Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asked to reply here - RogueKiller detected rootkit - Help with removing


  • This topic is locked This topic is locked
4 replies to this topic

#1 ol2shews

ol2shews

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 AM

Posted 27 December 2014 - 01:25 PM

FROM MODERATOR:

 

Hello this rootkit needs to be removed in another section..

Please repost here with your RogueKiller log.

 

 

 

This is the 1st RogueKiller log before performing the steps below.

See 2nd RogueKiller log below.

 

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Karen [Administrator]
Mode : Delete -- Date : 12/26/2014  13:54:32

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 5 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SWUpdateService -> Deleted
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SWUpdateService -> Deleted
[PUM.HomePage] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main | Start Page : http://samsung13.msn.com  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main | Start Page : https://google.com/  -> Replaced (http://go.microsoft.com/fwlink/p/?LinkId=255141)

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mouclass.sys - IRP_MJ_READ[3] : Unknown @ 0x3ee8d10

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] 022c5e5d16200f8057e3eb8c4bbd4a17
[BSP] 83f3fab22495ba2d1256d30ba37e897d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_12222014_122207.log - RKreport_DEL_12222014_130428.log - RKreport_SCN_12222014_121823.log - RKreport_SCN_12222014_125940.log
RKreport_SCN_12222014_140615.log - RKreport_SCN_12262014_135322.log

 

 

 

 

 

 

I just ran RogueKiller and this is what turned up in the rootkit tab:

 

 

 

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤

[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mouclass.sys - IRP_MJ_READ[3] : Unknown @ 0x3ee8d10

 

 

I have no idea on how to remove and would appreciate the help. I am running windows 8.

 

Thanks,

 

Karen

 

 

I was asked on the previous post to perform several steps including:

 

 

1.Double click MiniToolBox.
2.Select the following and then press go.
3.Post the log in your next reply.

Flush DNS
 Reset IE Proxy Settings
 Reset FF Proxy Settings
 List Installed Programs
 List Restore Points

 

1.Double click mbam-setup-x.x.x.xxxx and follow the on-screen instructions.
2.On the dashboard, click update now.
3.After that, click scan now - the scan will now begin.
4.When the scan's completed, select apply actions - make sure the action is quarantine.
5.Restart your computer.

How to get the log.
1.On the dashboard, select the history tab and click application logs.
2.Select the log which has the time and date of when you did the scan.
3.Click copy to clipboard and paste it into your reply.

 

1.Double click SecurityCheck and follow the on-screen instructions.
2.A log should open, called checkup.txt.
3.Please post the contents of it in your next reply.

 

1.Double click it and click ok (Make sure to extract it to your desktop)
2.When it opens, click next and then update.
3.After it's updated, click next and then scan.
4.If malware is detected, select clean, then restart your computer.
5.Open 'MBAR' on your desktop and paste the contens in your reply of the following logs:
6.mbar-log-xx.xx.xx.txt and system-log.txt.

 

 

 

 

I have performed all of the steps above and have the logs if needed. It doesn't look like it really

helped so far because I performed another RogueKiller log - see below. I would really appreciate

any help with this.

 

Karen

 

RogueKiller V10.1.1.0 (x64) [Dec 23 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200 ) 64 bits version
Started in : Normal mode
User : Karen [Administrator]
Mode : Delete -- Date : 12/26/2014  20:51:01

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 0 ¤¤¤

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost

¤¤¤ Antirootkit : 1 (Driver: Loaded) ¤¤¤
[IRP:Addr(Hook.IRP)] \SystemRoot\System32\drivers\mouclass.sys - IRP_MJ_READ[3] : Unknown @ 0x5f42060

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500LM0 12 HN-M500MBB SATA Disk Device +++++
--- User ---
[MBR] 022c5e5d16200f8057e3eb8c4bbd4a17
[BSP] 83f3fab22495ba2d1256d30ba37e897d : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_DEL_12222014_122207.log - RKreport_DEL_12222014_130428.log - RKreport_DEL_12262014_135432.log - RKreport_SCN_12222014_121823.log
RKreport_SCN_12222014_125940.log - RKreport_SCN_12222014_140615.log - RKreport_SCN_12262014_135322.log - RKreport_SCN_12262014_140808.log
RKreport_SCN_12262014_182135.log - RKreport_SCN_12262014_205014.log

 

 

 

 



BC AdBot (Login to Remove)

 


m

#2 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:30 AM

Posted 30 December 2014 - 02:00 PM

hi ol2shews,

 

If you still need help you can get a download so we will have a starting point. We will go from there:

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

 

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/

 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

    Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).

    When the tool opens click Yes to disclaimer.

    Press the Scan button.

    When finished, it will produce a log called FRST.txt in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

 

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.


How Can I Reduce My Risk to Malware?


#3 ol2shews

ol2shews
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 AM

Posted 02 January 2015 - 10:40 PM

Here are the reports you requested. I am curious about something I just came across. I have had issues ever since I purchased this laptop

(Samsung) w/windows 8. When I first set this computer up (I was using a different computer with windows vista) not thinking - it created

a workgroup. I just came across this article:

 

https://social.technet.microsoft.com/Forums/en-US/1c618a22-b48a-43ca-81cc-64836c058207/appdatalocal-and-locallow-following-roaming-profile

 

My question is in regards to:  NTUSER.DAT from Windows vista has found its way onto a Windows 8 machine. Since my last post I had to reinstall

windows 8 - once again.

 

Thanks for the help,

 

Karen

 

 

 

 

