R0].txt - [2730 octets] - [27/12/2014 04:11:00]

AdwCleaner[S0].txt - [2399 octets] - [27/12/2014 04:14:11]

 

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2459 octets] ##########

 

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software

mail : http://www.adlice.com/contact/

Feedback : http://forum.adlice.com

Website : http://www.adlice.com/softwares/roguekiller/

Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version

Started in : Normal mode

User : compaq [Administrator]

Mode : Delete -- Date : 12/27/2014  04:29:48

 

¤¤¤ Processes : 0 ¤¤¤

 

¤¤¤ Registry : 6 ¤¤¤

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Not selected

[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Not selected

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected

[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected

[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected

 

¤¤¤ Tasks : 0 ¤¤¤

 

¤¤¤ Files : 0 ¤¤¤

 

¤¤¤ Hosts File : 0 ¤¤¤

 

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

 

¤¤¤ Web browsers : 0 ¤¤¤

 

¤¤¤ MBR Check : ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HM251JI ATA Device +++++

--- User ---

[MBR] db2f9b1559227935fb8388e47302f186

[BSP] d6c83ad887da5869c11566495a8116dc : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB

1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 226983 MB

2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465580032 | Size: 11138 MB

User = LL1 ... OK

User = LL2 ... OK

 

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++

Error reading User MBR! ([15] The device is not ready. )

Error reading LL1 MBR! NOT VALID!

Error reading LL2 MBR! ([32] The request is not supported. )

 

============================================

RKreport_SCN_12272014_042835.log


Edited by thefrogshateme, 27 December 2014 - 07:33 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 31 December 2014 - 10:26 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


--RogueKiller--
  • Download & SAVE to your Desktop For 32bit system or For 64bit system
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 31 December 2014 - 09:21 PM

RogueKiller V10.1.1.0 [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : compaq [Administrator]
Mode : Scan -- Date : 12/31/2014  20:47:07

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 6 ¤¤¤
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310} | NameServer : 31.168.224.106,5.135.12.52 [(Unknown Country?) (XX)][(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM251JI ATA Device +++++
--- User ---
[MBR] db2f9b1559227935fb8388e47302f186
[BSP] d6c83ad887da5869c11566495a8116dc : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 350 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 718848 | Size: 226983 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 465580032 | Size: 11138 MB
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )


============================================
RKreport_DEL_12272014_042948.log - RKreport_SCN_12272014_042835.log

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by compaq (administrator) on RANDALL on 31-12-2014 21:12:16
Running from C:\Users\compaq\Desktop
Loaded Profiles: compaq & UpdatusUser (Available profiles: compaq & UpdatusUser)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_235.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [gmsd_us_8] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
URLSearchHook: [S-1-5-21-3257356177-2383744274-2500186646-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3257356177-2383744274-2500186646-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310}: [NameServer] 31.168.224.106,5.135.12.52

FireFox:
========
FF ProfilePath: C:\Users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zbj2ibl7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
S2 439f3a51; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAid\SystemAid.dll",serv

