Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

2 computers, apparently 2 malware problems


  • This topic is locked This topic is locked
22 replies to this topic

#1 steveo5108

steveo5108

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 15 January 2015 - 11:34 AM

I have a desktop with Win7 Home Premium and a Lenovo laptop with Win7 Pro, both running Panda Global Protection (2014, then installed 2015 after problems started).  Both recently started showing symptoms that seem to associated with Poweliks or similar malware:

 

- Sluggish operation with unexplained high resource usage (CPU often at 100%, high memory and HD usage)

- Changes to internet security settings to disable downloads ("Your current security settings do not allow..." message)

- On 2 mornings, found multiple 'Google Chrome has stopped working' messages; Chrome is not installed.

- Disappearing cookies and browser history  

 

Fortunately, it was feasible to restore the laptop to original condition with Lenovo recovery disks.  It ran fine for a couple of days but then became slow again.  Task Manager showed a number of processes named kanuqrua.exe with the description "Google Chrome".  Stopping a process just caused one or more new ones to start.  I found a temporary fix by finding and renaming the .exe file and then stopping the processes.  This gets rid of them until a restart.  This symptom is similar to another recent post in this forum except for the name of the .exe file.

 

The desktop still has the original symptoms.  Neither Panda nor Windows Defender find any problems.  Help would be enormously appreciated.

 

Thanks, Steve



BC AdBot (Login to Remove)

 


#2 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 15 January 2015 - 03:13 PM

Hey my friend. :)

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#3 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 15 January 2015 - 05:26 PM

Happy to hear from you.  Should have mentioned both machines are 64-bit.

 

The following logs are from the desktop, my higher priority.  Should we ignore the laptop for now, or should I perhaps start another topic for it?  What's your preference?

 

FRST.txt for desktop:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 15-01-2015 17:14:48
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHMA.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Pantone & GretagMacbeth) C:\Program Files (x86)\Pantone\huey\hueyTray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyTray.lnk
ShortcutTarget: hueyTray.lnk -> C:\Program Files (x86)\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKLM-x32 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652_maps-directionsORG-AD&ptb=F9927D23-348D-444C-8820-B588A5756134&ind=2014042708&n=780bda54&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKU\S-1-5-21-1320356333-3106105416-4248564086-1000 -> {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = http://search.tb.ask.com/search/GGmain.jhtml?p2=^UX^xdm423^YYA^us&si=250652_maps-directionsORG-AD&ptb=F9927D23-348D-444C-8820-B588A5756134&ind=2014042708&n=780bda54&psa=&st=sb&searchfor={searchTerms}
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1320356333-3106105416-4248564086-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-19] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows ® Win 7 DDK provider)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 17:14 - 2015-01-15 17:15 - 00014412 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-15 17:14 - 2015-01-15 17:14 - 00000000 ____D () C:\FRST
2015-01-15 17:03 - 2015-01-15 17:03 - 02125312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-01-15 11:48 - 2015-01-15 11:48 - 00000472 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2015-01-15 11:48 - 2015-01-15 11:48 - 00000000 _____ () C:\Users\Owner\defogger_reenable
2015-01-15 11:45 - 2015-01-15 11:45 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2015-01-13 20:40 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:40 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:40 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:40 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:40 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:40 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 20:40 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 12:42 - 2015-01-09 12:42 - 00291176 _____ () C:\Windows\Minidump\010915-30685-01.dmp
2015-01-08 08:28 - 2015-01-08 08:28 - 00291136 _____ () C:\Windows\Minidump\010815-19827-01.dmp
2015-01-07 23:34 - 2015-01-08 07:07 - 00000394 ____H () C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job
2015-01-07 23:34 - 2015-01-07 23:34 - 00003250 _____ () C:\Windows\System32\Tasks\{2A732595-8385-4EA7-BE82-013362468642}
2015-01-07 14:38 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-07 14:37 - 2015-01-07 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Panda Security
2015-01-07 14:36 - 2015-01-07 14:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-07 14:36 - 2015-01-07 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-07 14:24 - 2015-01-07 14:37 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-07 11:03 - 2015-01-07 11:03 - 00000000 ____D () C:\Panda Security
2015-01-05 14:12 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-05 14:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-05 14:12 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-05 14:12 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-05 14:11 - 2015-01-05 14:12 - 00004596 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-30 17:50 - 2014-12-30 17:50 - 00007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-12-30 07:22 - 2014-12-30 07:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 15:56 - 2014-12-25 15:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Acer
2014-12-25 15:52 - 2014-12-25 15:52 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-12-25 15:47 - 2014-12-25 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Leader Technologies
2014-12-25 15:31 - 2014-12-28 09:23 - 00000000 ____D () C:\Program Files (x86)\LTCM Client
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-12-18 04:10 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 04:10 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 18:26 - 2014-12-26 18:36 - 00000000 ____D () C:\Users\Owner\Documents\Calendar15