Here are the reports:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2015
Ran by Karen (administrator) on SAMSUNG on 02-01-2015 19:27:52
Running from C:\Users\Karen\Desktop
Loaded Profile: Karen (Available profiles: Karen)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
HKLM-x32\...\Run: [RemoteControl10] => "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\...\Run: [RESTART_STICKY_NOTES] => C:\windows\system32\StikyNot.exe [405504 2012-07-25] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKU\S-1-5-21-2961404673-414218333-4232183137-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKU\S-1-5-21-2961404673-414218333-4232183137-1001 -> {C9EB2C4F-47E5-411E-85DA-B6F748ED2C13} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16032 2014-09-21] (Microsoft Corporation)
S2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
S3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-20] (Advanced Micro Devices)
S3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [222360 2012-10-31] (Qualcomm Atheros)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [35064 2015-01-02] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 19:27 - 2015-01-02 19:28 - 00005033 _____ () C:\Users\Karen\Desktop\FRST.txt
2015-01-02 19:27 - 2015-01-02 19:27 - 00000000 ____D () C:\FRST
2015-01-02 19:21 - 2015-01-02 19:21 - 02123264 _____ (Farbar) C:\Users\Karen\Desktop\FRST64.exe
2015-01-02 17:39 - 2015-01-02 17:39 - 00000227 _____ () C:\Users\Karen\Documents\Windows 8 Info  1-2-2015.txt
2015-01-02 17:29 - 2015-01-02 17:30 - 125809912 _____ (Microsoft Corporation) C:\Users\Karen\Desktop\msert.exe
2015-01-02 17:21 - 2015-01-02 17:21 - 00002150 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-01-02 17:21 - 2015-01-02 17:21 - 00002138 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-01-02 17:21 - 2015-01-02 17:21 - 00002138 _____ () C:\ProgramData\Desktop\Belarc Advisor.lnk
2015-01-02 17:21 - 2015-01-02 17:21 - 00000000 ____D () C:\Program Files (x86)\Belarc
2015-01-02 17:20 - 2015-01-02 17:20 - 03655960 _____ () C:\Users\Karen\Desktop\advisorinstaller.exe
2015-01-02 15:13 - 2015-01-02 19:00 - 00000000 ____D () C:\Program Files\Recuva
2015-01-02 15:13 - 2015-01-02 16:26 - 00001815 _____ () C:\Users\Public\Desktop\Recuva.lnk
2015-01-02 15:13 - 2015-01-02 16:26 - 00001815 _____ () C:\ProgramData\Desktop\Recuva.lnk
2015-01-02 15:13 - 2015-01-02 15:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2015-01-02 15:06 - 2015-01-02 15:06 - 04210920 _____ (Piriform Ltd) C:\Users\Karen\Desktop\rcsetup151.exe
2015-01-02 15:00 - 2015-01-02 15:00 - 09817304 _____ () C:\Users\Karen\Desktop\tweaking.com_windows_repair_aio_setup.exe
2015-01-02 14:35 - 2015-01-02 17:41 - 00000000 ____D () C:\Users\Karen\AppData\Local\CrashDumps
2015-01-02 13:25 - 2015-01-02 13:25 - 00035064 _____ () C:\windows\system32\Drivers\TrueSight.sys
2015-01-01 13:12 - 2015-01-01 13:12 - 00003886 _____ () C:\windows\System32\Tasks\Adobe Acrobat Update Task
2015-01-01 12:12 - 2015-01-01 12:12 - 00281624 _____ () C:\windows\system32\FNTCACHE.DAT
2015-01-01 11:55 - 2015-01-01 11:55 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-01-01 11:54 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\windows\system32\CNMLMB2.DLL
2015-01-01 11:53 - 2015-01-01 11:53 - 00000000 ___HD () C:\ProgramData\CanonIJFAX
2015-01-01 11:53 - 2015-01-01 11:53 - 00000000 ____D () C:\windows\LastGood.Tmp
2015-01-01 11:53 - 2011-09-21 05:00 - 00302592 _____ (CANON INC.) C:\windows\system32\CNCALB2.DLL
2015-01-01 11:52 - 2015-01-01 11:52 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-01-01 11:52 - 2011-10-14 11:57 - 00300544 _____ (CANON INC.) C:\windows\system32\CNC_B2C.dll
2015-01-01 11:52 - 2011-10-14 11:57 - 00102912 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B2U.dll
2015-01-01 11:52 - 2011-10-14 11:56 - 00109568 _____ (CANON INC.) C:\windows\system32\CNC_B2I.dll
2015-01-01 11:52 - 2011-09-22 08:59 - 00358912 _____ (CANON INC.) C:\windows\system32\CNC_B2L.dll
2015-01-01 11:52 - 2011-09-22 08:57 - 00316416 _____ (CANON INC.) C:\windows\SysWOW64\CNC_B2L.dll
2015-01-01 11:52 - 2011-06-30 13:41 - 00069376 _____ () C:\windows\SysWOW64\CNC175CD.TBL
2015-01-01 11:52 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\windows\system32\CNHMCA6.dll
2015-01-01 11:52 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\windows\SysWOW64\CNHMCA.dll
2015-01-01 11:47 - 2015-01-01 11:47 - 00002471 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-01-01 11:47 - 2015-01-01 11:47 - 00002029 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-01-01 11:47 - 2015-01-01 11:47 - 00002029 _____ () C:\ProgramData\Desktop\Adobe Reader XI.lnk
2015-01-01 11:46 - 2015-01-01 11:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-01 11:41 - 2015-01-01 11:55 - 00000000 ____D () C:\Users\Karen\AppData\Local\Adobe
2014-12-31 12:51 - 2012-11-26 22:39 - 01122768 _____ (Microsoft Corporation) C:\windows\system32\Taskmgr.exe
2014-12-31 12:51 - 2012-11-26 20:49 - 01027152 _____ (Microsoft Corporation) C:\windows\SysWOW64\Taskmgr.exe
2014-12-31 12:51 - 2012-11-26 20:20 - 00798208 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebcamUi.dll
2014-12-31 12:51 - 2012-11-26 20:20 - 00560128 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserLanguagesCpl.dll
2014-12-31 12:51 - 2012-11-26 20:20 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpnapps.dll
2014-12-31 12:51 - 2012-11-26 20:19 - 00955904 _____ (Microsoft Corporation) C:\windows\system32\WebcamUi.dll
2014-12-31 12:51 - 2012-11-26 20:19 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\UserLanguagesCpl.dll
2014-12-31 12:51 - 2012-11-26 20:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\wpnapps.dll
2014-12-31 11:32 - 2014-12-31 11:32 - 00001237 _____ () C:\Users\Karen\Documents\RKreport_SCN_12312014_112904.log
2014-12-31 10:49 - 2015-01-01 13:13 - 00000000 ____D () C:\windows\system32\AutoUpdateLicense
2014-12-31 10:33 - 2014-07-15 14:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-12-31 09:18 - 2014-03-10 19:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-12-31 09:18 - 2014-03-10 16:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-12-31 09:18 - 2014-03-10 16:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-12-31 09:18 - 2014-03-10 16:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-12-31 09:18 - 2014-03-10 16:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-12-31 09:18 - 2014-03-10 16:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-12-31 09:18 - 2014-03-10 16:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-12-31 09:18 - 2014-03-10 16:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-12-31 09:18 - 2014-03-10 16:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-12-31 09:18 - 2014-03-10 16:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-12-31 09:18 - 2014-03-09 19:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-12-31 09:18 - 2014-03-09 17:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-12-31 09:18 - 2013-12-04 15:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-12-31 09:18 - 2013-12-04 15:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-12-31 09:16 - 2012-11-19 21:24 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-12-31 09:16 - 2012-11-19 21:17 - 01184256 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-12-31 09:16 - 2012-11-19 21:02 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDKURD.DLL
2014-12-31 09:16 - 2012-11-19 20:59 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDKURD.DLL
2014-12-31 09:16 - 2012-11-05 20:18 - 11459584 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2014-12-31 09:15 - 2012-11-05 23:33 - 01566432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2014-12-31 09:15 - 2012-11-05 20:48 - 01150160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00883712 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2014-12-31 09:15 - 2012-11-05 20:20 - 00516608 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00386560 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\rdpclip.exe
2014-12-31 09:15 - 2012-11-05 20:20 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcnApi.dll
2014-12-31 09:15 - 2012-11-05 20:20 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfdprov.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 08552448 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00466944 _____ (Microsoft Corporation) C:\windows\system32\wcncsvc.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\WcnApi.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00126464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCaptureEngine.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\wfdprov.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\WcnEapPeerProxy.dll
2014-12-31 09:15 - 2012-11-05 20:19 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\WcnEapAuthProxy.dll
2014-12-31 09:15 - 2012-11-05 20:18 - 00189440 _____ (Microsoft Corporation) C:\windows\SysWOW64\bthprops.cpl
2014-12-31 09:15 - 2012-11-05 20:18 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\MFCaptureEngine.dll
2014-12-31 09:15 - 2012-11-05 20:18 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\fdWCN.dll
2014-12-31 09:15 - 2012-11-05 20:18 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\fdWCN.dll
2014-12-31 09:15 - 2012-11-05 20:17 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\bthprops.cpl
2014-12-31 09:15 - 2012-11-05 20:17 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\dafWCN.dll
2014-12-31 09:15 - 2012-11-05 20:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\iscsilog.dll
2014-12-31 09:15 - 2012-11-05 19:58 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll
2014-12-31 09:15 - 2012-11-05 19:56 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanhlp.dll
2014-12-31 09:15 - 2012-11-05 19:55 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2014-12-31 09:15 - 2012-11-05 19:55 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2014-12-31 09:15 - 2012-11-05 19:55 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2014-12-31 09:15 - 2012-11-05 19:55 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2014-12-31 09:15 - 2012-11-05 19:55 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys
2014-12-31 09:14 - 2012-10-23 20:54 - 00396008 _____ (Microsoft Corporation) C:\windows\system32\hal.dll
2014-12-31 09:14 - 2012-10-11 22:13 - 00109568 _____ (Microsoft Corporation) C:\windows\system32\dskquota.dll
2014-12-31 09:14 - 2012-10-11 21:39 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\dskquota.dll
2014-12-31 09:13 - 2012-10-16 20:32 - 01172992 _____ (Microsoft Corporation) C:\windows\system32\mfnetsrc.dll
2014-12-31 09:13 - 2012-10-16 20:32 - 00677888 _____ (Microsoft Corporation) C:\windows\system32\mfnetcore.dll
2014-12-31 09:13 - 2012-10-16 19:57 - 00929792 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetsrc.dll
2014-12-31 09:13 - 2012-10-16 19:57 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfnetcore.dll
2014-12-31 09:13 - 2012-10-10 23:47 - 00793200 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2014-12-31 09:13 - 2012-10-10 23:23 - 00441576 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-12-31 09:13 - 2012-10-10 21:46 - 01395712 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Immersive.dll
2014-12-31 09:13 - 2012-10-10 21:46 - 00154112 _____ (Microsoft Corporation) C:\windows\system32\Windows.Storage.Compression.dll
2014-12-31 09:13 - 2012-10-10 21:45 - 00579584 _____ (Microsoft Corporation) C:\windows\system32\StructuredQuery.dll
2014-12-31 09:13 - 2012-10-10 21:42 - 00612416 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2014-12-31 09:13 - 2012-10-10 21:07 - 01226752 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Immersive.dll
2014-12-31 09:13 - 2012-10-10 21:07 - 00414720 _____ (Microsoft Corporation) C:\windows\SysWOW64\StructuredQuery.dll
2014-12-31 09:12 - 2012-10-10 23:25 - 00056552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdstor.sys
2014-12-31 09:12 - 2012-10-10 23:13 - 00033512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\battc.sys
2014-12-31 09:12 - 2012-10-10 21:46 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\BdeUISrv.exe
2014-12-31 09:12 - 2012-10-10 21:45 - 00505344 _____ (Microsoft Corporation) C:\windows\system32\SpaceControl.dll
2014-12-31 09:12 - 2012-10-10 21:45 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\PCPKsp.dll
2014-12-31 09:12 - 2012-10-10 21:44 - 00355328 _____ (Microsoft Corporation) C:\windows\system32\mswsock.dll
2014-12-31 09:12 - 2012-10-10 21:44 - 00264704 _____ (Microsoft Corporation) C:\windows\system32\ListSvc.dll
2014-12-31 09:12 - 2012-10-10 21:44 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\input.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 01280000 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00331776 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00244224 _____ (Microsoft Corporation) C:\windows\system32\dhcpcore6.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\bdesvc.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\AppxSip.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00081920 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc.dll