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-31] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 21:12 - 2014-12-31 21:13 - 00006772 _____ () C:\Users\compaq\Desktop\FRST.txt
2014-12-31 21:12 - 2014-12-31 21:12 - 00000000 ____D () C:\FRST
2014-12-31 21:11 - 2014-12-31 21:11 - 02123264 _____ (Farbar) C:\Users\compaq\Desktop\FRST64.exe
2014-12-31 20:35 - 2014-12-31 20:36 - 15298136 _____ () C:\Users\compaq\Desktop\RogueKiller.exe
2014-12-27 06:02 - 2014-12-27 06:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 06:01 - 2014-12-27 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-12-27 06:01 - 2014-12-27 06:01 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-12-27 05:59 - 2014-12-27 06:00 - 26771088 _____ () C:\Users\compaq\Downloads\SeaToolsforWindowsSetup.exe
2014-12-27 04:21 - 2014-12-31 20:36 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-27 04:21 - 2014-12-27 04:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-27 04:20 - 2014-12-27 04:21 - 15298136 _____ () C:\Users\compaq\Downloads\RogueKiller.exe
2014-12-27 04:16 - 2014-12-27 04:16 - 00000310 _____ () C:\Windows\PFRO.log
2014-12-27 04:09 - 2014-12-27 04:14 - 00000000 ____D () C:\AdwCleaner
2014-12-27 04:08 - 2014-12-27 04:08 - 02173952 _____ () C:\Users\compaq\Downloads\adwcleaner_4.106.exe
2014-12-27 04:07 - 2014-12-31 20:54 - 00527558 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 04:05 - 2014-12-27 04:05 - 00852505 _____ () C:\Users\compaq\Downloads\SecurityCheck.exe
2014-12-27 04:04 - 2014-12-27 04:31 - 00007730 _____ () C:\Users\compaq\Desktop\New Text Document.txt
2014-12-27 02:23 - 2014-12-27 02:23 - 00000000 ____D () C:\Users\compaq\AppData\Roaming\SUPERAntiSpyware.com
2014-12-27 02:18 - 2014-12-27 02:18 - 00001820 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-12-27 02:18 - 2014-12-27 02:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-27 02:17 - 2014-12-27 03:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 02:17 - 2014-12-27 02:17 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-12-27 02:17 - 2014-12-27 02:17 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 02:16 - 2014-12-27 02:17 - 20846536 _____ (SUPERAntiSpyware) C:\Users\compaq\Downloads\SUPERAntiSpyware.exe
2014-12-27 02:14 - 2014-12-27 02:14 - 00000000 ____D () C:\Users\compaq\AppData\Local\ESET
2014-12-27 02:09 - 2014-12-27 02:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\compaq\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\ProgramData\ESET
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\Program Files\ESET
2014-12-27 01:58 - 2014-12-27 01:58 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(3).exe
2014-12-27 01:51 - 2014-12-27 01:51 - 00671432 _____ (ESET) C:\Users\compaq\Downloads\ESETUninstaller(1).exe
2014-12-27 01:42 - 2014-12-27 01:52 - 00020837 _____ () C:\Users\compaq\Downloads\~ESETUninstaller.log
2014-12-27 01:42 - 2014-12-27 01:42 - 00671432 _____ (ESET) C:\Users\compaq\Downloads\ESETUninstaller.exe
2014-12-27 01:31 - 2014-12-27 01:31 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(2).exe
2014-12-27 01:30 - 2014-12-27 01:31 - 01064248 _____ (Download Manager) C:\Users\compaq\Downloads\setup.exe
2014-12-27 01:30 - 2014-12-27 01:30 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(1).exe
2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Program Files (x86)\buyufast
2014-12-27 01:12 - 2014-12-27 01:12 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer.exe
2014-12-26 19:43 - 2014-12-27 01:29 - 00000000 ____D () C:\ProgramData\buyufast
2014-12-26 01:36 - 2014-12-27 02:22 - 00000000 ____D () C:\Program Files (x86)\SystemAid
2014-12-23 10:52 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-23 10:52 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-22 07:37 - 2014-12-22 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 07:35 - 2014-12-22 07:35 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:27 - 2009-04-30 12:46 - 00702976 _____ () C:\Windows\system32\cohelper.dll
2014-12-22 07:27 - 2009-04-29 05:27 - 00005940 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-12-22 07:27 - 2009-04-26 09:32 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-12-22 07:20 - 2014-12-22 07:21 - 43627880 _____ (NVIDIA Corporation ) C:\Users\compaq\Downloads\15.35_nforce_win7_64bit_international_whql.exe
2014-12-18 13:03 - 2014-12-31 20:11 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 01:09 - 2014-12-18 01:09 - 00003184 _____ () C:\Windows\System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687}
2014-12-18 01:05 - 2014-12-18 01:05 - 00003098 _____ () C:\Windows\System32\Tasks\Systeye
2014-12-17 20:18 - 2014-12-17 20:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-14 04:27 - 2014-12-14 04:27 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-14 04:27 - 2014-12-14 04:27 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-14 04:26 - 2014-12-14 04:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-10 13:43 - 2014-12-10 13:43 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 13:43 - 2014-12-10 13:43 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-10 13:42 - 2014-12-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-10 13:40 - 2014-12-10 23:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 00:16 - 2014-12-10 00:16 - 00000000 ____D () C:\Users\compaq\AppData\Local\Downloaded Installations
2014-12-09 14:48 - 2014-12-09 14:48 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-07 05:11 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-07 05:11 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-06 22:56 - 2014-12-17 18:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-06 22:55 - 2014-12-17 17:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-06 12:22 - 2014-12-06 12:22 - 00000000 ____D () C:\Users\compaq\AppData\Local\Temp4206
2014-12-06 09:32 - 2014-12-27 02:14 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-05 23:32 - 2014-12-05 23:32 - 00000000 ____D () C:\Users\compaq\AppData\Local\Macromedia
2014-12-05 23:30 - 2014-12-31 20:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 23:30 - 2014-12-25 11:26 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-05 23:30 - 2014-12-05 23:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-05 23:28 - 2014-12-25 12:46 - 00000000 ____D () C:\Users\compaq\AppData\Local\Adobe
2014-12-05 23:21 - 2013-12-11 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-12-05 23:21 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-05 23:21 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-05 23:21 - 2013-11-27 03:20 - 04106240 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-12-05 23:21 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-12-05 23:21 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-12-05 23:21 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-12-05 23:21 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-12-05 23:21 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-12-05 23:21 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-05 23:21 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-05 23:21 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-05 23:21 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-12-05 23:21 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-05 23:20 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-12-05 23:20 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-12-05 23:20 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-12-05 23:20 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-12-05 23:20 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-12-05 23:20 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-12-05 23:20 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-12-05 23:20 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-12-05 23:20 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-12-05 23:20 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-12-05 23:20 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-12-05 23:20 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-12-05 23:20 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-12-05 23:20 - 2013-11-24 20:45 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-12-05 23:20 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-05 23:20 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-05 23:20 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-12-05 23:20 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-12-05 23:20 - 2013-11-23 02:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-12-05 23:20 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-12-05 23:20 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-12-05 23:20 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-12-05 23:20 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-05 23:20 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-05 23:19 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-12-05 23:18 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-12-05 23:17 - 2014-01-07 20:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-12-05 23:17 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-05 23:17 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-12-05 23:17 - 2014-01-04 10:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-12-05 23:17 - 2014-01-04 10:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-12-05 23:17 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-12-05 23:17 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-12-05 23:17 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-05 23:17 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-12-05 23:17 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-05 23:17 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-12-05 23:17 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-05 23:17 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-12-05 23:17 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-12-05 23:17 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-05 23:17 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-12-05 23:17 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-12-05 23:17 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-12-05 23:17 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-12-05 23:17 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-12-05 23:17 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-12-05 23:17 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-12-05 23:17 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-12-05 23:17 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-12-05 23:17 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-12-05 23:17 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-12-05 23:17 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-12-05 23:17 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-12-05 23:17 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-12-05 23:17 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-12-05 23:17 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-12-05 23:17 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-12-05 23:17 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-12-05 23:17 - 2013-11-04 06:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-12-05 23:17 - 2013-11-03 20:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-12-05 23:17 - 2013-10-05 09:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-05 23:17 - 2013-10-05 09:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-05 23:17 - 2013-10-05 07:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-05 23:17 - 2013-10-05 07:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-12-05 23:17 - 2013-09-26 01:51 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-12-05 23:17 - 2013-09-26 01:34 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2014-12-05 23:17 - 2013-09-26 01:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2014-12-05 23:15 - 2013-09-24 00:05 - 01245696 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-12-05 23:15 - 2013-09-21 01:33 - 11366912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2014-12-05 23:15 - 2013-09-21 00:34 - 01555456 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2014-12-05 23:15 - 2013-09-21 00:10 - 12028416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-12-05 23:14 - 2013-09-26 04:20 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2014-12-05 23:14 - 2013-09-25 05:25 - 00783504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2014-12-05 23:14 - 2013-09-25 03:58 - 00648648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2014-12-05 23:14 - 2013-09-25 00:40 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2014-12-05 23:14 - 2013-09-24 00:54 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-12-05 23:14 - 2013-09-24 00:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-12-05 23:14 - 2013-09-23 22:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2014-12-05 23:14 - 2013-09-21 07:10 - 00579416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-12-05 23:14 - 2013-09-21 07:10 - 00236376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-05 23:14 - 2013-09-21 07:10 - 00151384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-05 23:14 - 2013-09-21 06:50 - 00528048 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-12-05 23:14 - 2013-09-21 06:48 - 00534048 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-12-05 23:14 - 2013-09-21 06:48 - 00123480 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-12-05 23:14 - 2013-09-21 05:56 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-12-05 23:14 - 2013-09-21 05:53 - 01534504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00996320 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00934856 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00366688 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2014-12-05 23:14 - 2013-09-21 05:45 - 00171968 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-12-05 23:14 - 2013-09-21 04:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-12-05 23:14 - 2013-09-21 04:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-12-05 23:14 - 2013-09-21 04:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-12-05 23:14 - 2013-09-21 04:09 - 00796928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2014-12-05 23:14 - 2013-09-21 04:09 - 00312936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2014-12-05 23:14 - 2013-09-21 02:58 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-12-05 23:14 - 2013-09-21 02:57 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-12-05 23:14 - 2013-09-21 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-12-05 23:14 - 2013-09-21 02:50 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-12-05 23:14 - 2013-09-21 02:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-12-05 23:14 - 2013-09-21 01:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-12-05 23:14 - 2013-09-21 00:59 - 00940544 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-05 23:14 - 2013-09-21 00:57 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2014-12-05 23:14 - 2013-09-21 00:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2014-12-05 23:14 - 2013-09-21 00:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-12-05 23:14 - 2013-09-21 00:38 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-12-05 23:14 - 2013-09-21 00:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-05 23:14 - 2013-09-21 00:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-12-05 23:14 - 2013-09-21 00:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-12-05 23:14 - 2013-09-21 00:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-12-05 23:14 - 2013-09-20 23:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2014-12-05 23:14 - 2013-09-20 23:44 - 01662464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2014-12-05 23:14 - 2013-09-20 23:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2014-12-05 23:14 - 2013-09-20 23:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-12-05 23:14 - 2013-09-20 23:37 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2014-12-05 23:14 - 2013-09-20 23:36 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-12-05 23:14 - 2013-09-19 01:17 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-12-05 23:14 - 2013-09-19 00:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-12-05 23:14 - 2013-09-19 00:08 - 01150976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-12-05 23:14 - 2013-09-19 00:01 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-12-05 23:14 - 2013-09-18 23:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2014-12-05 23:14 - 2013-09-18 23:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2014-12-05 23:14 - 2013-09-18 23:27 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2014-12-05 23:14 - 2013-09-18 23:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-12-05 23:14 - 2013-09-18 23:25 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-12-05 23:14 - 2013-09-18 23:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2014-12-05 23:14 - 2013-09-18 23:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-12-05 23:14 - 2013-09-18 22:59 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-12-05 23:14 - 2013-09-18 22:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2014-12-05 23:14 - 2013-09-18 22:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-12-05 23:14 - 2013-09-18 22:32 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-12-05 23:14 - 2013-09-17 04:18 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-12-05 23:14 - 2013-09-17 00:15 - 01225728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-12-05 23:14 - 2013-09-17 00:00 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2014-12-05 23:14 - 2013-09-16 23:08 - 00738304 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2014-12-05 23:14 - 2013-09-14 09:06 - 00175960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2014-12-05 23:14 - 2013-09-14 09:06 - 00066904 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL
2014-12-05 23:14 - 2013-09-13 04:52 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2014-12-05 23:14 - 2013-09-13 03:54 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2014-12-05 23:14 - 2013-09-13 02:55 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2014-12-05 23:14 - 2013-09-13 02:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2014-12-05 23:14 - 2013-09-12 02:37 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-12-05 23:14 - 2013-09-11 04:31 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-12-05 23:14 - 2013-09-11 04:31 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-12-05 23:14 - 2013-09-11 02:41 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-12-05 23:14 - 2013-09-11 02:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-12-05 23:14 - 2013-09-07 07:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2014-12-05 23:14 - 2013-09-07 07:29 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-12-05 23:14 - 2013-09-07 06:45 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2014-12-05 23:14 - 2013-09-07 06:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2014-12-05 23:14 - 2013-09-07 06:07 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2014-12-05 23:14 - 2013-09-07 05:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-12-05 23:14 - 2013-09-07 05:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-12-05 23:14 - 2013-09-05 02:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-12-05 23:14 - 2013-09-05 01:42 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2014-12-05 23:14 - 2013-09-04 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-12-05 23:14 - 2013-09-04 01:16 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2014-12-05 23:14 - 2013-09-04 00:47 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2014-12-05 23:14 - 2013-09-04 00:12 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2014-12-05 23:14 - 2013-09-03 23:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2014-12-05 23:14 - 2013-09-03 23:48 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-12-05 23:14 - 2013-09-03 23:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-12-05 23:14 - 2013-08-31 09:18 - 00205024 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-12-05 23:14 - 2013-08-31 07:15 - 00180232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-12-05 23:14 - 2013-08-31 07:04 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-12-05 23:14 - 2013-08-30 02:31 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-12-05 23:14 - 2013-08-28 02:55 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-12-05 23:14 - 2013-08-28 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2014-12-05 23:14 - 2013-08-28 02:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2014-12-05 23:14 - 2013-08-27 01:09 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2014-12-05 23:14 - 2013-08-27 00:24 - 00813568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2014-12-05 23:13 - 2013-09-26 02:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2014-12-05 23:13 - 2013-09-26 02:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2014-12-05 23:13 - 2013-09-25 02:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2014-12-05 23:13 - 2013-09-24 01:55 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-12-05 23:13 - 2013-09-24 00:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2014-12-05 23:13 - 2013-09-21 01:01 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2014-12-05 23:13 - 2013-09-21 00:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-05 23:13 - 2013-09-21 00:20 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-12-05 23:13 - 2013-09-21 00:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-12-05 23:13 - 2013-09-20 23:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2014-12-05 23:13 - 2013-09-19 02:19 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2014-12-05 23:13 - 2013-09-19 01:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2014-12-05 23:13 - 2013-09-19 01:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2014-12-05 23:13 - 2013-09-19 01:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WorkFoldersRes.dll
2014-12-05 23:13 - 2013-09-19 00:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll
2014-12-05 23:13 - 2013-09-17 01:58 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-12-05 23:13 - 2013-09-17 00:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-12-05 23:13 - 2013-09-16 23:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-12-05 23:13 - 2013-09-16 22:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2014-12-05 23:13 - 2013-09-14 06:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-12-05 23:13 - 2013-09-13 03:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2014-12-05 23:13 - 2013-09-07 07:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdprint.dll
2014-12-05 23:13 - 2013-09-07 06:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2014-12-05 23:13 - 2013-09-07 06:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2014-12-05 23:13 - 2013-09-07 06:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2014-12-05 23:13 - 2013-09-05 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2014-12-05 23:13 - 2013-08-31 05:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-12-05 23:13 - 2013-08-31 05:00 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-12-05 23:13 - 2013-08-31 04:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-12-05 23:10 - 2013-10-22 02:55 - 02328872 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-12-05 23:10 - 2013-10-22 01:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-12-05 23:10 - 2013-10-21 22:44 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-12-05 23:10 - 2013-10-21 21:38 - 01362944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-12-05 23:10 - 2013-10-21 20:53 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-12-05 23:10 - 2013-10-18 23:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-12-05 23:10 - 2013-10-18 22:26 - 01231360 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-12-05 23:10 - 2013-10-16 04:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2014-12-05 23:10 - 2013-10-16 04:33 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2014-12-05 23:10 - 2013-10-12 21:43 - 00708616 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-12-05 23:10 - 2013-10-08 00:50 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-05 23:10 - 2013-10-08 00:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2014-12-05 23:10 - 2013-10-06 21:13 - 03532288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 23:10 - 2013-10-05 09:21 - 00699840 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-05 23:10 - 2013-10-05 04:18 - 01011712 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-05 23:10 - 2013-10-05 03:56 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-12-05 23:10 - 2013-10-05 03:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-12-05 23:10 - 2013-10-05 02:43 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-12-05 23:10 - 2013-10-04 03:10 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2014-12-05 23:10 - 2013-09-17 04:06 - 01067080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-12-05 23:10 - 2013-09-17 01:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-12-05 23:10 - 2013-09-14 09:07 - 02134120 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-12-05 23:10 - 2013-09-14 07:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-12-05 23:10 - 2013-09-12 02:44 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-12-05 23:09 - 2013-10-23 06:29 - 00044936 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2014-12-05 23:09 - 2013-10-23 06:21 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-12-05 23:09 - 2013-10-23 06:13 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2014-12-05 23:09 - 2013-10-22 03:18 - 00096088 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2014-12-05 23:09 - 2013-10-22 00:15 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-12-05 23:09 - 2013-10-21 23:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-12-05 23:09 - 2013-10-21 22:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-12-05 23:09 - 2013-10-21 21:22 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-05 23:09 - 2013-10-21 21:13 - 01704448 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 23:09 - 2013-10-18 23:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-12-05 23:09 - 2013-10-18 22:14 - 00888832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-12-05 23:09 - 2013-10-12 22:06 - 00258904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-12-05 23:09 - 2013-10-10 11:26 - 00317616 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-12-05 23:09 - 2013-10-10 11:26 - 00104320 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-05 23:09 - 2013-10-10 09:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-12-05 23:09 - 2013-10-10 09:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-05 23:09 - 2013-10-10 06:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-12-05 23:09 - 2013-10-08 05:28 - 00523096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-12-05 23:09 - 2013-10-08 01:46 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-12-05 23:09 - 2013-10-08 00:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-12-05 23:09 - 2013-10-08 00:48 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-05 23:09 - 2013-10-08 00:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-05 23:09 - 2013-10-07 23:50 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-12-05 23:09 - 2013-10-07 23:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2014-12-05 23:09 - 2013-10-07 02:21 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 23:09 - 2013-10-05 10:25 - 00057176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2014-12-05 23:09 - 2013-10-05 07:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-12-05 23:09 - 2013-10-05 06:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-12-05 23:09 - 2013-10-05 04:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-05 23:09 - 2013-10-05 04:07 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-12-05 23:09 - 2013-10-05 03:55 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2014-12-05 23:09 - 2013-10-05 03:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-05 23:09 - 2013-10-05 03:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2014-12-05 23:09 - 2013-10-05 03:15 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-12-05 23:09 - 2013-10-05 02:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-12-05 23:09 - 2013-09-17 04:06 - 00465960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-05 23:09 - 2013-09-17 01:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-05 23:09 - 2013-09-16 23:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2014-12-05 23:09 - 2013-09-14 09:00 - 00391512 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-12-05 23:09 - 2013-09-14 07:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-12-05 23:09 - 2013-09-14 05:05 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-12-05 23:09 - 2013-09-14 04:11 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2014-12-05 23:09 - 2013-09-13 03:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-12-05 23:09 - 2013-09-13 02:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-12-05 23:09 - 2013-09-12 03:45 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-12-05 23:09 - 2013-09-12 03:08 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-12-05 23:09 - 2013-09-12 03:08 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-12-05 23:09 - 2013-09-12 03:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-12-05 23:09 - 2013-09-12 02:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-12-05 23:09 - 2013-09-12 02:37 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-12-05 23:09 - 2013-09-12 02:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-12-05 23:09 - 2013-09-12 02:16 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-12-05 23:09 - 2013-09-12 02:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2014-12-05 23:09 - 2013-09-09 23:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2014-12-05 23:08 - 2013-10-10 06:26 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-12-05 23:08 - 2013-10-10 06:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-12-05 23:08 - 2013-10-10 05:34 - 01085952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-12-05 23:08 - 2013-10-10 05:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-12-05 23:07 - 2013-11-10 21:48 - 00039768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-05 23:07 - 2013-11-09 01:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2014-12-05 23:07 - 2013-11-09 00:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2014-12-05 23:07 - 2013-11-08 05:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-12-05 23:07 - 2013-11-08 00:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2014-12-05 23:07 - 2013-11-07 23:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-12-05 23:07 - 2013-11-07 23:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-12-05 23:07 - 2013-11-07 23:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-12-05 23:07 - 2013-11-07 23:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-12-05 23:07 - 2013-11-07 22:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-12-05 23:07 - 2013-11-07 22:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-12-05 23:07 - 2013-11-05 09:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-12-05 23:07 - 2013-11-05 08:17 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-12-05 23:07 - 2013-11-04 08:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-12-05 23:07 - 2013-11-04 05:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-12-05 23:07 - 2013-11-03 21:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-12-05 23:07 - 2013-11-01 06:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-05 23:07 - 2013-11-01 01:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2014-12-05 23:07 - 2013-11-01 00:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2014-12-05 23:07 - 2013-10-30 19:58 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-12-05 23:07 - 2013-10-30 19:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-05 23:07 - 2013-10-30 19:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-12-05 23:07 - 2013-10-30 19:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-05 23:07 - 2013-10-25 20:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2014-12-05 23:07 - 2013-10-24 04:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-12-05 23:07 - 2013-10-24 04:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-12-05 23:07 - 2013-10-17 06:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-12-05 23:07 - 2013-10-17 05:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-12-05 23:07 - 2013-10-10 06:53 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-12-05 23:07 - 2013-10-10 06:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-12-05 23:06 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-05 23:06 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-05 23:06 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-05 23:06 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-05 23:06 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-05 23:06 - 2013-10-19 03:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-12-05 23:06 - 2013-10-19 02:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-12-05 23:06 - 2013-10-03 04:16 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-12-05 23:06 - 2013-10-03 04:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-12-05 23:06 - 2013-10-02 06:00 - 01286552 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-12-05 23:06 - 2013-10-02 04:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-12-05 23:06 - 2013-09-30 22:42 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-12-05 23:06 - 2013-09-30 22:36 - 00977408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-12-05 23:05 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-05 23:05 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-05 23:05 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-05 23:04 - 2014-01-31 11:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-12-05 23:04 - 2014-01-31 11:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-05 23:04 - 2014-01-31 11:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-12-05 23:04 - 2014-01-31 08:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-12-05 23:04 - 2014-01-31 04:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-12-05 23:04 - 2014-01-29 03:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-12-05 23:04 - 2014-01-29 03:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-12-05 23:04 - 2014-01-29 03:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-12-05 23:04 - 2014-01-29 03:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-05 23:04 - 2014-01-29 02:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-12-05 23:04 - 2014-01-29 02:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-12-05 23:04 - 2014-01-29 02:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-12-05 23:04 - 2014-01-29 01:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-12-05 23:04 - 2014-01-28 19:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-12-05 23:04 - 2014-01-27 14:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-12-05 23:04 - 2014-01-27 14:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-05 23:04 - 2014-01-27 14:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-12-05 23:04 - 2014-01-27 13:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-12-05 23:04 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-05 23:04 - 2014-01-27 13:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-12-05 23:04 - 2014-01-27 13:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-05 23:04 - 2014-01-27 12:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-05 23:04 - 2014-01-27 12:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-12-05 23:04 - 2014-01-27 12:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-12-05 23:04 - 2014-01-27 10:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-05 23:04 - 2014-01-27 10:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-05 23:04 - 2014-01-27 06:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-12-05 23:04 - 2014-01-17 18:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-05 23:04 - 2014-01-17 16:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-05 23:04 - 2013-12-21 09:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-12-05 23:04 - 2013-12-21 03:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-12-05 23:04 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-12-05 23:04 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-12-05 23:04 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-12-05 22:58 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-05 22:58 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-12-05 22:58 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-12-05 22:58 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-05 22:58 - 2013-10-23 06:01 - 00872840 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-12-05 22:58 - 2013-10-12 21:48 - 00136536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-12-05 22:58 - 2013-10-12 16:48 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-12-05 22:58 - 2013-10-12 16:34 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-12-05 22:57 - 2014-03-10 05:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-05 22:57 - 2014-03-10 05:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-12-05 22:57 - 2014-03-06 04:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-05 22:57 - 2014-03-06 04:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-05 22:57 - 2014-03-06 01:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-05 22:57 - 2014-03-06 01:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-05 22:57 - 2013-11-22 23:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-05 22:57 - 2013-11-22 23:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-05 22:57 - 2013-10-23 03:59 - 00698232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-12-05 22:57 - 2013-10-05 09:21 - 01341288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-05 22:57 - 2013-10-05 03:39 - 01067008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-05 22:56 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-05 22:56 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-05 22:56 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-05 22:56 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-05 22:56 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-05 22:56 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-05 22:56 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-05 22:56 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-05 22:56 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-05 22:56 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-05 22:56 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-05 22:56 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-05 22:56 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-05 22:56 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-05 22:56 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-05 22:56 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-05 22:56 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-05 22:56 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-05 22:56 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-05 22:56 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-05 22:56 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-05 22:56 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-05 22:56 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-05 22:56 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-05 22:56 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-05 22:56 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-05 22:56 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-05 22:56 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-05 22:56 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-05 22:56 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-05 22:56 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-05 22:56 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-05 22:56 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-05 22:56 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-05 22:56 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-12-05 22:56 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-05 22:47 - 2013-11-27 10:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-12-05 22:47 - 2013-11-27 06:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-12-05 22:47 - 2013-11-27 03:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-05 22:47 - 2013-11-27 03:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-05 22:47 - 2013-11-27 03:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-12-05 22:47 - 2013-11-27 03:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-12-05 22:44 - 2014-04-19 06:15 - 21186352 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-05 22:44 - 2014-04-19 01:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-05 22:43 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-05 22:43 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-05 22:43 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-12-05 22:43 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-12-05 22:43 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-05 22:43 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-05 22:39 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-12-05 22:39 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-12-05 22:39 - 2014-01-04 09:03 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-05 22:39 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-12-05 22:39 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-12-05 22:39 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-12-05 22:39 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-12-05 22:38 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-12-05 22:38 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-12-05 22:38 - 2014-01-04 08:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-05 22:38 - 2013-12-20 21:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-12-05 22:38 - 2013-12-20 21:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-12-05 22:34 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-05 22:34 - 2013-10-16 10:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-05 22:34 - 2013-10-16 08:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-05 22:33 - 2013-10-15 03:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-12-05 22:33 - 2013-10-15 03:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-12-05 22:32 - 2013-12-08 19:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-12-05 22:32 - 2013-11-09 01:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-12-05 22:32 - 2013-11-09 01:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-12-05 22:32 - 2013-11-09 00:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-31 21:01 - 2014-06-28 08:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AAC609C1-1131-4CEB-8F78-3727F64F2ED7}
2014-12-31 21:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-31 08:31 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-30 04:40 - 2014-06-28 07:42 - 00000000 ____D () C:\Users\compaq
2014-12-27 15:25 - 2014-06-28 08:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257356177-2383744274-2500186646-1001
2014-12-25 12:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-12-22 13:05 - 2014-06-28 09:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 07:32 - 2014-06-28 09:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-17 19:24 - 2014-06-28 07:43 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 04:30 - 2014-06-28 08:04 - 00000000 ____D () C:\Windows\Panther
2014-12-10 13:46 - 2014-06-28 07:42 - 00000000 ____D () C:\Users\compaq\AppData\Roaming\Adobe
2014-12-08 07:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-07 05:09 - 2013-08-22 09:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-07 05:05 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-07 05:05 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-07 05:04 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-07 05:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-06 22:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore