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 16:43 - 2014-03-17 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 16:37 - 2014-03-17 13:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 16:11 - 2014-03-17 10:11 - 01110515 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 15:15 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:15 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 15:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-15 15:08 - 2014-03-17 13:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 15:07 - 2014-03-28 16:28 - 00008822 _____ () C:\Windows\setupact.log
2015-01-15 15:07 - 2014-03-17 10:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 15:07 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 11:48 - 2014-03-17 10:12 - 00000000 ____D () C:\Users\Owner
2015-01-15 11:43 - 2014-03-17 13:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 11:43 - 2014-03-17 13:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 11:43 - 2014-03-17 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-15 10:56 - 2014-06-24 01:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-14 03:04 - 2014-03-17 11:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2014-03-17 11:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 17:01 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SolSuite
2015-01-11 16:40 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 12:42 - 2014-03-26 09:29 - 477796871 _____ () C:\Windows\MEMORY.DMP
2015-01-09 12:42 - 2014-03-26 09:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-09 09:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-08 14:59 - 2014-03-21 15:25 - 01095675 _____ () C:\Users\Owner\AppData\Roaming\PS12_panel.log
2015-01-08 07:06 - 2009-07-13 23:45 - 04977152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-07 16:54 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 14:37 - 2014-03-17 10:37 - 00081136 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 14:24 - 2010-11-20 22:47 - 00039452 _____ () C:\Windows\PFRO.log
2015-01-07 10:39 - 2014-03-17 15:18 - 00000000 ____D () C:\Users\Owner\Downloads\Panda
2015-01-07 06:01 - 2014-03-17 16:31 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 14:54 - 2014-12-14 16:37 - 00017984 _____ () C:\Users\Owner\Documents\Savings Bonds_htm.htm
2015-01-05 14:12 - 2014-03-17 13:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-05 14:03 - 2014-03-17 15:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-02 09:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 09:06 - 2014-03-18 14:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-27 08:48 - 2014-03-17 13:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-25 15:42 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Info
2014-12-25 15:41 - 2014-03-18 13:40 - 00000095 _____ () C:\Windows\EART1430.ini
2014-12-25 15:31 - 2014-03-18 13:51 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-25 15:31 - 2014-03-18 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-25 15:24 - 2014-03-18 13:42 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-12-25 15:24 - 2014-03-17 16:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 10:51 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Calendar13
2014-12-21 09:36 - 2014-03-18 14:09 - 00001456 _____ () C:\Users\Owner\Sti_Trace.log
2014-12-16 13:21 - 2014-03-17 13:45 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Adobe

Files to move or delete:
====================
C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\_isCC45.exe
C:\Users\Owner\AppData\Local\Temp\_isEC43.exe
C:\Users\Owner\AppData\Local\Temp\{790F86D7-B532-4563-AB90-5051F73074B3}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 00:35

==================== End Of Log ============================

 

Addition.txt for desktop:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Owner at 2015-01-15 17:16:00
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Global Protection 2015 (Disabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Global Protection 2015 (Disabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