2014-12-31 09:12 - 2012-10-10 21:43 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\dhcpcsvc6.dll
2014-12-31 09:12 - 2012-10-10 21:23 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\microsoft-windows-pdc.dll
2014-12-31 09:12 - 2012-10-10 21:23 - 00007680 _____ (Microsoft Corporation) C:\windows\system32\kbdhebl3.dll
2014-12-31 09:12 - 2012-10-10 21:07 - 00116224 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Storage.Compression.dll
2014-12-31 09:12 - 2012-10-10 21:07 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\PCPKsp.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00289280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mswsock.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00270336 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00219648 _____ (Microsoft Corporation) C:\windows\SysWOW64\input.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00204800 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcore6.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc.dll
2014-12-31 09:12 - 2012-10-10 21:06 - 00051712 _____ (Microsoft Corporation) C:\windows\SysWOW64\dhcpcsvc6.dll
2014-12-31 09:12 - 2012-10-10 21:05 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\AppxSip.dll
2014-12-31 09:12 - 2012-10-10 20:42 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\kbdhebl3.dll
2014-12-31 09:11 - 2013-08-09 21:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-12-31 09:11 - 2013-08-09 21:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-12-31 09:11 - 2013-08-09 19:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-12-31 09:11 - 2013-08-01 22:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-12-31 09:11 - 2013-08-01 21:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-12-31 09:11 - 2013-07-24 15:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-12-31 09:11 - 2013-07-24 15:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-12-31 09:11 - 2013-04-09 15:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-12-31 09:11 - 2013-04-09 14:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-12-31 09:10 - 2014-03-24 15:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-12-31 09:10 - 2014-03-24 14:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-12-31 09:10 - 2014-02-03 15:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-12-31 09:10 - 2014-02-03 15:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-12-31 09:10 - 2014-01-30 16:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-12-31 09:10 - 2014-01-30 16:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-12-31 09:10 - 2014-01-26 19:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-12-31 09:10 - 2014-01-15 15:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-12-31 09:10 - 2014-01-02 15:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-12-31 09:10 - 2014-01-02 15:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-12-31 09:10 - 2013-08-02 22:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-12-31 09:10 - 2013-08-02 22:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-12-31 09:10 - 2013-08-02 22:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-12-31 09:10 - 2013-08-02 21:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-12-31 09:10 - 2013-08-02 21:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-12-31 09:10 - 2013-08-02 21:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-12-31 09:07 - 2013-09-13 14:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-12-31 09:07 - 2013-09-13 14:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-12-31 09:07 - 2013-08-29 21:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-12-31 09:07 - 2013-08-29 21:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-12-31 09:07 - 2013-08-29 15:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-12-31 09:07 - 2013-08-20 22:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-12-31 09:07 - 2013-08-09 22:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-12-31 09:07 - 2013-07-24 15:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-12-31 09:07 - 2013-07-24 15:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-12-31 09:06 - 2013-07-09 00:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-12-31 09:06 - 2013-07-08 22:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-12-31 09:06 - 2013-07-08 20:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-12-31 09:06 - 2013-07-08 14:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-12-31 09:06 - 2013-07-02 16:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2014-12-31 09:06 - 2013-07-02 16:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-12-31 09:06 - 2013-07-02 16:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2014-12-31 09:06 - 2013-06-28 22:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-12-31 09:06 - 2013-06-28 22:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-12-31 09:06 - 2013-06-25 18:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2014-12-31 09:06 - 2013-06-24 14:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-12-31 09:06 - 2013-06-18 21:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-12-31 09:06 - 2013-06-18 21:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-12-31 09:06 - 2013-06-18 14:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-12-31 09:06 - 2013-06-18 14:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-12-31 09:06 - 2013-06-11 15:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2014-12-31 09:06 - 2013-06-01 03:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-12-31 09:06 - 2013-06-01 02:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-12-31 09:06 - 2013-06-01 01:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2014-12-31 09:06 - 2013-06-01 01:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-12-31 09:06 - 2013-06-01 01:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2014-12-31 09:06 - 2013-06-01 01:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2014-12-31 09:06 - 2013-06-01 01:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2014-12-31 09:06 - 2013-06-01 01:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2014-12-31 09:06 - 2013-06-01 01:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2014-12-31 09:06 - 2013-06-01 01:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2014-12-31 09:06 - 2013-06-01 01:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2014-12-31 09:06 - 2013-06-01 01:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2014-12-31 09:06 - 2013-06-01 01:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-12-31 09:06 - 2013-06-01 01:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-12-31 09:06 - 2013-06-01 01:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2014-12-31 09:06 - 2013-06-01 01:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2014-12-31 09:06 - 2013-06-01 01:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2014-12-31 09:06 - 2013-05-31 19:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2014-12-31 09:06 - 2012-11-26 20:20 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\vds_ps.dll
2014-12-31 09:06 - 2012-09-10 21:28 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\vdsldr.exe
2014-12-31 09:06 - 2012-09-10 21:27 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\vds_ps.dll
2014-12-31 09:05 - 2013-10-04 22:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-12-31 09:05 - 2013-08-29 21:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-12-31 09:05 - 2013-08-29 21:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-12-31 09:05 - 2013-08-29 15:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-12-31 09:05 - 2013-08-29 15:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-12-31 09:05 - 2013-07-08 19:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2014-12-31 09:05 - 2013-07-08 14:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-12-31 09:05 - 2013-07-08 14:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2014-12-31 09:05 - 2013-07-08 14:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2014-12-31 09:05 - 2013-07-02 16:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-12-31 09:05 - 2013-06-30 14:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2014-12-31 09:05 - 2013-06-30 14:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2014-12-31 09:05 - 2013-06-25 19:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2014-12-31 09:05 - 2013-06-16 14:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-12-31 09:05 - 2013-06-11 15:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2014-12-31 09:05 - 2013-06-06 00:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-12-31 09:04 - 2014-07-11 20:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-12-31 09:04 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-12-31 09:04 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-12-31 09:04 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-12-31 09:04 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-12-31 09:04 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-12-31 09:04 - 2014-07-11 20:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-12-31 09:04 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-12-31 09:04 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-12-31 09:04 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-12-31 09:04 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-12-31 09:04 - 2014-07-11 20:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-12-31 09:04 - 2014-07-11 16:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-12-31 09:04 - 2014-07-11 16:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-12-31 09:04 - 2014-07-08 14:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-12-31 09:04 - 2014-07-08 14:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-12-31 09:04 - 2014-07-08 14:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-12-31 09:04 - 2014-07-08 14:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-12-31 09:04 - 2014-07-06 21:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-12-31 09:04 - 2014-07-06 21:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-12-31 09:04 - 2014-07-04 02:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-12-31 09:04 - 2014-07-02 17:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-12-31 09:04 - 2014-07-02 16:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-12-31 09:04 - 2014-06-27 23:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-12-31 09:04 - 2014-06-27 22:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-12-31 09:04 - 2014-06-27 22:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-12-31 09:04 - 2014-06-24 23:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-12-31 09:04 - 2014-06-24 23:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-12-31 09:04 - 2014-06-17 15:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-12-31 09:04 - 2014-06-17 15:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-12-31 09:04 - 2014-06-11 06:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-12-31 09:04 - 2014-06-10 20:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-12-31 09:04 - 2014-06-10 14:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-12-31 09:04 - 2014-05-02 22:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-12-31 09:04 - 2014-04-29 14:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-12-31 09:04 - 2014-04-29 14:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-12-31 09:04 - 2014-02-04 02:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-12-31 09:04 - 2013-05-24 14:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-12-31 09:04 - 2013-05-24 14:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-12-31 09:02 - 2014-07-24 05:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-12-31 09:02 - 2014-07-16 15:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-12-31 09:02 - 2014-07-16 14:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-12-31 09:02 - 2014-07-16 14:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-12-31 09:02 - 2014-07-11 22:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-12-31 09:02 - 2014-07-11 20:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-12-31 09:02 - 2014-07-11 20:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-12-31 09:02 - 2014-07-11 20:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-12-31 09:02 - 2014-07-11 20:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-12-31 09:02 - 2014-06-27 22:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-12-31 09:02 - 2014-06-27 18:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-12-31 09:02 - 2014-03-01 01:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-12-31 09:02 - 2014-03-01 01:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-12-31 09:02 - 2014-03-01 00:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-12-31 09:02 - 2014-02-28 22:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-12-31 09:02 - 2014-02-14 20:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-12-31 09:02 - 2013-11-25 15:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-12-31 09:02 - 2013-10-30 21:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-12-31 09:02 - 2013-10-30 21:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-12-31 09:02 - 2013-10-30 20:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-12-31 09:02 - 2013-10-30 19:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-12-31 09:02 - 2013-10-13 12:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-12-31 09:02 - 2013-08-26 21:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-12-31 09:02 - 2013-08-26 21:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-12-31 09:02 - 2013-08-26 14:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-12-31 09:02 - 2013-08-26 14:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-12-31 09:02 - 2012-10-10 21:46 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\wfapigp.dll