Some content of TEMP:
====================
C:\Users\compaq\AppData\Local\Temp\dllnt_dump.dll
C:\Users\compaq\AppData\Local\Temp\InstHelper.exe
C:\Users\compaq\AppData\Local\Temp\Quarantine.exe
C:\Users\compaq\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 15:25

==================== End Of Log ============================

 

 

Running from C:\Users\compaq\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ESET NOD32 Antivirus (HKLM\...\{7F39EB28-B9B7-41B8-8564-DB33284A010D}) (Version: 8.0.304.0 - ESET, spol s r. o.)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
SystemAid (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{439f3a51}) (Version:  - Software Publisher) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-12-2014 13:57:43 Windows Update
17-12-2014 17:46:54 Windows Update
22-12-2014 07:29:05 Installed NVIDIA ForceWare Network Access Manager
25-12-2014 10:57:44 Windows Update
27-12-2014 06:01:36 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {24AD7A53-8438-4315-B4E9-B61B7B307424} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {349D2CB7-0DF7-4C1C-A075-6031DCA9D87A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {625D0935-AAA4-4F1E-A736-5E32C5F159BE} - System32\Tasks\Systeye => C:\Program Files (x86)\Systeye\Reg Booster Pro\RegBoosterPro.exe <==== ATTENTION
Task: {6F80906A-0775-4922-B597-0A296E88DC53} - System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {9EEB6C66-A769-4551-AF85-3A59F0A58D9A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {DA2AB2DD-B30E-4C41-9365-7318AEEE7BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-28 09:21 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-04-19 08:34 - 2009-04-19 08:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-04-19 08:34 - 2009-04-19 08:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 08:34 - 2009-04-19 08:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll
2014-06-28 23:05 - 2014-11-26 11:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

========================= Accounts: ==========================

Administrator (S-1-5-21-3257356177-2383744274-2500186646-500 - Administrator - Disabled)
compaq (S-1-5-21-3257356177-2383744274-2500186646-1001 - Administrator - Enabled) => C:\Users\compaq
Guest (S-1-5-21-3257356177-2383744274-2500186646-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3257356177-2383744274-2500186646-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Coprocessor
Description: Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/31/2014 06:09:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (12/30/2014 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff818050565
Faulting process id: 0x8dc
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/30/2014 04:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc8baa0565
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/29/2014 06:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffdb4610565
Faulting process id: 0x89c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/29/2014 04:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffd02200565
Faulting process id: 0x644
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/28/2014 08:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff7c7610565
Faulting process id: 0x840
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/28/2014 06:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc4dfe0565
Faulting process id: 0x630
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/28/2014 09:15:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff7b1180565
Faulting process id: 0x81c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/27/2014 03:15:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffb251c0565
Faulting process id: 0x730
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/27/2014 05:13:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffd61530565
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5


System errors:
=============
Error: (12/31/2014 08:36:47 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (12/31/2014 11:55:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

Error: (12/31/2014 08:32:29 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/31/2014 08:32:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ForceWare Intelligent Application Manager (IAM) service failed to start due to the following error:
%%1053

Error: (12/31/2014 08:32:13 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ForceWare Intelligent Application Manager (IAM) service to connect.