ABBYY FineReader 6.0 Sprint (HKLM-x32\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Across Lite (HKLM-x32\...\{975EA987-5D79-4A1C-AD71-D27B28347B48}) (Version: 2.0.5 - Literate Software)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Ashampoo Burning Studio 14 (HKLM-x32\...\{91B33C97-7BCF-CDFE-4321-58EBF3E8641C}_is1) (Version: 14.0.9 - Ashampoo GmbH & Co. KG)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{3A3A3B34-6EA2-4031-8580-D66D29533E89}) (Version: 3.4.0 - SEIKO EPSON CORPORATION)
EPSON Artisan 1430 Series Printer Uninstall (HKLM\...\EPSON Artisan 1430 Series) (Version:  - SEIKO EPSON Corporation)
Epson Connect (HKLM-x32\...\{64BA551C-9AF6-495C-93F3-D1270E0045FC}) (Version:  - )
Epson Copy Utility 3.5 (HKLM-x32\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.0.0.0 - SEIKO EPSON CORPORATION)
EPSON Perfection V500 Photo Scanner Driver Update (HKLM-x32\...\{25653817-9502-41A5-A24D-FED750611E98}) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
huey 1.0.5 (HKLM-x32\...\huey_is1) (Version:  - Pantone & GretagMacbeth)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
LibreOffice 4.2.2.1 (HKLM-x32\...\{0ECDB550-79ED-4E9E-851B-19A8B2B4EBFA}) (Version: 4.2.2.1 - The Document Foundation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
NVIDIA 3D Vision Controller Driver 314.07 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.07 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA Graphics Driver 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Global Protection 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Global Protection 2015 (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 3.0 - Qualcomm Atheros)
Software Updater (HKLM-x32\...\{B9802DDC-53FD-4D44-A81D-49DC80448614}) (Version: 4.2.6 - SEIKO EPSON CORPORATION)
SolSuite 2014 v14.5 (HKLM-x32\...\SolSuite_is1) (Version: 14.5 - TreeCardGames)
Uninstall Tact-2.0 S V1.0.64F9 (HKLM-x32\...\Tact-2.0 S V1.0.64F9) (Version:  - )
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.7-6 - Wacom Technology Corp.)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WordZap Deluxe 6.90 (HKLM-x32\...\WordZap Deluxe 6.90) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1320356333-3106105416-4248564086-1000_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-1320356333-3106105416-4248564086-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 251 more characters). <==== Poweliks?

==================== Restore Points  =========================

05-01-2015 14:11:04 Installed Java 7 Update 71
06-01-2015 02:37:30 Windows Update
09-01-2015 09:08:54 Windows Update
13-01-2015 20:39:54 Windows Update
14-01-2015 03:00:12 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {134E86D6-412B-4422-856B-1A4787D3906A} - System32\Tasks\AdobeAAMUpdater-1.0-Owner-PC-Owner => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {3AB30120-4397-4DC8-ADD5-0F81EBB12481} - System32\Tasks\{2A732595-8385-4EA7-BE82-013362468642} => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe [2014-10-13] (Panda Security, S.L.)
Task: {54C5162A-86F4-4C10-8852-DE322E7DB16E} - System32\Tasks\Leader Technologies\LTCM Client\New Message Check - Owner => C:\Program Files (x86)\LTCM Client\ltcmClient.exe
Task: {57E64027-F94E-45B1-881C-3BBADC30F610} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {5D8CC50A-BBD3-490B-BB8E-9F6673D257AD} - System32\Tasks\{FD9008EB-9F2B-4D67-8834-3651BC8E27DA} => C:\Program Files (x86)\WEP\TP.EXE [1996-10-23] ()
Task: {6108D728-6CB6-49B6-B775-8761C73BE239} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: {6926C37E-377D-4E5D-99A0-D55304FE3166} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-15] (Adobe Systems Incorporated)
Task: {7E7064B2-D4EA-409D-AEAD-3C94AD385342} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {7EB90CB2-40B7-4B7C-A498-E9CCCB22FA81} - System32\Tasks\{CD8A29AB-B01B-402E-8F81-02A6B6FD0C5E} => C:\Program Files (x86)\WEP\TP.EXE [1996-10-23] ()
Task: {9ABEF3F3-4B9E-425E-ACEE-468ADE86E5EE} - System32\Tasks\{0D033DB4-4E04-4F70-8A88-3C471AC9FABD} => C:\Program Files (x86)\WEP\TP.EXE [1996-10-23] ()
Task: {B6FA0869-27D4-4277-94F4-2C62A7C75005} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-03-17] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job => C:\Program Files (x86)\Panda Security\Panda Security Protection\JobLauncher.exe