2014-12-31 09:02 - 2012-10-10 21:44 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\icfupgd.dll
2014-12-31 09:02 - 2012-10-10 21:07 - 00019968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfapigp.dll
2014-12-31 09:01 - 2014-12-08 23:12 - 00590816 _____ (Microsoft Corporation) C:\windows\system32\AutoUpdate.exe
2014-12-31 09:01 - 2014-12-08 23:12 - 00467408 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-12-31 09:01 - 2014-10-21 19:34 - 00010777 _____ () C:\windows\system32\AutoconfigV2.cab
2014-12-31 09:01 - 2014-10-21 17:08 - 00568832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-12-31 09:01 - 2014-10-21 17:08 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-31 09:01 - 2014-10-21 17:01 - 00695808 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-12-31 09:01 - 2014-10-21 17:01 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-12-31 09:01 - 2014-10-21 17:01 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-12-31 09:01 - 2014-10-21 17:00 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-12-31 08:30 - 2014-05-28 20:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-12-31 08:09 - 2015-01-02 14:23 - 00000000 ____D () C:\Users\Karen\Desktop\rcsetup151
2014-12-31 07:43 - 2014-11-26 13:11 - 00714184 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-31 07:43 - 2014-11-26 13:11 - 00106440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-31 07:20 - 2015-01-02 14:22 - 00003596 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2961404673-414218333-4232183137-1001
2014-12-31 07:16 - 2014-12-31 07:16 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\ATI
2014-12-31 07:16 - 2014-12-31 07:16 - 00000000 ____D () C:\Users\Karen\AppData\Local\ATI
2014-12-31 07:15 - 2014-12-31 07:15 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Atheros
2014-12-31 07:15 - 2014-12-31 07:15 - 00000000 ____D () C:\Users\Karen\AppData\Local\Samsung
2014-12-31 07:15 - 2014-12-31 07:15 - 00000000 ____D () C:\Users\Karen\AppData\Local\BMExplorer
2014-12-31 07:15 - 2014-12-31 02:41 - 00000000 ____D () C:\Users\Karen\Documents\Bluetooth Folder
2014-12-31 07:14 - 2015-01-01 11:55 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Adobe
2014-12-31 07:14 - 2014-12-31 07:14 - 00001442 _____ () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-31 07:13 - 2014-12-31 07:13 - 00000000 ____D () C:\windows\System32\Tasks\Norton Internet Security
2014-12-31 07:13 - 2014-12-31 07:13 - 00000000 _____ () C:\windows\system32\Drivers\144D_SAMSUNG_na_355V4_P07A.mrk
2014-12-31 07:12 - 2014-12-31 07:12 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Synaptics
2014-12-31 07:12 - 2014-12-31 07:12 - 00000000 ____D () C:\Users\Karen\AppData\Local\VirtualStore
2014-12-31 07:11 - 2014-12-31 13:27 - 00000000 ____D () C:\Users\Karen
2014-12-31 07:11 - 2014-12-31 07:11 - 00000020 ___SH () C:\Users\Karen\ntuser.ini
2014-12-31 07:11 - 2014-12-31 02:44 - 00000000 ____D () C:\Users\Karen\AppData\Local\Packages
2014-12-31 07:11 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-31 07:11 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 07:11 - 2012-07-26 00:13 - 00000000 ___RD () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-31 07:11 - 2012-07-26 00:13 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-31 06:00 - 2014-12-31 06:02 - 00000000 ____D () C:\windows\system32\MRT
2014-12-31 06:00 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-31 05:54 - 2014-10-08 20:00 - 01519104 _____ (Microsoft Corporation) C:\windows\system32\vssapi.dll
2014-12-31 05:54 - 2014-10-08 20:00 - 01484288 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-12-31 05:54 - 2014-10-08 20:00 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\vsstrace.dll
2014-12-31 05:54 - 2014-10-08 19:59 - 01195520 _____ (Microsoft Corporation) C:\windows\SysWOW64\vssapi.dll
2014-12-31 05:54 - 2014-10-08 19:59 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\vsstrace.dll
2014-12-31 04:32 - 2014-06-10 14:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-12-31 04:32 - 2014-06-10 14:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-12-31 04:28 - 2013-06-21 21:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-12-31 04:28 - 2013-06-21 21:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-12-31 04:28 - 2013-01-09 17:53 - 00028904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpiowin32.sys
2014-12-31 04:28 - 2013-01-09 17:29 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2014-12-31 04:28 - 2013-01-09 15:26 - 01752064 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupapi.dll
2014-12-31 04:28 - 2013-01-09 15:26 - 01611776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2014-12-31 04:28 - 2013-01-09 15:26 - 00436736 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2014-12-31 04:28 - 2013-01-09 15:26 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-12-31 04:28 - 2013-01-09 15:26 - 00083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wiaacmgr.exe
2014-12-31 04:28 - 2013-01-09 15:23 - 02094592 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2014-12-31 04:28 - 2013-01-09 15:23 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\wlidsvc.dll
2014-12-31 04:28 - 2013-01-09 15:23 - 01886208 _____ (Microsoft Corporation) C:\windows\system32\setupapi.dll
2014-12-31 04:28 - 2013-01-09 15:23 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-12-31 04:28 - 2013-01-09 15:23 - 00256000 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-12-31 04:28 - 2013-01-09 15:23 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\wiaacmgr.exe
2014-12-31 04:28 - 2013-01-09 15:22 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-12-31 04:28 - 2013-01-09 15:22 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2014-12-31 04:28 - 2013-01-09 15:22 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2014-12-31 04:28 - 2012-11-01 21:19 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ncbservice.dll
2014-12-31 04:28 - 2012-11-01 21:18 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-12-31 04:28 - 2012-11-01 21:18 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-12-31 04:28 - 2012-11-01 21:18 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\adhapi.dll
2014-12-31 04:28 - 2012-11-01 21:18 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2014-12-31 04:28 - 2012-11-01 21:18 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll
2014-12-31 04:27 - 2013-07-05 16:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-12-31 04:27 - 2013-07-05 14:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-12-31 04:27 - 2013-07-05 14:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-12-31 04:27 - 2013-07-03 18:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-12-31 04:26 - 2014-09-12 22:24 - 02233152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-12-31 04:26 - 2014-09-05 16:46 - 00389176 _____ () C:\windows\system32\ApnDatabase.xml
2014-12-31 04:26 - 2014-09-02 18:48 - 00141824 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpchttp.dll
2014-12-31 04:26 - 2014-09-02 18:22 - 00188928 _____ (Microsoft Corporation) C:\windows\system32\rpchttp.dll
2014-12-31 04:26 - 2014-08-28 20:17 - 02043392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-31 04:26 - 2014-08-28 20:17 - 00227328 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-31 04:26 - 2014-08-28 20:04 - 02837504 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-31 04:26 - 2014-08-28 20:04 - 00309248 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-31 04:26 - 2014-08-27 22:04 - 00499712 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSCOMEX.dll
2014-12-31 04:26 - 2014-08-27 22:04 - 00227840 _____ (Microsoft Corporation) C:\windows\SysWOW64\FXSAPI.dll
2014-12-31 04:26 - 2014-08-27 21:59 - 00616448 _____ (Microsoft Corporation) C:\windows\system32\FXSAPI.dll
2014-12-31 04:26 - 2014-08-27 21:59 - 00609280 _____ (Microsoft Corporation) C:\windows\system32\FXSCOMEX.dll
2014-12-31 04:26 - 2014-08-27 21:59 - 00432640 _____ (Microsoft Corporation) C:\windows\system32\FXSTIFF.dll
2014-12-31 04:26 - 2014-08-27 21:59 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\FXST30.dll
2014-12-31 04:26 - 2014-07-24 05:12 - 00328512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-12-31 04:26 - 2014-06-04 17:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2014-12-31 04:26 - 2014-06-03 15:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2014-12-31 04:26 - 2013-10-18 21:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-12-31 04:26 - 2013-10-18 20:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-12-31 04:26 - 2013-07-01 14:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2014-12-31 04:26 - 2013-07-01 14:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-12-31 04:26 - 2013-06-28 19:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-12-31 04:26 - 2013-05-03 20:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2014-12-31 04:25 - 2014-06-12 17:57 - 01453400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-12-31 04:25 - 2014-06-12 17:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-12-31 04:25 - 2013-05-14 18:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2014-12-31 04:25 - 2013-05-14 18:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-12-31 04:25 - 2013-05-14 18:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2014-12-31 04:25 - 2013-05-14 18:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-12-31 04:25 - 2013-05-03 23:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2014-12-31 04:25 - 2013-05-03 22:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2014-12-31 04:25 - 2013-05-03 22:58 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2014-12-31 04:25 - 2013-05-03 22:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2014-12-31 04:25 - 2013-05-03 22:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-12-31 04:25 - 2013-05-03 22:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2014-12-31 04:25 - 2013-05-03 22:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2014-12-31 04:25 - 2013-05-03 22:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2014-12-31 04:25 - 2013-05-03 22:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2014-12-31 04:25 - 2013-05-03 22:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2014-12-31 04:25 - 2013-05-03 20:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2014-12-31 04:25 - 2013-05-03 20:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-12-31 04:25 - 2013-05-03 20:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2014-12-31 04:25 - 2013-05-03 20:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2014-12-31 04:25 - 2013-05-03 20:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2014-12-31 04:25 - 2013-05-03 20:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2014-12-31 04:25 - 2013-05-03 20:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2014-12-31 04:25 - 2013-05-03 20:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-12-31 04:25 - 2013-05-03 20:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2014-12-31 04:25 - 2013-05-03 20:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2014-12-31 04:25 - 2013-05-03 20:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2014-12-31 04:25 - 2013-05-03 20:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
2014-12-31 04:25 - 2013-05-03 20:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-12-31 04:25 - 2013-05-03 20:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
2014-12-31 04:25 - 2013-03-01 18:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-12-31 04:25 - 2013-03-01 18:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2014-12-31 04:25 - 2013-02-02 00:39 - 00015872 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmproxy.dll
2014-12-31 04:25 - 2013-02-02 00:39 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmsprep.dll