Error: (12/31/2014 08:32:11 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the SystemAid service to connect.

Error: (12/31/2014 08:31:29 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:12:33 PM on ‎12/‎30/‎2014 was unexpected.

Error: (12/30/2014 10:13:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Service KMSELDI service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/30/2014 10:13:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ForceWare Intelligent Application Manager (IAM) service failed to start due to the following error:
%%1053

Error: (12/30/2014 10:13:16 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ForceWare Intelligent Application Manager (IAM) service to connect.


Microsoft Office Sessions:
=========================
Error: (12/31/2014 06:09:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (12/30/2014 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8180505658dc01d0246fe8586ca6C:\Program Files\KMSpico\Service_KMS.exeunknown30b5f21d-9063-11e4-82be-001f165e0195

Error: (12/30/2014 04:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffc8baa05655f401d02414c2df8e65C:\Program Files\KMSpico\Service_KMS.exeunknown0c28079f-9008-11e4-82bc-001f165e0195

Error: (12/29/2014 06:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffdb461056589c01d023bb8cc82db3C:\Program Files\KMSpico\Service_KMS.exeunknownd5941a49-8fae-11e4-82ba-001f165e0195

Error: (12/29/2014 04:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffd0220056564401d023ad420f4071C:\Program Files\KMSpico\Service_KMS.exeunknown8c2bf58c-8fa0-11e4-82b9-001f165e0195

Error: (12/28/2014 08:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff7c761056584001d02305584a7c8aC:\Program Files\KMSpico\Service_KMS.exeunknownc0cb7c53-8ef8-11e4-82b8-001f165e0195

Error: (12/28/2014 06:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffc4dfe056563001d022f9d357192fC:\Program Files\KMSpico\Service_KMS.exeunknown2ead4729-8eed-11e4-82b7-00242b2e74e3

Error: (12/28/2014 09:15:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff7b118056581c01d022a891418a48C:\Program Files\KMSpico\Service_KMS.exeunknownfa482877-8e9b-11e4-82b6-001f165e0195

Error: (12/27/2014 03:15:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffb251c056573001d02211ca2bdac0C:\Program Files\KMSpico\Service_KMS.exeunknown136697bf-8e05-11e4-82b4-001f165e0195

Error: (12/27/2014 05:13:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffd615305655f401d021bdbbd726a7C:\Program Files\KMSpico\Service_KMS.exeunknown11307340-8db1-11e4-82b3-001f165e0195


==================== Memory info ===========================

Processor: AMD Athlon Dual-Core QL-62
Percentage of memory in use: 66%
Total physical RAM: 1790.42 MB
Available physical RAM: 598.32 MB
Total Pagefile: 3006.42 MB
Available Pagefile: 1554.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.66 GB) (Free:197.01 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D900954)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 01 January 2015 - 09:31 AM

SystemAid (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{439f3a51}) (Version: - Software Publisher) <==== ATTENTION


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM-x32\...\Run: [gmsd_us_8] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-21-3257356177-2383744274-2500186646-1002] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3257356177-2383744274-2500186646-1002 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF HKLM\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{121C6AF3-6778-4360-AFDB-57BD4E3E4343}] - C:\Program Files\Playzy\Firefox
CHR dev: Chrome dev build detected! <======= ATTENTION
S2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [1050904 2013-12-11] () [File not signed]
S2 439f3a51; "C:\Windows\system32\rundll32.exe" "c:\Program Files (x86)\SystemAid\SystemAid.dll",serv
C:\Users\compaq\AppData\Local\Temp\dllnt_dump.dll
C:\Users\compaq\AppData\Local\Temp\InstHelper.exe
c:\Program Files (x86)\SystemAid
C:\Program Files\Playzy

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#5 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 01 January 2015 - 08:11 PM

My browser keeps freezing and getting unresponsive and flash players keep crashing repeatadly.

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-12-2014
Ran by compaq (administrator) on RANDALL on 01-01-2015 20:03:57
Running from C:\Users\compaq\Desktop\New folder
Loaded Profile: compaq (Available profiles: compaq & UpdatusUser)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1234216 2008-03-28] (Synaptics, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7063832 2014-11-21] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{24DB162A-3DCD-4637-974D-C57737A68310}: [NameServer] 31.168.224.106,5.135.12.52