2014-12-31 04:25 - 2012-10-09 23:04 - 00094208 _____ (Microsoft Corporation) C:\windows\system32\synceng.dll
2014-12-31 04:25 - 2012-10-09 22:31 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\synceng.dll
2014-12-31 04:24 - 2014-01-30 16:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-12-31 04:24 - 2013-03-02 02:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
2014-12-31 04:24 - 2013-03-02 02:39 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2014-12-31 04:24 - 2013-03-02 00:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-12-31 04:24 - 2013-03-02 00:23 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2014-12-31 04:24 - 2013-03-02 00:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-12-31 04:24 - 2013-03-02 00:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2014-12-31 04:24 - 2013-03-02 00:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-12-31 04:24 - 2013-03-02 00:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2014-12-31 04:24 - 2013-03-02 00:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-12-31 04:24 - 2013-03-02 00:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00240640 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2014-12-31 04:24 - 2013-03-01 18:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-12-31 04:24 - 2013-03-01 18:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2014-12-31 04:24 - 2013-03-01 18:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2014-12-31 04:24 - 2013-03-01 18:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-12-31 04:24 - 2013-03-01 18:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2014-12-31 04:24 - 2013-03-01 18:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2014-12-31 04:24 - 2013-03-01 18:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2014-12-31 04:24 - 2013-03-01 18:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-12-31 04:24 - 2013-03-01 18:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2014-12-31 04:24 - 2013-02-28 20:56 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2014-12-31 04:24 - 2013-02-28 20:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
2014-12-31 04:24 - 2013-02-28 20:55 - 01175040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-12-31 04:24 - 2013-01-08 19:59 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2014-12-31 04:24 - 2013-01-08 19:58 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2014-12-31 04:23 - 2014-07-31 15:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-12-31 04:23 - 2014-06-17 15:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-12-31 04:23 - 2014-06-17 15:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-12-31 04:23 - 2013-08-15 21:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2014-12-31 04:23 - 2013-08-15 21:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-12-31 04:23 - 2013-08-15 21:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-12-31 04:23 - 2013-08-15 21:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2014-12-31 04:23 - 2013-08-15 21:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2014-12-31 04:23 - 2013-08-15 21:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-12-31 04:23 - 2013-08-15 21:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2014-12-31 04:23 - 2013-08-15 21:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2014-12-31 04:23 - 2013-08-15 21:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2014-12-31 04:23 - 2013-08-15 14:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-12-31 04:23 - 2013-08-15 14:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2014-12-31 04:23 - 2013-08-15 14:43 - 00083968 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-12-31 04:23 - 2013-08-15 14:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2014-12-31 04:23 - 2013-08-15 14:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2014-12-31 04:21 - 2012-08-30 16:53 - 00017888 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr100_clr0400.dll
2014-12-31 04:21 - 2012-08-30 16:52 - 00017888 _____ (Microsoft Corporation) C:\windows\system32\msvcr100_clr0400.dll
2014-12-31 04:18 - 2014-10-01 15:05 - 04068864 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-12-31 04:18 - 2014-09-02 18:48 - 00510464 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-12-31 04:18 - 2014-09-02 18:21 - 00585728 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-12-31 04:18 - 2014-08-09 00:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-12-31 04:18 - 2014-08-09 00:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-12-31 04:18 - 2013-10-10 03:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-12-31 04:18 - 2013-10-10 01:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-12-31 04:18 - 2013-10-10 01:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-12-31 04:18 - 2013-06-10 11:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-12-31 04:18 - 2013-06-10 11:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-12-31 04:18 - 2013-06-10 11:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-12-31 04:18 - 2013-06-10 11:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-12-31 04:17 - 2014-10-18 00:44 - 00778240 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-12-31 04:17 - 2014-10-17 23:05 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-12-31 04:17 - 2014-10-10 23:44 - 19764736 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-31 04:17 - 2014-10-10 21:57 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-31 04:17 - 2014-10-08 19:59 - 00623616 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2014-12-31 04:17 - 2014-10-08 19:59 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\dnsrslvr.dll
2014-12-31 04:17 - 2014-10-08 19:58 - 00458240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2014-12-31 04:17 - 2014-10-02 17:21 - 00522728 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-12-31 04:17 - 2014-10-02 14:29 - 00783872 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-12-31 04:17 - 2014-10-02 14:29 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-12-31 04:17 - 2014-10-02 14:29 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-12-31 04:17 - 2014-09-21 21:38 - 00673792 _____ (Microsoft Corporation) C:\windows\system32\mfmpeg2srcsnk.dll
2014-12-31 04:17 - 2014-09-21 19:56 - 00513536 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmpeg2srcsnk.dll
2014-12-31 04:17 - 2014-07-23 19:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-12-31 04:17 - 2014-07-23 19:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-12-31 04:17 - 2013-04-23 15:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-12-31 04:17 - 2013-04-23 15:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-12-31 04:17 - 2013-04-23 14:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-12-31 04:17 - 2013-04-23 14:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-12-31 04:16 - 2014-07-06 21:53 - 01125376 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-31 04:16 - 2014-07-06 21:52 - 00724992 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-12-31 04:16 - 2014-07-06 21:52 - 00300544 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-12-31 04:16 - 2014-07-06 21:51 - 05982208 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-31 04:16 - 2014-07-06 20:01 - 01049600 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-31 04:16 - 2014-07-06 20:01 - 00233472 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-12-31 04:16 - 2014-07-06 20:00 - 05095424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-31 04:16 - 2014-07-06 19:59 - 00269312 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-12-31 04:16 - 2014-06-02 14:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-12-31 04:14 - 2014-10-10 23:45 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-12-31 04:14 - 2014-10-10 23:44 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-12-31 04:14 - 2014-10-10 23:44 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-12-31 04:14 - 2014-10-10 23:43 - 02307072 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-12-31 04:14 - 2014-10-10 21:58 - 08858624 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-12-31 04:14 - 2014-10-10 21:57 - 02416640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-12-31 04:14 - 2014-10-10 21:57 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-12-31 04:14 - 2014-10-10 21:56 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-12-31 04:14 - 2014-09-21 21:53 - 00035320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-12-31 04:14 - 2014-08-26 14:08 - 00270024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-12-31 04:14 - 2014-06-12 15:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-12-31 04:14 - 2014-06-12 15:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-12-31 04:12 - 2013-06-30 17:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-12-31 04:12 - 2013-06-30 17:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-12-31 04:12 - 2013-06-30 17:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-12-31 04:12 - 2013-06-30 17:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-12-31 04:12 - 2013-06-28 19:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-12-31 04:12 - 2013-06-28 19:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-12-31 04:12 - 2013-04-11 14:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-12-31 04:12 - 2013-04-11 14:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-12-31 04:12 - 2012-11-19 20:56 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-12-31 04:11 - 2014-10-10 23:44 - 03248640 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-12-31 04:11 - 2014-10-10 21:41 - 00713728 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-12-31 04:11 - 2014-10-10 21:41 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-12-31 04:11 - 2014-10-10 21:05 - 00146944 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-12-31 04:11 - 2014-10-10 21:04 - 00713728 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-12-31 04:11 - 2014-05-02 19:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-12-31 04:11 - 2012-10-12 00:08 - 00027880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpvideominiport.sys
2014-12-31 04:11 - 2012-10-11 22:14 - 00036352 _____ (Microsoft Corporation) C:\windows\system32\rfxvmt.dll
2014-12-31 04:09 - 2014-11-21 00:38 - 02237952 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-31 04:09 - 2014-11-21 00:38 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-31 04:09 - 2014-11-21 00:37 - 01409536 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-31 04:09 - 2014-11-21 00:37 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-12-31 04:09 - 2014-11-21 00:37 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 15400960 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-31 04:09 - 2014-11-21 00:36 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-31 04:09 - 2014-11-21 00:35 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-31 04:09 - 2014-11-20 23:17 - 01762816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-31 04:09 - 2014-11-20 23:17 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-31 04:09 - 2014-11-20 23:17 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-31 04:09 - 2014-11-20 23:17 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 13758976 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 02054656 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-31 04:09 - 2014-11-20 23:16 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-31 04:09 - 2014-11-20 23:16 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-31 04:09 - 2014-11-20 23:00 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-31 04:09 - 2014-11-20 22:54 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-31 04:09 - 2014-11-20 20:30 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-12-31 04:08 - 2014-11-21 00:36 - 19283456 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-31 04:08 - 2014-11-21 00:36 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-31 04:08 - 2014-11-21 00:36 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-31 04:08 - 2014-11-21 00:36 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-31 04:08 - 2014-11-20 23:17 - 14364672 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-31 04:08 - 2014-11-20 23:17 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-31 04:08 - 2014-11-20 23:16 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-31 04:08 - 2014-11-20 23:16 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-12-31 04:07 - 2013-07-19 14:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-12-31 04:07 - 2013-07-19 14:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-12-31 04:05 - 2014-11-05 22:50 - 01627648 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-31 04:05 - 2014-11-05 21:03 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-31 04:02 - 2013-05-26 15:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-12-31 04:02 - 2013-05-26 14:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-12-31 04:02 - 2013-05-24 19:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-12-31 04:02 - 2013-05-24 18:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-12-31 04:02 - 2013-02-02 00:40 - 00410624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlroamextension.dll
2014-12-31 04:02 - 2013-02-02 00:40 - 00370688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WWanAPI.dll
2014-12-31 04:02 - 2013-02-02 00:40 - 00197632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.Connectivity.dll
2014-12-31 04:02 - 2013-02-02 00:40 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\tasklist.exe
2014-12-31 04:02 - 2013-02-02 00:40 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskkill.exe
2014-12-31 04:02 - 2013-02-02 00:39 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-12-31 04:02 - 2013-02-02 00:38 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\duser.dll
2014-12-31 04:02 - 2013-02-02 00:24 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\taskkill.exe
2014-12-31 04:02 - 2013-02-02 00:24 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\tasklist.exe
2014-12-31 04:02 - 2013-02-02 00:23 - 00611840 _____ (Microsoft Corporation) C:\windows\system32\wpd_ci.dll
2014-12-31 04:02 - 2013-02-02 00:23 - 00543232 _____ (Microsoft Corporation) C:\windows\system32\wlroamextension.dll
2014-12-31 04:02 - 2013-02-02 00:23 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\WWanAPI.dll
2014-12-31 04:02 - 2013-02-02 00:23 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Connectivity.dll
2014-12-31 04:02 - 2013-02-02 00:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\wersvc.dll
2014-12-31 04:02 - 2013-02-02 00:21 - 00385024 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-12-31 04:02 - 2013-02-02 00:20 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\duser.dll
2014-12-31 04:02 - 2013-02-02 00:20 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\hotspotauth.dll
2014-12-31 04:02 - 2013-02-01 23:25 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-12-31 04:02 - 2012-11-26 19:57 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2014-12-31 04:02 - 2012-11-26 19:55 - 00029952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthhfHid.sys
2014-12-31 04:02 - 2012-11-07 20:24 - 00075776 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-12-31 04:02 - 2012-11-07 20:24 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-12-31 04:02 - 2012-11-07 20:20 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-12-31 04:02 - 2012-11-07 20:20 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-12-31 04:02 - 2012-11-07 20:02 - 00003072 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-12-31 04:02 - 2012-11-07 20:01 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-12-31 04:01 - 2013-02-11 16:17 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2014-12-31 04:01 - 2013-02-01 21:41 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-12-31 04:01 - 2013-02-01 21:31 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-12-31 03:55 - 2012-10-23 19:25 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\ReAgentc.exe
2014-12-31 03:55 - 2012-10-23 18:48 - 00024064 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgentc.exe
2014-12-31 03:54 - 2014-07-15 15:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-12-31 03:54 - 2014-07-11 18:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-12-31 03:54 - 2013-03-02 00:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-12-31 03:54 - 2013-03-01 18:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-12-31 03:54 - 2012-12-14 20:55 - 00443392 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2014-12-31 03:54 - 2012-11-02 21:26 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\sysreset.exe
2014-12-31 03:54 - 2012-11-02 21:25 - 00945152 _____ (Microsoft Corporation) C:\windows\system32\resetengmig.dll
2014-12-31 03:50 - 2013-10-10 01:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-12-31 03:50 - 2013-10-10 01:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-12-31 03:50 - 2013-10-10 01:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-12-31 03:50 - 2013-10-10 01:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-12-31 03:50 - 2013-10-10 01:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-12-31 03:50 - 2013-10-10 01:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-12-31 03:50 - 2013-10-10 01:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-12-31 03:38 - 2014-12-31 03:38 - 00001202 _____ () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk
2014-12-31 02:57 - 2015-01-01 13:07 - 00002476 _____ () C:\Users\Karen\Desktop\Rkill.txt
2014-12-31 02:44 - 2013-04-08 21:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-12-31 02:44 - 2013-04-08 21:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-12-31 02:44 - 2013-04-08 21:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-12-31 02:44 - 2013-04-08 21:20 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
2014-12-31 02:44 - 2013-04-08 21:20 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
2014-12-31 02:44 - 2013-04-08 21:18 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
2014-12-31 02:44 - 2013-04-08 20:52 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-12-31 02:44 - 2013-04-08 20:52 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
2014-12-31 02:44 - 2013-04-08 20:52 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-12-31 02:44 - 2013-04-08 20:52 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-12-31 02:44 - 2013-04-08 20:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-12-31 02:44 - 2013-04-08 20:51 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-12-31 02:44 - 2013-04-08 20:51 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-12-31 02:44 - 2013-04-08 20:51 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2014-12-31 02:44 - 2013-04-08 20:51 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-12-31 02:44 - 2013-04-08 20:51 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-12-31 02:44 - 2013-04-08 20:50 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
2014-12-31 02:44 - 2013-04-08 20:49 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
2014-12-31 02:44 - 2013-04-08 18:34 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2014-12-31 02:44 - 2013-04-08 18:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2014-12-31 02:44 - 2013-04-08 18:32 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-12-31 02:44 - 2013-04-08 18:31 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2014-12-31 02:44 - 2013-04-08 15:44 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2014-12-31 02:44 - 2013-04-08 15:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-12-31 02:44 - 2013-04-08 15:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-12-31 02:44 - 2013-04-08 13:52 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-12-31 02:44 - 2013-04-08 13:52 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-12-31 02:44 - 2013-04-08 13:52 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-12-31 02:44 - 2013-04-08 13:52 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-12-31 02:44 - 2013-04-08 13:51 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2014-12-31 02:44 - 2013-04-08 13:51 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2014-12-31 02:44 - 2013-04-04 15:30 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-12-31 02:44 - 2013-03-15 14:05 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-12-31 02:44 - 2013-03-15 14:05 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-12-31 02:44 - 2013-03-02 02:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-12-31 02:44 - 2013-02-02 00:40 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2014-12-31 02:44 - 2013-02-02 00:23 - 00228352 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2014-12-31 02:44 - 2013-01-09 17:40 - 00303848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-12-31 02:44 - 2012-12-12 20:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-31 02:44 - 2012-12-12 19:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-31 02:44 - 2012-11-19 20:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidi2c.sys
2014-12-31 02:44 - 2012-11-05 21:00 - 00463768 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-12-31 02:44 - 2012-10-10 21:44 - 00246272 _____ (Microsoft Corporation) C:\windows\system32\mssphtb.dll
2014-12-31 02:44 - 2012-10-10 21:44 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\mssitlb.dll
2014-12-31 02:44 - 2012-10-10 21:06 - 00094208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssitlb.dll
2014-12-31 02:44 - 2012-10-10 21:06 - 00048640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscntrs.dll
2014-12-31 02:43 - 2014-09-24 15:29 - 00318976 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-12-31 02:43 - 2014-09-24 15:29 - 00072192 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-12-31 02:43 - 2014-09-24 15:01 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-31 02:43 - 2014-09-24 15:01 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-12-31 02:43 - 2013-07-01 17:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-12-31 02:43 - 2013-07-01 17:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-12-31 02:41 - 2014-06-05 09:56 - 00112984 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-12-31 02:41 - 2014-05-29 14:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-12-31 02:41 - 2013-11-19 16:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-12-31 02:41 - 2013-11-19 15:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-12-31 02:41 - 2013-03-05 22:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-12-31 02:41 - 2012-11-02 21:26 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\dpnsvr.exe
2014-12-31 02:41 - 2012-11-02 21:26 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnsvr.exe
2014-12-31 02:41 - 2012-11-02 21:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2014-12-31 02:41 - 2012-11-02 21:24 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2014-12-31 02:41 - 2012-11-02 21:24 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnathlp.dll
2014-12-31 02:41 - 2012-10-23 19:25 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2014-12-31 02:41 - 2012-10-23 19:24 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-12-31 02:41 - 2012-10-23 19:24 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2014-12-31 02:41 - 2012-10-23 19:05 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2014-12-31 02:40 - 2012-11-02 21:24 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dpnathlp.dll
2014-12-31 02:40 - 2012-11-02 21:24 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhupnp.dll
2014-12-31 02:40 - 2012-11-02 21:24 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhpast.dll
2014-12-31 02:40 - 2012-11-02 21:24 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhupnp.dll
2014-12-31 02:40 - 2012-11-02 21:24 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhpast.dll
2014-12-31 02:40 - 2012-11-02 21:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dpnlobby.dll
2014-12-31 02:40 - 2012-11-02 21:04 - 00003584 _____ (Microsoft Corporation) C:\windows\system32\dpnaddr.dll
2014-12-31 02:40 - 2012-11-02 21:00 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnlobby.dll
2014-12-31 02:40 - 2012-11-02 21:00 - 00002560 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnaddr.dll