FireFox:
========
FF ProfilePath: C:\Users\compaq\AppData\Roaming\Mozilla\Firefox\Profiles\zbj2ibl7.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1349576 2014-10-01] (ESET)
S2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwnx.sys [3680256 2013-06-18] (Qualcomm Atheros Communications, Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [158968 2014-09-18] (ESET)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-31] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 WinDivert1.1; C:\Program Files\KMSpico\WinDivert.sys [35376 2014-06-28] (Basil Projects)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 19:59 - 2015-01-01 19:59 - 00000000 _____ () C:\Users\compaq\Desktop\FRST.txt
2015-01-01 19:58 - 2015-01-01 20:03 - 00000000 ____D () C:\Users\compaq\Desktop\New folder
2014-12-31 21:15 - 2014-12-31 21:16 - 00018496 _____ () C:\Users\compaq\Desktop\Addition.txt
2014-12-31 21:12 - 2015-01-01 20:04 - 00000000 ____D () C:\FRST
2014-12-31 20:35 - 2014-12-31 20:36 - 15298136 _____ () C:\Users\compaq\Desktop\RogueKiller.exe
2014-12-27 06:02 - 2014-12-27 06:02 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-27 06:01 - 2014-12-27 06:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-12-27 06:01 - 2014-12-27 06:01 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-12-27 05:59 - 2014-12-27 06:00 - 26771088 _____ () C:\Users\compaq\Downloads\SeaToolsforWindowsSetup.exe
2014-12-27 04:21 - 2014-12-31 20:36 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-27 04:21 - 2014-12-27 04:21 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-27 04:20 - 2014-12-27 04:21 - 15298136 _____ () C:\Users\compaq\Downloads\RogueKiller.exe
2014-12-27 04:16 - 2014-12-27 04:16 - 00000310 _____ () C:\Windows\PFRO.log
2014-12-27 04:09 - 2014-12-27 04:14 - 00000000 ____D () C:\AdwCleaner
2014-12-27 04:08 - 2014-12-27 04:08 - 02173952 _____ () C:\Users\compaq\Downloads\adwcleaner_4.106.exe
2014-12-27 04:07 - 2015-01-01 20:01 - 00586431 _____ () C:\Windows\WindowsUpdate.log
2014-12-27 04:05 - 2014-12-27 04:05 - 00852505 _____ () C:\Users\compaq\Downloads\SecurityCheck.exe
2014-12-27 04:04 - 2014-12-27 04:31 - 00007730 _____ () C:\Users\compaq\Desktop\New Text Document.txt
2014-12-27 02:23 - 2014-12-27 02:23 - 00000000 ____D () C:\Users\compaq\AppData\Roaming\SUPERAntiSpyware.com
2014-12-27 02:18 - 2014-12-27 02:18 - 00001820 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-12-27 02:18 - 2014-12-27 02:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-12-27 02:17 - 2014-12-27 03:52 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-27 02:17 - 2014-12-27 02:17 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-12-27 02:17 - 2014-12-27 02:17 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-12-27 02:16 - 2014-12-27 02:17 - 20846536 _____ (SUPERAntiSpyware) C:\Users\compaq\Downloads\SUPERAntiSpyware.exe
2014-12-27 02:14 - 2014-12-27 02:14 - 00000000 ____D () C:\Users\compaq\AppData\Local\ESET
2014-12-27 02:09 - 2014-12-27 02:10 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\compaq\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\ProgramData\ESET
2014-12-27 02:02 - 2014-12-27 02:02 - 00000000 ____D () C:\Program Files\ESET
2014-12-27 01:58 - 2014-12-27 01:58 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(3).exe
2014-12-27 01:51 - 2014-12-27 01:51 - 00671432 _____ (ESET) C:\Users\compaq\Downloads\ESETUninstaller(1).exe
2014-12-27 01:42 - 2014-12-27 01:52 - 00020837 _____ () C:\Users\compaq\Downloads\~ESETUninstaller.log
2014-12-27 01:42 - 2014-12-27 01:42 - 00671432 _____ (ESET) C:\Users\compaq\Downloads\ESETUninstaller.exe
2014-12-27 01:31 - 2014-12-27 01:31 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(2).exe
2014-12-27 01:30 - 2014-12-27 01:31 - 01064248 _____ (Download Manager) C:\Users\compaq\Downloads\setup.exe
2014-12-27 01:30 - 2014-12-27 01:30 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer(1).exe
2014-12-27 01:29 - 2014-12-27 01:29 - 00000000 ____D () C:\Program Files (x86)\buyufast
2014-12-27 01:12 - 2014-12-27 01:12 - 01761992 _____ (ESET) C:\Users\compaq\Downloads\eset_nod32_antivirus_live_installer.exe
2014-12-26 19:43 - 2014-12-27 01:29 - 00000000 ____D () C:\ProgramData\buyufast
2014-12-23 10:52 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2014-12-23 10:52 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2014-12-22 07:37 - 2014-12-22 07:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-12-22 07:35 - 2014-12-22 07:35 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 07:27 - 2009-04-30 12:46 - 00702976 _____ () C:\Windows\system32\cohelper.dll
2014-12-22 07:27 - 2009-04-29 05:27 - 00005940 _____ () C:\Windows\system32\Drivers\nvphy.bin
2014-12-22 07:27 - 2009-04-26 09:32 - 00506400 _____ (NVIDIA Corporation) C:\Windows\system32\NVUNINST.EXE
2014-12-22 07:20 - 2014-12-22 07:21 - 43627880 _____ (NVIDIA Corporation ) C:\Users\compaq\Downloads\15.35_nforce_win7_64bit_international_whql.exe
2014-12-18 13:03 - 2014-12-31 20:11 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-18 01:09 - 2014-12-18 01:09 - 00003184 _____ () C:\Windows\System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687}
2014-12-18 01:05 - 2014-12-18 01:05 - 00003098 _____ () C:\Windows\System32\Tasks\Systeye
2014-12-17 20:18 - 2014-12-17 20:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-12-14 04:27 - 2014-12-14 04:27 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-12-14 04:27 - 2014-12-14 04:27 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-14 04:26 - 2014-12-14 04:27 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-10 13:43 - 2014-12-10 13:43 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-10 13:43 - 2014-12-10 13:43 - 00002039 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-12-10 13:42 - 2014-12-10 13:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-10 13:40 - 2014-12-10 23:44 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-10 00:16 - 2014-12-10 00:16 - 00000000 ____D () C:\Users\compaq\AppData\Local\Downloaded Installations
2014-12-09 14:48 - 2014-12-09 14:48 - 03981488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-12-07 05:11 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-07 05:11 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-06 22:56 - 2014-12-17 18:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-06 22:55 - 2014-12-17 17:54 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-06 12:22 - 2014-12-06 12:22 - 00000000 ____D () C:\Users\compaq\AppData\Local\Temp4206
2014-12-06 09:32 - 2014-12-27 02:14 - 00000000 ____D () C:\ProgramData\2355320829
2014-12-05 23:32 - 2014-12-05 23:32 - 00000000 ____D () C:\Users\compaq\AppData\Local\Macromedia
2014-12-05 23:30 - 2015-01-01 19:50 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-05 23:30 - 2014-12-25 11:26 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-05 23:30 - 2014-12-05 23:30 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-05 23:28 - 2014-12-25 12:46 - 00000000 ____D () C:\Users\compaq\AppData\Local\Adobe
2014-12-05 23:21 - 2013-12-11 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2014-12-05 23:21 - 2013-11-27 10:34 - 03210528 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-12-05 23:21 - 2013-11-27 08:47 - 02804528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-12-05 23:21 - 2013-11-27 03:20 - 04106240 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-12-05 23:21 - 2013-11-26 08:20 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-12-05 23:21 - 2013-11-26 08:20 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-12-05 23:21 - 2013-11-24 20:32 - 01119064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-12-05 23:21 - 2013-11-23 02:08 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-12-05 23:21 - 2013-11-22 23:50 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2014-12-05 23:21 - 2013-11-22 22:19 - 02617344 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-12-05 23:21 - 2013-11-22 22:15 - 02295808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-12-05 23:21 - 2013-11-21 01:26 - 01415680 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-12-05 23:21 - 2013-11-15 09:08 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-12-05 23:21 - 2013-11-15 08:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-12-05 23:20 - 2013-12-08 19:34 - 01227264 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-12-05 23:20 - 2013-12-08 19:04 - 00980480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-12-05 23:20 - 2013-11-27 10:27 - 00809872 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-12-05 23:20 - 2013-11-27 09:00 - 00663680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-12-05 23:20 - 2013-11-27 07:02 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ipnat.sys
2014-12-05 23:20 - 2013-11-27 05:24 - 00306688 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-12-05 23:20 - 2013-11-27 04:46 - 00273920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-12-05 23:20 - 2013-11-27 04:41 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2014-12-05 23:20 - 2013-11-27 04:17 - 00263168 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2014-12-05 23:20 - 2013-11-27 04:10 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.dll
2014-12-05 23:20 - 2013-11-27 03:58 - 01503232 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-12-05 23:20 - 2013-11-27 03:56 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.dll
2014-12-05 23:20 - 2013-11-26 06:44 - 01204968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-12-05 23:20 - 2013-11-24 20:45 - 00142680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-12-05 23:20 - 2013-11-24 18:30 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-12-05 23:20 - 2013-11-24 18:28 - 00589824 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-12-05 23:20 - 2013-11-23 07:47 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-12-05 23:20 - 2013-11-23 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\bi.dll
2014-12-05 23:20 - 2013-11-23 02:13 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BtaMPM.sys
2014-12-05 23:20 - 2013-11-21 01:58 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\deviceregistration.dll
2014-12-05 23:20 - 2013-11-15 09:59 - 00470016 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2014-12-05 23:20 - 2013-11-15 09:25 - 00433664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2014-12-05 23:20 - 2013-10-30 19:29 - 00745336 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-12-05 23:20 - 2013-10-30 18:41 - 00552624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-12-05 23:19 - 2013-12-14 01:19 - 18576384 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-12-05 23:18 - 2013-12-14 01:31 - 13949440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-12-05 23:17 - 2014-01-07 20:46 - 00325464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2014-12-05 23:17 - 2014-01-07 20:41 - 01530712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-12-05 23:17 - 2014-01-07 20:41 - 00382808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-12-05 23:17 - 2014-01-04 10:54 - 00138240 _____ () C:\Windows\system32\OEMLicense.dll
2014-12-05 23:17 - 2014-01-04 10:08 - 00103936 _____ () C:\Windows\SysWOW64\OEMLicense.dll
2014-12-05 23:17 - 2014-01-04 09:08 - 00206336 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2014-12-05 23:17 - 2014-01-04 08:53 - 00174592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2014-12-05 23:17 - 2014-01-02 18:54 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-12-05 23:17 - 2014-01-02 18:48 - 00336896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-12-05 23:17 - 2013-12-31 20:55 - 01720560 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-12-05 23:17 - 2013-12-31 20:52 - 00481944 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-12-05 23:17 - 2013-12-31 19:56 - 01472048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-12-05 23:17 - 2013-12-31 19:55 - 00381168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-12-05 23:17 - 2013-12-31 18:59 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-12-05 23:17 - 2013-12-31 18:57 - 01214976 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-12-05 23:17 - 2013-12-31 18:56 - 00960512 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-12-05 23:17 - 2013-12-30 18:34 - 00218112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sti.dll
2014-12-05 23:17 - 2013-12-30 18:33 - 00770560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2014-12-05 23:17 - 2013-12-30 18:32 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\sti.dll
2014-12-05 23:17 - 2013-12-30 18:31 - 00947712 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2014-12-05 23:17 - 2013-12-30 18:31 - 00914944 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2014-12-05 23:17 - 2013-12-27 10:09 - 00419160 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2014-12-05 23:17 - 2013-12-27 03:57 - 00842752 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.dll
2014-12-05 23:17 - 2013-12-27 03:57 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2014-12-05 23:17 - 2013-12-27 03:23 - 00749056 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2014-12-05 23:17 - 2013-12-27 02:03 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsSpellCheckingFacility.dll
2014-12-05 23:17 - 2013-12-27 02:03 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2014-12-05 23:17 - 2013-12-27 01:37 - 00588800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2014-12-05 23:17 - 2013-12-21 02:21 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\pnrpsvc.dll
2014-12-05 23:17 - 2013-12-17 02:21 - 00408576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdbss.sys
2014-12-05 23:17 - 2013-12-13 05:54 - 00131160 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2014-12-05 23:17 - 2013-12-13 01:36 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2014-12-05 23:17 - 2013-12-13 00:32 - 00140800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2014-12-05 23:17 - 2013-11-04 06:50 - 02143744 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-12-05 23:17 - 2013-11-03 20:30 - 01765376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2014-12-05 23:17 - 2013-10-05 09:21 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-12-05 23:17 - 2013-10-05 09:21 - 00516496 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-12-05 23:17 - 2013-10-05 07:05 - 01765384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-12-05 23:17 - 2013-10-05 07:05 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-12-05 23:17 - 2013-09-26 01:51 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-12-05 23:17 - 2013-09-26 01:34 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2014-12-05 23:17 - 2013-09-26 01:34 - 00515072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2014-12-05 23:15 - 2013-09-24 00:05 - 01245696 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2014-12-05 23:15 - 2013-09-21 01:33 - 11366912 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2014-12-05 23:15 - 2013-09-21 00:34 - 01555456 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2014-12-05 23:15 - 2013-09-21 00:10 - 12028416 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-12-05 23:14 - 2013-09-26 04:20 - 00556032 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2014-12-05 23:14 - 2013-09-25 05:25 - 00783504 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2014-12-05 23:14 - 2013-09-25 03:58 - 00648648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2014-12-05 23:14 - 2013-09-25 00:40 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\windows.immersiveshell.serviceprovider.dll
2014-12-05 23:14 - 2013-09-24 00:54 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-12-05 23:14 - 2013-09-24 00:10 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-12-05 23:14 - 2013-09-23 22:56 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.ContentPrefetchTask.dll
2014-12-05 23:14 - 2013-09-21 07:10 - 00579416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-12-05 23:14 - 2013-09-21 07:10 - 00236376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-05 23:14 - 2013-09-21 07:10 - 00151384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-05 23:14 - 2013-09-21 06:50 - 00528048 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-12-05 23:14 - 2013-09-21 06:48 - 00534048 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-12-05 23:14 - 2013-09-21 06:48 - 00123480 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-12-05 23:14 - 2013-09-21 05:56 - 00101208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-12-05 23:14 - 2013-09-21 05:53 - 01534504 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00996320 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00934856 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2014-12-05 23:14 - 2013-09-21 05:53 - 00366688 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2014-12-05 23:14 - 2013-09-21 05:45 - 00171968 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-12-05 23:14 - 2013-09-21 04:23 - 00427096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-12-05 23:14 - 2013-09-21 04:23 - 00098104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-12-05 23:14 - 2013-09-21 04:12 - 01092896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2014-12-05 23:14 - 2013-09-21 04:09 - 00796928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2014-12-05 23:14 - 2013-09-21 04:09 - 00312936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2014-12-05 23:14 - 2013-09-21 02:58 - 00675328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-12-05 23:14 - 2013-09-21 02:57 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-12-05 23:14 - 2013-09-21 02:55 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2014-12-05 23:14 - 2013-09-21 02:50 - 00240128 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2014-12-05 23:14 - 2013-09-21 02:17 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2014-12-05 23:14 - 2013-09-21 01:55 - 00168448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2014-12-05 23:14 - 2013-09-21 00:59 - 00940544 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-12-05 23:14 - 2013-09-21 00:57 - 00363520 _____ (Microsoft Corporation) C:\Windows\system32\livessp.dll
2014-12-05 23:14 - 2013-09-21 00:56 - 08712704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2014-12-05 23:14 - 2013-09-21 00:43 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-12-05 23:14 - 2013-09-21 00:38 - 00365568 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2014-12-05 23:14 - 2013-09-21 00:31 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-12-05 23:14 - 2013-09-21 00:26 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2014-12-05 23:14 - 2013-09-21 00:05 - 08875008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-12-05 23:14 - 2013-09-21 00:02 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2014-12-05 23:14 - 2013-09-20 23:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2014-12-05 23:14 - 2013-09-20 23:44 - 01662464 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2014-12-05 23:14 - 2013-09-20 23:39 - 01455616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2014-12-05 23:14 - 2013-09-20 23:38 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-12-05 23:14 - 2013-09-20 23:37 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\efswrt.dll
2014-12-05 23:14 - 2013-09-20 23:36 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-12-05 23:14 - 2013-09-19 01:17 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\sysmon.ocx
2014-12-05 23:14 - 2013-09-19 00:29 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sysmon.ocx
2014-12-05 23:14 - 2013-09-19 00:08 - 01150976 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2014-12-05 23:14 - 2013-09-19 00:01 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2014-12-05 23:14 - 2013-09-18 23:37 - 00802816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2014-12-05 23:14 - 2013-09-18 23:32 - 00314368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2014-12-05 23:14 - 2013-09-18 23:27 - 01730560 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2014-12-05 23:14 - 2013-09-18 23:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-12-05 23:14 - 2013-09-18 23:25 - 00471552 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-12-05 23:14 - 2013-09-18 23:11 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2014-12-05 23:14 - 2013-09-18 23:10 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-12-05 23:14 - 2013-09-18 22:59 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-12-05 23:14 - 2013-09-18 22:55 - 00552448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2014-12-05 23:14 - 2013-09-18 22:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-12-05 23:14 - 2013-09-18 22:32 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-12-05 23:14 - 2013-09-17 04:18 - 00467800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-12-05 23:14 - 2013-09-17 00:15 - 01225728 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2014-12-05 23:14 - 2013-09-17 00:00 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2014-12-05 23:14 - 2013-09-16 23:08 - 00738304 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2014-12-05 23:14 - 2013-09-14 09:06 - 00175960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\VerifierExt.sys
2014-12-05 23:14 - 2013-09-14 09:06 - 00066904 _____ (Microsoft Corporation) C:\Windows\system32\PSHED.DLL
2014-12-05 23:14 - 2013-09-13 04:52 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\SensorsClassExtension.dll
2014-12-05 23:14 - 2013-09-13 03:54 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2014-12-05 23:14 - 2013-09-13 02:55 - 00233984 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2014-12-05 23:14 - 2013-09-13 02:30 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2014-12-05 23:14 - 2013-09-12 02:37 - 00459776 _____ (Microsoft Corporation) C:\Windows\system32\wcncsvc.dll
2014-12-05 23:14 - 2013-09-11 04:31 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-12-05 23:14 - 2013-09-11 04:31 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-12-05 23:14 - 2013-09-11 02:41 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore.dll
2014-12-05 23:14 - 2013-09-11 02:09 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore.dll
2014-12-05 23:14 - 2013-09-07 07:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\fdprint.dll
2014-12-05 23:14 - 2013-09-07 07:29 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCenter.dll
2014-12-05 23:14 - 2013-09-07 06:45 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\CryptoWinRT.dll
2014-12-05 23:14 - 2013-09-07 06:13 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2014-12-05 23:14 - 2013-09-07 06:07 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\TetheringMgr.dll
2014-12-05 23:14 - 2013-09-07 05:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2014-12-05 23:14 - 2013-09-07 05:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2014-12-05 23:14 - 2013-09-05 02:39 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-12-05 23:14 - 2013-09-05 01:42 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Utilman.exe
2014-12-05 23:14 - 2013-09-04 02:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-12-05 23:14 - 2013-09-04 01:16 - 00358912 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2014-12-05 23:14 - 2013-09-04 00:47 - 00492032 _____ (Microsoft Corporation) C:\Windows\system32\tpmvsc.dll
2014-12-05 23:14 - 2013-09-04 00:12 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\DscCoreConfProv.dll
2014-12-05 23:14 - 2013-09-03 23:57 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\DscCore.dll
2014-12-05 23:14 - 2013-09-03 23:48 - 00326656 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2014-12-05 23:14 - 2013-09-03 23:35 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2014-12-05 23:14 - 2013-08-31 09:18 - 00205024 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-12-05 23:14 - 2013-08-31 07:15 - 00180232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-12-05 23:14 - 2013-08-31 07:04 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\riched20.dll
2014-12-05 23:14 - 2013-08-30 02:31 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\AxInstSv.dll
2014-12-05 23:14 - 2013-08-28 02:55 - 00334336 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-12-05 23:14 - 2013-08-28 02:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\msra.exe
2014-12-05 23:14 - 2013-08-28 02:09 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\rdsdwmdr.dll
2014-12-05 23:14 - 2013-08-27 01:09 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\WebcamUi.dll
2014-12-05 23:14 - 2013-08-27 00:24 - 00813568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebcamUi.dll
2014-12-05 23:13 - 2013-09-26 02:32 - 00638464 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2014-12-05 23:13 - 2013-09-26 02:14 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2014-12-05 23:13 - 2013-09-25 02:32 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2014-12-05 23:13 - 2013-09-24 01:55 - 00284160 _____ (Microsoft Corporation) C:\Windows\system32\mcbuilder.exe
2014-12-05 23:13 - 2013-09-24 00:59 - 00253952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mcbuilder.exe
2014-12-05 23:13 - 2013-09-21 01:01 - 00200704 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2014-12-05 23:13 - 2013-09-21 00:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-12-05 23:13 - 2013-09-21 00:20 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-12-05 23:13 - 2013-09-21 00:09 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-12-05 23:13 - 2013-09-20 23:38 - 00102400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\efswrt.dll
2014-12-05 23:13 - 2013-09-19 02:19 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersRes.dll
2014-12-05 23:13 - 2013-09-19 01:39 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.dll
2014-12-05 23:13 - 2013-09-19 01:27 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2014-12-05 23:13 - 2013-09-19 01:23 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WorkFoldersRes.dll
2014-12-05 23:13 - 2013-09-19 00:47 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.dll
2014-12-05 23:13 - 2013-09-17 01:58 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-12-05 23:13 - 2013-09-17 00:26 - 00079360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-12-05 23:13 - 2013-09-16 23:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2014-12-05 23:13 - 2013-09-16 22:28 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2014-12-05 23:13 - 2013-09-14 06:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-12-05 23:13 - 2013-09-13 03:10 - 00288256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2014-12-05 23:13 - 2013-09-07 07:00 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdprint.dll
2014-12-05 23:13 - 2013-09-07 06:50 - 00482816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceCenter.dll
2014-12-05 23:13 - 2013-09-07 06:30 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2014-12-05 23:13 - 2013-09-07 06:22 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CryptoWinRT.dll
2014-12-05 23:13 - 2013-09-05 00:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Utilman.exe
2014-12-05 23:13 - 2013-08-31 05:46 - 00513536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\riched20.dll
2014-12-05 23:13 - 2013-08-31 05:00 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-12-05 23:13 - 2013-08-31 04:25 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-12-05 23:10 - 2013-10-22 02:55 - 02328872 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-12-05 23:10 - 2013-10-22 01:03 - 02065448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-12-05 23:10 - 2013-10-21 22:44 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-12-05 23:10 - 2013-10-21 21:38 - 01362944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-12-05 23:10 - 2013-10-21 20:53 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-12-05 23:10 - 2013-10-18 23:03 - 00531968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-12-05 23:10 - 2013-10-18 22:26 - 01231360 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-12-05 23:10 - 2013-10-16 04:34 - 00518656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2014-12-05 23:10 - 2013-10-16 04:33 - 00631296 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2014-12-05 23:10 - 2013-10-12 21:43 - 00708616 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2014-12-05 23:10 - 2013-10-08 00:50 - 00656384 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2014-12-05 23:10 - 2013-10-08 00:09 - 01160704 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Web.Http.dll
2014-12-05 23:10 - 2013-10-06 21:13 - 03532288 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-05 23:10 - 2013-10-05 09:21 - 00699840 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-12-05 23:10 - 2013-10-05 04:18 - 01011712 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-12-05 23:10 - 2013-10-05 03:56 - 01147904 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2014-12-05 23:10 - 2013-10-05 03:21 - 00920064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2014-12-05 23:10 - 2013-10-05 02:43 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-12-05 23:10 - 2013-10-04 03:10 - 00533504 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2014-12-05 23:10 - 2013-09-17 04:06 - 01067080 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2014-12-05 23:10 - 2013-09-17 01:31 - 00883184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2014-12-05 23:10 - 2013-09-14 09:07 - 02134120 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-12-05 23:10 - 2013-09-14 07:39 - 01799944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-12-05 23:10 - 2013-09-12 02:44 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2014-12-05 23:09 - 2013-10-23 06:29 - 00044936 _____ (Microsoft Corporation) C:\Windows\system32\wldp.dll
2014-12-05 23:09 - 2013-10-23 06:21 - 00155480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-12-05 23:09 - 2013-10-23 06:13 - 00171864 _____ (Microsoft Corporation) C:\Windows\system32\kd_02_8086.dll
2014-12-05 23:09 - 2013-10-22 03:18 - 00096088 _____ (Microsoft Corporation) C:\Windows\system32\embeddedapplauncher.exe
2014-12-05 23:09 - 2013-10-22 00:15 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2014-12-05 23:09 - 2013-10-21 23:04 - 00618496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2014-12-05 23:09 - 2013-10-21 22:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-12-05 23:09 - 2013-10-21 21:22 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-12-05 23:09 - 2013-10-21 21:13 - 01704448 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-05 23:09 - 2013-10-18 23:48 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-12-05 23:09 - 2013-10-18 22:14 - 00888832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-12-05 23:09 - 2013-10-12 22:06 - 00258904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2014-12-05 23:09 - 2013-10-10 11:26 - 00317616 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-12-05 23:09 - 2013-10-10 11:26 - 00104320 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-12-05 23:09 - 2013-10-10 09:53 - 00235960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-12-05 23:09 - 2013-10-10 09:53 - 00088272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-05 23:09 - 2013-10-10 06:38 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-12-05 23:09 - 2013-10-08 05:28 - 00523096 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2014-12-05 23:09 - 2013-10-08 01:46 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2014-12-05 23:09 - 2013-10-08 00:58 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shsetup.dll
2014-12-05 23:09 - 2013-10-08 00:48 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2014-12-05 23:09 - 2013-10-08 00:15 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2014-12-05 23:09 - 2013-10-07 23:50 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-12-05 23:09 - 2013-10-07 23:50 - 00762368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Web.Http.dll
2014-12-05 23:09 - 2013-10-07 02:21 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-05 23:09 - 2013-10-05 10:25 - 00057176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2014-12-05 23:09 - 2013-10-05 07:05 - 00578952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-12-05 23:09 - 2013-10-05 06:01 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-12-05 23:09 - 2013-10-05 04:36 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-05 23:09 - 2013-10-05 04:07 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2014-12-05 23:09 - 2013-10-05 03:55 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\miutils.dll
2014-12-05 23:09 - 2013-10-05 03:40 - 00795648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-12-05 23:09 - 2013-10-05 03:24 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\miutils.dll
2014-12-05 23:09 - 2013-10-05 03:15 - 00286208 _____ (Microsoft Corporation) C:\Windows\system32\pcsvDevice.dll
2014-12-05 23:09 - 2013-10-05 02:35 - 00411648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-12-05 23:09 - 2013-09-17 04:06 - 00465960 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-12-05 23:09 - 2013-09-17 01:31 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-12-05 23:09 - 2013-09-16 23:37 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2014-12-05 23:09 - 2013-09-14 09:00 - 00391512 _____ (Microsoft Corporation) C:\Windows\system32\tsmf.dll
2014-12-05 23:09 - 2013-09-14 07:33 - 00345552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsmf.dll
2014-12-05 23:09 - 2013-09-14 05:05 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\rdpclip.exe
2014-12-05 23:09 - 2013-09-14 04:11 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2014-12-05 23:09 - 2013-09-13 03:22 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\ftp.exe
2014-12-05 23:09 - 2013-09-13 02:47 - 00049152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ftp.exe