2014-12-31 02:39 - 2013-07-12 22:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-12-31 02:39 - 2013-07-12 22:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-12-31 02:39 - 2013-07-12 22:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2014-12-31 02:39 - 2013-07-12 22:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2014-12-31 02:39 - 2013-07-12 20:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-12-31 02:39 - 2013-07-12 20:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2014-12-31 02:39 - 2013-07-12 20:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2014-12-31 02:37 - 2014-06-06 06:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-12-31 02:37 - 2014-06-06 02:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-12-31 02:34 - 2013-04-02 15:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-12-31 02:34 - 2013-04-02 15:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-12-31 02:34 - 2013-03-14 16:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2014-12-31 02:33 - 2013-11-22 22:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-12-31 02:33 - 2013-11-22 21:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-12-31 02:33 - 2013-08-22 23:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-12-31 02:33 - 2013-08-22 17:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-12-31 02:33 - 2013-03-21 19:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-12-31 02:33 - 2013-03-21 14:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-12-31 02:32 - 2014-10-23 04:47 - 00079872 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-12-31 02:32 - 2014-10-23 03:04 - 00068096 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-12-31 02:32 - 2014-08-21 15:56 - 01418752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-12-31 02:32 - 2014-08-21 15:27 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-12-31 02:32 - 2014-06-19 15:35 - 01312768 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-12-31 02:32 - 2014-06-19 14:24 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-12-31 02:32 - 2012-10-31 20:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-12-31 02:32 - 2012-10-31 20:20 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-12-31 02:31 - 2014-11-08 03:22 - 00238080 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-12-31 02:31 - 2014-11-08 03:21 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-12-31 02:31 - 2014-11-07 22:57 - 00187904 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-12-31 02:31 - 2014-11-07 22:56 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-12-31 02:31 - 2014-10-11 00:35 - 00171840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-12-31 02:31 - 2014-10-10 23:44 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-12-31 02:31 - 2014-10-10 23:43 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-12-31 02:31 - 2014-10-10 21:57 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-12-31 02:31 - 2014-05-29 15:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-12-31 02:31 - 2014-04-12 01:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-12-31 02:31 - 2014-04-12 01:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-12-31 02:31 - 2014-04-12 01:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-12-31 02:31 - 2014-04-12 01:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-12-31 02:31 - 2014-04-12 01:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-12-31 02:31 - 2014-04-12 01:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-12-31 02:31 - 2014-04-11 23:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-12-31 02:31 - 2014-04-11 23:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-12-31 02:31 - 2014-04-11 23:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-12-31 02:31 - 2014-04-11 23:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-12-31 02:31 - 2014-04-11 23:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-12-31 02:31 - 2014-04-11 22:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-12-31 02:31 - 2014-03-03 15:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-12-31 02:31 - 2013-09-27 19:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-12-31 02:31 - 2013-03-02 01:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-12-31 02:31 - 2012-11-09 20:23 - 00132608 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-12-31 02:31 - 2012-11-09 20:22 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2014-12-31 02:31 - 2012-11-09 20:22 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2014-12-31 02:31 - 2012-11-09 20:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2014-12-31 02:31 - 2012-10-31 20:41 - 01802240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-12-31 02:31 - 2012-10-31 20:40 - 02361344 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-12-31 02:31 - 2012-10-31 20:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-12-31 02:31 - 2012-10-31 20:20 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-12-31 02:31 - 2012-10-10 23:02 - 01636672 _____ (Microsoft Corporation) C:\windows\system32\WMALFXGFXDSP.dll
2014-12-31 02:31 - 2012-10-10 21:45 - 00370176 _____ (Microsoft Corporation) C:\windows\system32\SysFxUI.dll
2014-12-31 02:30 - 2014-12-31 02:42 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-31 02:30 - 2014-12-31 02:30 - 00135384 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-31 02:30 - 2014-12-31 02:30 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-31 02:30 - 2014-10-29 23:20 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-12-31 02:30 - 2014-10-29 21:22 - 01569792 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-12-31 02:30 - 2013-10-31 21:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-12-31 02:30 - 2013-10-31 19:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-12-31 02:30 - 2012-10-10 21:19 - 00005632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmkaud.sys
2014-12-31 02:30 - 2012-10-10 21:18 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\Drivers\drmk.sys
2014-12-31 02:27 - 2014-12-31 02:27 - 00096472 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-31 02:26 - 2014-12-31 02:42 - 00000000 ____D () C:\Users\Karen\Desktop\mbar
2014-12-31 02:25 - 2014-12-31 02:25 - 00001504 _____ () C:\Users\Karen\Documents\RKreport_DEL_12312014_022509.log
2014-12-31 02:05 - 2014-10-30 03:50 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-12-31 02:03 - 2014-05-19 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-12-31 02:03 - 2014-05-19 15:45 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-12-31 02:03 - 2014-05-19 15:24 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-12-31 02:03 - 2014-05-19 15:24 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-12-31 02:03 - 2014-05-19 15:24 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-12-31 02:03 - 2013-08-15 21:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-12-31 02:03 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-12-31 02:03 - 2013-08-15 14:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-12-31 02:03 - 2012-11-05 20:20 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-12-31 02:03 - 2012-11-05 20:00 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wushareduxresources.dll
2014-12-31 02:02 - 2014-05-19 15:45 - 00629248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-12-31 02:02 - 2014-05-19 15:24 - 03286528 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-12-31 02:02 - 2014-05-19 15:24 - 01623040 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-12-31 02:02 - 2014-05-19 15:24 - 00773632 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-12-31 02:02 - 2014-05-14 14:43 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-12-31 02:02 - 2014-05-14 14:43 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-12-31 02:02 - 2014-05-14 14:42 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-12-31 02:02 - 2014-05-14 14:42 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-12-31 02:02 - 2013-02-21 16:59 - 02063240 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2014-12-31 02:02 - 2013-01-12 23:51 - 00003004 _____ () C:\ProgramData\MakeMarkerFile.xml
2014-12-31 01:52 - 2014-12-31 01:52 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-12-31 01:29 - 2014-12-31 01:29 - 00002218 _____ () C:\Users\Karen\Desktop\unhide.txt
2014-12-31 01:27 - 2014-12-31 01:28 - 00042934 _____ () C:\Users\Karen\Desktop\Show-Hidden.txt
2014-12-31 01:25 - 2014-12-31 01:25 - 00001829 _____ () C:\Users\Karen\Documents\RKreport_DEL_12312014_012449.log
2014-12-31 01:23 - 2014-12-31 01:23 - 00380416 _____ () C:\Users\Karen\Desktop\oh3g2s7q.exe
2014-12-31 01:20 - 2014-12-31 01:20 - 00398752 _____ (Bleeping Computer, LLC) C:\Users\Karen\Desktop\unhide.exe
2014-12-31 01:18 - 2014-12-31 01:18 - 01940728 _____ (Bleeping Computer, LLC) C:\Users\Karen\Desktop\rkill.exe
2014-12-31 01:18 - 2014-12-31 01:18 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-31 01:15 - 2014-12-31 01:15 - 00000000 ____D () C:\Users\Karen\AppData\Local\VS Revo Group
2014-12-31 01:15 - 2014-12-31 01:15 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-12-31 01:15 - 2014-12-31 01:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-12-31 01:15 - 2014-12-31 01:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-12-31 01:15 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\windows\system32\Drivers\revoflt.sys
2014-12-31 01:14 - 2014-12-31 01:14 - 10801480 _____ (VS Revo Group ) C:\Users\Karen\Desktop\RevoUninProSetup.exe
2014-12-31 01:11 - 2014-12-31 01:11 - 00628779 _____ () C:\Users\Karen\Desktop\GrantPerms64.zip
2014-12-31 01:10 - 2014-12-31 01:10 - 00957952 _____ (Farbar) C:\Users\Karen\Desktop\ListParts64.exe
2014-12-31 01:08 - 2014-12-31 01:08 - 15298136 _____ () C:\Users\Karen\Desktop\RogueKiller.exe
2014-12-31 01:07 - 2014-12-31 01:07 - 00852504 _____ () C:\Users\Karen\Desktop\SecurityCheck.exe
2014-12-31 01:06 - 2014-12-31 01:06 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Karen\Desktop\mbar-1.08.2.1001.exe
2014-12-31 01:05 - 2014-12-31 01:05 - 00130337 _____ () C:\Users\Karen\Desktop\getservices.zip
2014-12-31 01:04 - 2014-12-31 01:04 - 00386464 _____ (Bleeping Computer, LLC) C:\Users\Karen\Desktop\show-hidden.exe
2014-12-31 01:03 - 2014-12-31 01:03 - 03915081 _____ () C:\Users\Karen\Desktop\rcsetup151.zip
2014-12-31 01:03 - 2014-12-31 01:03 - 00593080 _____ (Sysinternals - www.sysinternals.com) C:\Users\Karen\Desktop\autoruns.exe
2014-12-31 01:01 - 2014-12-31 01:01 - 01156136 _____ (Ruiware) C:\Users\Karen\Desktop\wpsetup.exe
2014-12-31 01:01 - 2014-12-31 01:01 - 00332171 _____ () C:\Users\Karen\Desktop\GiveMePower-v2.0.exe
2014-12-31 00:33 - 2014-12-31 00:33 - 00000000 ____D () C:\Users\Karen\AppData\Roaming\Macromedia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-02 15:14 - 2012-11-14 14:52 - 00797954 _____ () C:\windows\system32\perfh00C.dat
2015-01-02 15:14 - 2012-11-14 14:52 - 00155012 _____ () C:\windows\system32\perfc00C.dat
2015-01-02 15:14 - 2012-11-14 14:46 - 00795878 _____ () C:\windows\system32\perfh00A.dat
2015-01-02 15:14 - 2012-11-14 14:46 - 00162282 _____ () C:\windows\system32\perfc00A.dat
2015-01-02 15:14 - 2012-07-25 23:28 - 02743688 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-02 14:25 - 2012-11-13 21:18 - 01986472 _____ () C:\windows\WindowsUpdate.log
2015-01-02 14:20 - 2012-11-13 22:15 - 00000000 ____D () C:\ProgramData\WinClon
2015-01-02 14:12 - 2012-07-25 23:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-02 13:38 - 2012-08-05 13:07 - 00359784 _____ () C:\windows\PFRO.log
2015-01-02 13:33 - 2012-11-13 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-01-02 13:25 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\sru
2015-01-01 13:11 - 2012-11-13 22:18 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-01 11:53 - 2012-07-26 00:12 - 00000000 __RSD () C:\windows\Media
2015-01-01 11:52 - 2012-07-25 23:21 - 00025015 _____ () C:\windows\setupact.log
2015-01-01 00:04 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\Recovery
2014-12-31 15:06 - 2012-07-26 00:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-31 15:06 - 2012-07-25 23:59 - 00000000 ____D () C:\windows\CbsTemp
2014-12-31 13:57 - 2012-11-13 22:19 - 00000000 ____D () C:\ProgramData\Temp
2014-12-31 10:58 - 2012-11-13 22:13 - 00000000 ____D () C:\ProgramData\Norton
2014-12-31 10:51 - 2012-07-25 21:38 - 00000000 ____D () C:\windows\system32\oobe
2014-12-31 10:50 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-12-31 10:49 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ToastData
2014-12-31 10:49 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\WinStore
2014-12-31 10:17 - 2012-11-13 22:12 - 00000000 ____D () C:\Users\EasySurvey
2014-12-31 09:43 - 2012-11-13 21:18 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-12-31 09:39 - 2012-11-13 21:17 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-12-31 09:25 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-12-31 07:46 - 2012-07-25 21:37 - 00000000 ____D () C:\windows\servicing
2014-12-31 07:33 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-12-31 07:25 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-31 07:25 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-12-31 07:25 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-31 07:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-31 07:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-31 07:22 - 2012-07-26 00:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-31 07:22 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-31 07:22 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-31 07:21 - 2012-07-25 23:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-31 07:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-12-31 07:18 - 2012-07-26 00:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-12-31 07:18 - 2012-07-25 21:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-12-31 07:17 - 2012-07-25 21:38 - 00000000 ____D () C:\windows\system32\Dism
2014-12-31 07:15 - 2012-11-13 22:32 - 00000000 ____D () C:\ProgramData\Atheros
2014-12-31 07:11 - 2012-07-26 00:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel
2014-12-31 04:31 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-12-31 02:07 - 2012-07-25 21:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-12-31 01:54 - 2012-11-13 22:11 - 00000000 ____D () C:\ProgramData\SAMSUNG
2014-12-31 01:40 - 2012-11-13 22:19 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-12-31 01:32 - 2012-07-26 00:12 - 00000000 ____D () C:\windows\ELAMBKUP