2014-12-05 23:09 - 2013-09-12 03:45 - 00101888 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2014-12-05 23:09 - 2013-09-12 03:08 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2014-12-05 23:09 - 2013-09-12 03:08 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-12-05 23:09 - 2013-09-12 03:02 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2014-12-05 23:09 - 2013-09-12 02:37 - 00245248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2014-12-05 23:09 - 2013-09-12 02:37 - 00184832 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2014-12-05 23:09 - 2013-09-12 02:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2014-12-05 23:09 - 2013-09-12 02:16 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2014-12-05 23:09 - 2013-09-12 02:01 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2014-12-05 23:09 - 2013-09-09 23:52 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\msched.dll
2014-12-05 23:08 - 2013-10-10 06:26 - 02801664 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-12-05 23:08 - 2013-10-10 06:05 - 01019392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-12-05 23:08 - 2013-10-10 05:34 - 01085952 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-12-05 23:08 - 2013-10-10 05:27 - 00869888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-12-05 23:07 - 2013-11-10 21:48 - 00039768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-05 23:07 - 2013-11-09 01:37 - 01756160 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2014-12-05 23:07 - 2013-11-09 00:56 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2014-12-05 23:07 - 2013-11-08 05:26 - 00358896 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2014-12-05 23:07 - 2013-11-08 00:23 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\appmgr.dll
2014-12-05 23:07 - 2013-11-07 23:43 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2014-12-05 23:07 - 2013-11-07 23:42 - 00366080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appmgr.dll
2014-12-05 23:07 - 2013-11-07 23:16 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2014-12-05 23:07 - 2013-11-07 23:15 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2014-12-05 23:07 - 2013-11-07 22:41 - 01302528 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2014-12-05 23:07 - 2013-11-07 22:14 - 00922624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2014-12-05 23:07 - 2013-11-05 09:19 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2014-12-05 23:07 - 2013-11-05 08:17 - 00565248 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-12-05 23:07 - 2013-11-04 08:07 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-12-05 23:07 - 2013-11-04 05:32 - 02570240 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-12-05 23:07 - 2013-11-03 21:28 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-12-05 23:07 - 2013-11-01 06:39 - 00086872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-05 23:07 - 2013-11-01 01:08 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2014-12-05 23:07 - 2013-11-01 00:57 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2014-12-05 23:07 - 2013-10-30 19:58 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-12-05 23:07 - 2013-10-30 19:42 - 07399256 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-12-05 23:07 - 2013-10-30 19:33 - 01476184 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-12-05 23:07 - 2013-10-30 19:33 - 01345536 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-12-05 23:07 - 2013-10-25 20:54 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerCx2.sys
2014-12-05 23:07 - 2013-10-24 04:31 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2014-12-05 23:07 - 2013-10-24 04:12 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2014-12-05 23:07 - 2013-10-17 06:21 - 02896896 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2014-12-05 23:07 - 2013-10-17 05:36 - 02266624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2014-12-05 23:07 - 2013-10-10 06:53 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2014-12-05 23:07 - 2013-10-10 06:21 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2014-12-05 23:06 - 2014-05-08 02:14 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-05 23:06 - 2014-01-07 00:00 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-12-05 23:06 - 2014-01-06 23:30 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-12-05 23:06 - 2013-11-21 01:42 - 04604416 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-12-05 23:06 - 2013-11-21 00:44 - 03936256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-12-05 23:06 - 2013-10-19 03:53 - 00075360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-12-05 23:06 - 2013-10-19 02:14 - 00070680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-12-05 23:06 - 2013-10-03 04:16 - 00294400 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2014-12-05 23:06 - 2013-10-03 04:02 - 00225792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2014-12-05 23:06 - 2013-10-02 06:00 - 01286552 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2014-12-05 23:06 - 2013-10-02 04:47 - 01018960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2014-12-05 23:06 - 2013-09-30 22:42 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-12-05 23:06 - 2013-09-30 22:36 - 00977408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-12-05 23:05 - 2014-05-08 00:52 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-05 23:05 - 2014-05-07 23:57 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-05 23:05 - 2014-05-07 23:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-05 23:04 - 2014-01-31 11:15 - 00311640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-12-05 23:04 - 2014-01-31 11:07 - 00233920 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-05 23:04 - 2014-01-31 11:06 - 02133208 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-12-05 23:04 - 2014-01-31 08:47 - 02143960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-12-05 23:04 - 2014-01-31 04:06 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-12-05 23:04 - 2014-01-29 03:53 - 00458616 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2014-12-05 23:04 - 2014-01-29 03:53 - 00407024 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2014-12-05 23:04 - 2014-01-29 03:49 - 01928144 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2014-12-05 23:04 - 2014-01-29 03:47 - 02543960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-05 23:04 - 2014-01-29 02:44 - 01371824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2014-12-05 23:04 - 2014-01-29 02:44 - 00408480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2014-12-05 23:04 - 2014-01-29 02:44 - 00369280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2014-12-05 23:04 - 2014-01-29 01:41 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-12-05 23:04 - 2014-01-28 19:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-12-05 23:04 - 2014-01-27 14:07 - 04175360 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2014-12-05 23:04 - 2014-01-27 14:06 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-05 23:04 - 2014-01-27 14:04 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2014-12-05 23:04 - 2014-01-27 13:23 - 02873344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2014-12-05 23:04 - 2014-01-27 13:21 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-05 23:04 - 2014-01-27 13:20 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2014-12-05 23:04 - 2014-01-27 13:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-12-05 23:04 - 2014-01-27 12:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-05 23:04 - 2014-01-27 12:18 - 01486848 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2014-12-05 23:04 - 2014-01-27 12:00 - 01238016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2014-12-05 23:04 - 2014-01-27 10:58 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-05 23:04 - 2014-01-27 10:50 - 06640640 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-05 23:04 - 2014-01-27 06:45 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml
2014-12-05 23:04 - 2014-01-17 18:04 - 00764864 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-12-05 23:04 - 2014-01-17 16:54 - 00669352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-05 23:04 - 2013-12-21 09:51 - 06353960 _____ (Microsoft Corporation) C:\Windows\system32\sppsvc.exe
2014-12-05 23:04 - 2013-12-21 03:54 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\sppcomapi.dll
2014-12-05 23:04 - 2013-10-30 19:29 - 00236888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-12-05 23:04 - 2013-10-30 19:29 - 00124760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-12-05 23:04 - 2013-10-30 19:28 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-12-05 22:58 - 2013-12-08 19:27 - 02152448 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-12-05 22:58 - 2013-12-08 19:19 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-12-05 22:58 - 2013-12-08 18:55 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-12-05 22:58 - 2013-12-08 18:54 - 01317376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-12-05 22:58 - 2013-10-23 06:01 - 00872840 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-12-05 22:58 - 2013-10-12 21:48 - 00136536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2014-12-05 22:58 - 2013-10-12 16:48 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2014-12-05 22:58 - 2013-10-12 16:34 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-12-05 22:57 - 2014-03-10 05:35 - 02008408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-12-05 22:57 - 2014-03-10 05:35 - 00377176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2014-12-05 22:57 - 2014-03-06 04:19 - 01287576 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-12-05 22:57 - 2014-03-06 04:02 - 01109424 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-12-05 22:57 - 2014-03-06 01:17 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-12-05 22:57 - 2014-03-06 01:10 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-12-05 22:57 - 2013-11-22 23:34 - 00393216 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-12-05 22:57 - 2013-11-22 23:13 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-12-05 22:57 - 2013-10-23 03:59 - 00698232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-12-05 22:57 - 2013-10-05 09:21 - 01341288 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-12-05 22:57 - 2013-10-05 03:39 - 01067008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-12-05 22:56 - 2014-10-30 06:25 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-05 22:56 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-05 22:56 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-05 22:56 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-05 22:56 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-05 22:56 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-05 22:56 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-05 22:56 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-05 22:56 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-05 22:56 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-05 22:56 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-05 22:56 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-05 22:56 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-05 22:56 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-05 22:56 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-05 22:56 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-05 22:56 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-05 22:56 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-05 22:56 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-05 22:56 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-05 22:56 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-05 22:56 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-05 22:56 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-05 22:56 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-05 22:56 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-05 22:56 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-05 22:56 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-05 22:56 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-05 22:56 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-05 22:56 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-05 22:56 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-05 22:56 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-05 22:56 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-05 22:56 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-05 22:56 - 2013-12-20 05:18 - 01643584 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-12-05 22:56 - 2013-12-20 05:18 - 01507704 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-12-05 22:47 - 2013-11-27 10:36 - 03395920 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2014-12-05 22:47 - 2013-11-27 06:41 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe
2014-12-05 22:47 - 2013-11-27 03:48 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-05 22:47 - 2013-11-27 03:40 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-05 22:47 - 2013-11-27 03:17 - 00695808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-12-05 22:47 - 2013-11-27 03:12 - 00848384 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-12-05 22:44 - 2014-04-19 06:15 - 21186352 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-12-05 22:44 - 2014-04-19 01:49 - 18644072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-12-05 22:43 - 2014-02-10 21:43 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-12-05 22:43 - 2014-02-10 21:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-12-05 22:43 - 2014-01-07 02:03 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\pcaui.exe
2014-12-05 22:43 - 2014-01-07 00:59 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pcaui.exe
2014-12-05 22:43 - 2013-12-08 21:57 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-05 22:43 - 2013-12-08 20:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-05 22:39 - 2014-01-04 09:30 - 13209088 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-12-05 22:39 - 2014-01-04 09:23 - 11702272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-12-05 22:39 - 2014-01-04 09:03 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-05 22:39 - 2014-01-04 08:42 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-12-05 22:39 - 2014-01-04 08:40 - 07416832 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-12-05 22:39 - 2014-01-04 08:36 - 00830976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-12-05 22:39 - 2014-01-04 08:28 - 04961792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-12-05 22:38 - 2014-01-04 15:50 - 01462216 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-12-05 22:38 - 2014-01-04 14:22 - 01202888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-12-05 22:38 - 2014-01-04 08:47 - 00628736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-05 22:38 - 2013-12-20 21:10 - 00009701 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2014-12-05 22:38 - 2013-12-20 21:10 - 00009701 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2014-12-05 22:34 - 2014-02-10 22:04 - 04189184 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-12-05 22:34 - 2013-10-16 10:58 - 01943536 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-05 22:34 - 2013-10-16 08:54 - 01581968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-05 22:33 - 2013-10-15 03:54 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-12-05 22:33 - 2013-10-15 03:03 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-12-05 22:32 - 2013-12-08 19:15 - 00787968 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-12-05 22:32 - 2013-11-09 01:34 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-12-05 22:32 - 2013-11-09 01:34 - 00287744 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2014-12-05 22:32 - 2013-11-09 00:52 - 00240128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 20:03 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-01 20:01 - 2014-06-28 07:42 - 00000000 ____D () C:\Users\compaq
2015-01-01 19:53 - 2014-06-28 08:53 - 00003926 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{AAC609C1-1131-4CEB-8F78-3727F64F2ED7}
2015-01-01 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-27 15:25 - 2014-06-28 08:55 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3257356177-2383744274-2500186646-1001
2014-12-25 12:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-12-22 13:05 - 2014-06-28 09:23 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-22 07:32 - 2014-06-28 09:17 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-12-17 19:24 - 2014-06-28 07:43 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-14 04:30 - 2014-06-28 08:04 - 00000000 ____D () C:\Windows\Panther
2014-12-10 13:46 - 2014-06-28 07:42 - 00000000 ____D () C:\Users\compaq\AppData\Roaming\Adobe
2014-12-08 07:38 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-12-07 05:09 - 2013-08-22 09:44 - 00335784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\migwiz
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-07 05:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-07 05:05 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-12-07 05:05 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\Dism
2014-12-07 05:04 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-12-07 05:04 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-12-06 22:27 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\restore