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe

Some content of TEMP:
====================
C:\Users\Karen\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2012-08-05 13:07

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-01-2015
Ran by Karen at 2015-01-02 19:28:46
Running from C:\Users\Karen\Desktop
Boot Mode: Safe Mode (with Networking)
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Help Desk (HKLM\...\{18BB06D9-8518-48E5-88F7-5AE1DF02546B}) (Version: 1.0.6 - Samsung Electronics CO., LTD.)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.7.2 - Samsung Electronics CO., LTD.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Revo Uninstaller Pro 3.1.2 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.2 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.51 - Samsung Electronics CO., LTD.) Hidden
Support Center (HKLM\...\{711DE117-767F-48A8-9864-66C525B9539F}) (Version: 2.1.1223 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass  (07/27/2012 20.57.1.735) (HKLM\...\9F04C462DAB591BDCCE784F77E4D4F1736010B92) (Version: 07/27/2012 20.57.1.735 - Samsung Electronics Co. Ltd.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

31-12-2014 01:54:03 Installed SW Update
31-12-2014 08:01:39 Revo Uninstaller Pro's restore point - Symantec
31-12-2014 08:04:10 Revo Uninstaller Pro's restore point - AccountPictures
31-12-2014 08:05:43 Revo Uninstaller Pro's restore point - Documents
31-12-2014 08:34:44 Revo Uninstaller Pro's restore point - Norton Online Backup ARA
31-12-2014 08:38:40 Revo Uninstaller Pro's restore point - SymSilent
31-12-2014 08:41:08 Revo Uninstaller Pro's restore point - Windows Live Essentials
31-12-2014 09:05:51 Revo Uninstaller Pro's restore point - Windows Live Essentials
31-12-2014 09:20:52 Revo Uninstaller Pro's restore point - Windows Live Essentials
31-12-2014 09:22:41 Revo Uninstaller Pro's restore point - Windows Live Essentials
31-12-2014 09:33:07 Revo Uninstaller Pro's restore point - CyberLink Power2Go 8
31-12-2014 09:39:17 Revo Uninstaller Pro's restore point - E-POP
31-12-2014 09:40:56 Revo Uninstaller Pro's restore point - Easy File Share
31-12-2014 09:41:31 Removed Easy File Share
31-12-2014 10:16:14 Revo Uninstaller Pro's restore point - Public
31-12-2014 13:08:33 Revo Uninstaller Pro's restore point - Xerox PhotoCafe
31-12-2014 13:11:48 Revo Uninstaller Pro's restore point - CardRecovery 6.10
02-01-2015 13:29:19 Revo Uninstaller Pro's restore point - Settings
02-01-2015 13:30:44 Removed Settings

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2014-12-31 02:24 - 00000768 ____A C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A53F9CE-4799-463D-9D29-2BB079D8C594} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {0CE19F53-1969-4ECB-84F8-3D50164931E9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {10A298B7-5547-4390-BC2E-B98AE06835A2} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2012-10-14] (SEC)
Task: {2747A020-498A-4986-BF33-B7C4943583A4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-11-27] (Microsoft Corporation)
Task: {2B28C24F-B0BE-4C99-B36C-86D978B61BD3} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {5CE2826D-E398-43A9-BF9A-69B837EF085E} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {AC2F9DA9-C28A-4E37-AA77-A32686E4AC9F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {B849690A-86E9-4BC3-A5B3-E774B584E504} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-29] (Samsung Electronics CO., LTD.)
Task: {FF9E478E-75EC-4742-9687-C643E1342ACC} - \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task No Task File <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"

========================= Accounts: ==========================

Administrator (S-1-5-21-2961404673-414218333-4232183137-500 - Administrator - Disabled)
Guest (S-1-5-21-2961404673-414218333-4232183137-501 - Limited - Disabled)
Karen (S-1-5-21-2961404673-414218333-4232183137-1001 - Administrator - Enabled) => C:\Users\Karen
Me (S-1-5-21-2961404673-414218333-4232183137-1002 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Description: Qualcomm Atheros AR3012 Bluetooth 4.0 + HS
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Qualcomm Atheros Communications
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/02/2015 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashUtil_ActiveX.exe, version: 16.0.0.235, time stamp: 0x546fd94a
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b4864c
Exception code: 0xc0000005
Fault offset: 0x0000000000005526
Faulting process id: 0x9f4
Faulting application start time: 0xFlashUtil_ActiveX.exe0
Faulting application path: FlashUtil_ActiveX.exe1
Faulting module path: FlashUtil_ActiveX.exe2
Report Id: FlashUtil_ActiveX.exe3
Faulting package full name: FlashUtil_ActiveX.exe4
Faulting package-relative application ID: FlashUtil_ActiveX.exe5

Error: (01/02/2015 03:11:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" ; Description = Revo Uninstaller Pro's restore point - Recuva; Error = 0x8007043c).

Error: (01/02/2015 02:35:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 10.0.9200.17183, time stamp: 0x546ebc2a
Faulting module name: MFMediaEngine.dll, version: 6.2.9200.16578, time stamp: 0x515f8daf
Exception code: 0xc0000005
Fault offset: 0x0001c3ff
Faulting process id: 0x6f0
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (01/02/2015 02:35:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1".Error in manifest or policy file "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" on line C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest.
Component 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest.

Error: (01/02/2015 02:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: Activation of app winstore_cw5n1h2txyewy!Windows.Store failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/02/2015 02:30:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: Activation of app winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/02/2015 02:30:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: Activation of app winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/02/2015 02:30:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: Activation of app winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/02/2015 01:29:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface.  hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {36c39edd-a73e-43ce-b2b5-dc4dc092c435}

Error: (01/01/2015 11:51:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.2.9200.16420, time stamp: 0x505a9a4e
Faulting module name: ntdll.dll, version: 6.2.9200.17046, time stamp: 0x53b4864c
Exception code: 0xc0000008
Fault offset: 0x0000000000004bf9
Faulting process id: 0x690
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

System errors:
=============
Error: (01/02/2015 07:27:53 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:27:43 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:27:34 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:27:21 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:27:11 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:24:36 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:21:33 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (01/02/2015 07:19:15 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/02/2015 07:19:04 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084WSearchUnavailable{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (01/02/2015 07:19:04 PM) (Source: DCOM) (EventID: 10005) (User: Samsung)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Microsoft Office Sessions:
=========================
Error: (01/02/2015 05:40:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: FlashUtil_ActiveX.exe16.0.0.235546fd94antdll.dll6.2.9200.1704653b4864cc000000500000000000055269f401d026f6513b54faC:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exeC:\windows\SYSTEM32\ntdll.dll8f105757-92e9-11e4-be98-208984178b4f

Error: (01/02/2015 03:11:56 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe" Revo Uninstaller Pro's restore point - Recuva0x8007043c

Error: (01/02/2015 02:35:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE10.0.9200.17183546ebc2aMFMediaEngine.dll6.2.9200.16578515f8dafc00000050001c3ff6f001d026db90fb8ed5C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\MFMediaEngine.dlla3276863-92cf-11e4-be98-208984178b4f

Error: (01/02/2015 02:35:19 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Karen\Desktop\SoftonicDownloader_for_m3-format-recovery-free.exe

Error: (01/02/2015 02:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: winstore_cw5n1h2txyewy!Windows.Store-2144927149

Error: (01/02/2015 02:30:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store-2144927149

Error: (01/02/2015 02:30:56 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store-2144927149

Error: (01/02/2015 02:30:31 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Samsung)
Description: winstore_1.0.0.0_neutral_neutral_cw5n1h2txyewy:Windows.Store-2144927149

Error: (01/02/2015 01:29:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Access is denied.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {36c39edd-a73e-43ce-b2b5-dc4dc092c435}

Error: (01/01/2015 11:51:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.2.9200.16420505a9a4entdll.dll6.2.9200.1704653b4864cc00000080000000000004bf969001d025fc5149e9b6C:\windows\system32\svchost.exeC:\windows\SYSTEM32\ntdll.dll92276a4c-91ef-11e4-be92-208984178b4f

==================== Memory info ===========================

Processor: AMD A4-4300M APU with Radeon™ HD Graphics
Percentage of memory in use: 26%
Total physical RAM: 3801.67 MB
Available physical RAM: 2782.89 MB
Total Pagefile: 7257.67 MB
Available Pagefile: 6405.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.61 GB) (Free:386.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E97AD8B9)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:30 AM

Posted 03 January 2015 - 01:37 PM

Ok, thanks for the logs. They look ok. As far as the rootkit goes: probably a false positive. You can upload it to this website:

 

http://virusscan.jotti.org/en

 

Go to the website and using the browse button find the file located here: C:\Windows\System32\drivers\mouclass.sys Then upload mouclass.sys using the Submit File button. Once the scan is done you can copy/paste the URL (the http://.....) in your reply. If the scan results all say nothing found then dont worry about it.

 

If the file/folders are not visable you can change that setting, directions:

 

http://www.sevenforums.com/tutorials/394-hidden-files-folders-show-hide.html


How Can I Reduce My Risk to Malware?


#5 shelf life

shelf life

  • Malware Response Team
  • 2,646 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:07:30 AM

Posted 06 January 2015 - 07:54 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users