Some content of TEMP:
====================
C:\Users\compaq\AppData\Local\Temp\Quarantine.exe
C:\Users\compaq\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-27 15:25

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-12-2014
Ran by compaq at 2015-01-01 20:06:07
Running from C:\Users\compaq\Desktop\New folder
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
ESET NOD32 Antivirus (HKLM\...\{7F39EB28-B9B7-41B8-8564-DB33284A010D}) (Version: 8.0.304.0 - ESET, spol s r. o.)
KMSpico v9.1.3 (HKLM\...\KMSpico_is1) (Version: 9.1.3 - )
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1168 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 11.0.7.0 - Synaptics)
SystemAid (HKLM-x32\...\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}{439f3a51}) (Version:  - Software Publisher) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

10-12-2014 13:57:43 Windows Update
17-12-2014 17:46:54 Windows Update
22-12-2014 07:29:05 Installed NVIDIA ForceWare Network Access Manager
25-12-2014 10:57:44 Windows Update
27-12-2014 06:01:36 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {24AD7A53-8438-4315-B4E9-B61B7B307424} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-17] (Microsoft Corporation)
Task: {349D2CB7-0DF7-4C1C-A075-6031DCA9D87A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-25] (Adobe Systems Incorporated)
Task: {625D0935-AAA4-4F1E-A736-5E32C5F159BE} - System32\Tasks\Systeye => C:\Program Files (x86)\Systeye\Reg Booster Pro\RegBoosterPro.exe <==== ATTENTION
Task: {6F80906A-0775-4922-B597-0A296E88DC53} - System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
Task: {9EEB6C66-A769-4551-AF85-3A59F0A58D9A} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2013-12-11] ()
Task: {DA2AB2DD-B30E-4C41-9365-7318AEEE7BC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-06-28 09:21 - 2013-10-23 03:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-04-19 08:34 - 2009-04-19 08:34 - 00207904 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
2009-04-19 08:34 - 2009-04-19 08:34 - 00070176 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nv_common.dll
2009-04-19 08:34 - 2009-04-19 08:34 - 00578080 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\SpecialCase.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "egui"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKU\S-1-5-21-3257356177-2383744274-2500186646-1001\...\StartupApproved\Run: => "CCleaner Monitoring"

========================= Accounts: ==========================

Administrator (S-1-5-21-3257356177-2383744274-2500186646-500 - Administrator - Disabled)
compaq (S-1-5-21-3257356177-2383744274-2500186646-1001 - Administrator - Enabled) => C:\Users\compaq
Guest (S-1-5-21-3257356177-2383744274-2500186646-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3257356177-2383744274-2500186646-1002 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: Coprocessor
Description: Coprocessor
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/01/2015 07:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffab1460565
Faulting process id: 0x818
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (01/01/2015 08:39:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff9d5720555
Faulting process id: 0x5f8
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (01/01/2015 08:04:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007fff750c0555
Faulting process id: 0x870
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/31/2014 06:09:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (12/30/2014 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff818050565
Faulting process id: 0x8dc
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/30/2014 04:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc8baa0565
Faulting process id: 0x5f4
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/29/2014 06:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffdb4610565
Faulting process id: 0x89c
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/29/2014 04:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffd02200565
Faulting process id: 0x644
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/28/2014 08:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ff7c7610565
Faulting process id: 0x840
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5

Error: (12/28/2014 06:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Service_KMS.exe, version: 11.0.0.0, time stamp: 0x52a8d15d
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0x00000000
Fault offset: 0x00007ffc4dfe0565
Faulting process id: 0x630
Faulting application start time: 0xService_KMS.exe0
Faulting application path: Service_KMS.exe1
Faulting module path: Service_KMS.exe2
Report Id: Service_KMS.exe3
Faulting package full name: Service_KMS.exe4
Faulting package-relative application ID: Service_KMS.exe5


System errors:
=============
Error: (01/01/2015 08:03:41 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:41 PM) (Source: Microsoft-Windows-WHEA-Logger) (EventID: 20) (User: NT AUTHORITY)
Description: A fatal hardware error has occurred.

Component: AMD Northbridge
Error Source: 3
Error Type: 11
Processor APIC ID: 0

The details view of this entry contains further information.

Error: (01/01/2015 08:03:41 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:41 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:41 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:40 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:40 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:40 PM) (Source: DCOM) (EventID: 10016) (User: randall)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}randallcompaqS-1-5-21-3257356177-2383744274-2500186646-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (01/01/2015 08:03:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The ForceWare Intelligent Application Manager (IAM) service failed to start due to the following error:
%%1053

Error: (01/01/2015 08:03:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the ForceWare Intelligent Application Manager (IAM) service to connect.


Microsoft Office Sessions:
=========================
Error: (01/01/2015 07:44:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffab146056581801d026252977fe40C:\Program Files\KMSpico\Service_KMS.exeunknown743ca7eb-9218-11e4-82c5-001f165e0195

Error: (01/01/2015 08:39:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff9d57205555f801d025c86304f886C:\Program Files\KMSpico\Service_KMS.exeunknownac8d7f59-91bb-11e4-82c4-001f165e0195

Error: (01/01/2015 08:04:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007fff750c055587001d025c36274713cC:\Program Files\KMSpico\Service_KMS.exeunknownac4baa88-91b6-11e4-82c3-001f165e0195

Error: (12/31/2014 06:09:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 90080108

Error: (12/30/2014 03:34:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff8180505658dc01d0246fe8586ca6C:\Program Files\KMSpico\Service_KMS.exeunknown30b5f21d-9063-11e4-82be-001f165e0195

Error: (12/30/2014 04:41:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffc8baa05655f401d02414c2df8e65C:\Program Files\KMSpico\Service_KMS.exeunknown0c28079f-9008-11e4-82bc-001f165e0195

Error: (12/29/2014 06:03:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffdb461056589c01d023bb8cc82db3C:\Program Files\KMSpico\Service_KMS.exeunknownd5941a49-8fae-11e4-82ba-001f165e0195

Error: (12/29/2014 04:20:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffd0220056564401d023ad420f4071C:\Program Files\KMSpico\Service_KMS.exeunknown8c2bf58c-8fa0-11e4-82b9-001f165e0195

Error: (12/28/2014 08:19:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ff7c761056584001d02305584a7c8aC:\Program Files\KMSpico\Service_KMS.exeunknownc0cb7c53-8ef8-11e4-82b8-001f165e0195

Error: (12/28/2014 06:56:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Service_KMS.exe11.0.0.052a8d15dunknown0.0.0.0000000000000000000007ffc4dfe056563001d022f9d357192fC:\Program Files\KMSpico\Service_KMS.exeunknown2ead4729-8eed-11e4-82b7-00242b2e74e3


==================== Memory info ===========================

Processor: AMD Athlon Dual-Core QL-62
Percentage of memory in use: 31%
Total physical RAM: 1790.42 MB
Available physical RAM: 1221.55 MB
Total Pagefile: 3006.42 MB
Available Pagefile: 2237.26 MB
Total Virtual: 131072 MB
Available Virtual: 131071.85 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.66 GB) (Free:196.93 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:10.88 GB) (Free:1.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 2D900954)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=221.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.9 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 02 January 2015 - 08:38 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start


Task: {625D0935-AAA4-4F1E-A736-5E32C5F159BE} - System32\Tasks\Systeye => C:\Program Files (x86)\Systeye\Reg Booster Pro\RegBoosterPro.exe <==== ATTENTION
Task: {6F80906A-0775-4922-B597-0A296E88DC53} - System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem persists let me know the browsers that are compromised.

#7 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 02 January 2015 - 09:50 AM

While my laptop was starting back up I got three short clicks on the right of the laptop followed by one long beep in the middle of the laptop. My laptop is being really laggy and Firefox keeps becoming unresponsive and plugins like for facebook games, apps, and anything flash related keeps becoming unresponsive.I'm removing firefox and trying google chrome, but the lags, and problems still exist.   

 

The notepad was there before I restarted, it said fixlog.txt  I restarted and the log completely disappeared. Redo?


Edited by thefrogshateme, 02 January 2015 - 09:51 AM.


#8 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 02 January 2015 - 09:53 AM

Oh, here it is. The extension .txt changed for some reason, but here's the log.
 
 
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2014
Ran by compaq at 2015-01-02 09:40:57 Run:2
Running from C:\Users\compaq\Desktop\New folder
Loaded Profiles: compaq & UpdatusUser (Available profiles: compaq & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
 
Task: {625D0935-AAA4-4F1E-A736-5E32C5F159BE} - System32\Tasks\Systeye => C:\Program Files (x86)\Systeye\Reg Booster Pro\RegBoosterPro.exe <==== ATTENTION
Task: {6F80906A-0775-4922-B597-0A296E88DC53} - System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687} => pcalua.exe -a "C:\Program Files (x86)\RelevantKnowledge\rlvknlg.exe" -c -bootremove -uninst:RelevantKnowledge
 
End
*****************
 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{625D0935-AAA4-4F1E-A736-5E32C5F159BE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{625D0935-AAA4-4F1E-A736-5E32C5F159BE}" => Key deleted successfully.
C:\Windows\System32\Tasks\Systeye => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Systeye" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6F80906A-0775-4922-B597-0A296E88DC53}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6F80906A-0775-4922-B597-0A296E88DC53}" => Key deleted successfully.
C:\Windows\System32\Tasks\{DF4259D5-7073-45E7-9611-CBF0F5A5F687} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{DF4259D5-7073-45E7-9611-CBF0F5A5F687}" => Key deleted successfully.
 
==== End of Fixlog 09:40:58 ====


#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 02 January 2015 - 10:21 AM

While my laptop was starting back up I got three short clicks on the right of the laptop followed by one long beep in the middle of the laptop.


There are known as the Computer POST and beep codes

What ever pattern you get indicates an problem.

Refer to this topic.
http://www.computerhope.com/beep.htm

Read it carefully and see what you can find.

Keep me posted.

Edited by nasdaq, 02 January 2015 - 10:21 AM.


#10 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 02 January 2015 - 11:06 AM

Technically the first three wasn't a beep. It was coming from what sounds like the disk tray. It made a noise 3 times, then a beep from the speaker. So this counts as one beep?  Which is DRAM refresh failure?



#11 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 02 January 2015 - 11:18 AM

I just got a random driver update. Nforce NVIDIA


Edited by thefrogshateme, 02 January 2015 - 11:20 AM.


#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 03 January 2015 - 08:33 AM

Are we good then?

#13 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 January 2015 - 02:30 PM

Hardware might have something to do with it. So you don't see any infection at all?



#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:47 PM

Posted 04 January 2015 - 04:02 PM

Maybe this is all that is needed.

Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

#15 thefrogshateme

thefrogshateme
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:02:47 PM

Posted 04 January 2015 - 11:35 PM

Thanks, case closed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users