==================== Loaded Modules (whitelisted) =============

2014-03-17 10:17 - 2014-03-04 08:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-18 19:56 - 2013-12-04 11:35 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Owner\Documents\Candidate Bio.eml:OECustomProperty
AlternateDataStreams: C:\Users\Owner\Documents\January.eml:OECustomProperty
AlternateDataStreams: C:\Users\Owner\Documents\ORSAOrientation.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true

========================= Accounts: ==========================

Administrator (S-1-5-21-1320356333-3106105416-4248564086-500 - Administrator - Disabled)
Guest (S-1-5-21-1320356333-3106105416-4248564086-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1320356333-3106105416-4248564086-1003 - Limited - Enabled)
Owner (S-1-5-21-1320356333-3106105416-4248564086-1000 - Administrator - Enabled) => C:\Users\Owner
UpdatusUser (S-1-5-21-1320356333-3106105416-4248564086-1001 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 03:08:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/15/2015 00:43:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: fcc

Start Time: 01d030eabc1b7c18

Termination Time: 160

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/15/2015 10:45:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 03:21:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/12/2015 07:06:25 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 04:41:27 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/11/2015 00:23:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/10/2015 01:12:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bcbb4
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x001202bc
Faulting process id: 0xea0
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/10/2015 00:05:00 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iexplore.exe, version: 11.0.9600.17496, time stamp: 0x4a5bc100
Faulting module name: MSHTML.dll, version: 11.0.9600.17496, time stamp: 0x546ff2f9
Exception code: 0xc00000fd
Fault offset: 0x000a3849
Faulting process id: 0x1c28
Faulting application start time: 0xiexplore.exe0
Faulting application path: iexplore.exe1
Faulting module path: iexplore.exe2
Report Id: iexplore.exe3

Error: (01/10/2015 10:20:38 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/15/2015 05:03:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (01/15/2015 03:33:40 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 80.

Error: (01/15/2015 03:08:16 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/15/2015 00:40:07 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 11.

Error: (01/15/2015 00:36:20 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 40.

Error: (01/15/2015 00:32:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {88F5E7B2-09B9-471E-895A-25247585905C}

Error: (01/15/2015 10:58:04 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (01/15/2015 10:57:40 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (01/15/2015 10:47:40 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Error: (01/15/2015 10:47:29 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16398) (User: NT AUTHORITY)
Description: A new BITS job could not be created. The current job count for the user Owner-PC\Owner (60) is equal to or greater than the job limit (60) specified through group policy.  To correct the problem, complete or cancel the BITS jobs that haven't made progress by looking at the error, and restart the BITS service. If this error recurs, contact your system administrator and increate the per-user and per-computer Group Policy job limits.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Pentium® Dual CPU E2180 @ 2.00GHz
Percentage of memory in use: 45%
Total physical RAM: 4092.91 MB
Available physical RAM: 2246.32 MB
Total Pagefile: 8184 MB
Available Pagefile: 6095.69 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (500GB Seagate) (Fixed) (Total:465.76 GB) (Free:331.42 GB) NTFS
Drive d: (500GB Spare) (Fixed) (Total:465.75 GB) (Free:412.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9A9E9A9E)
Partition 1: (Active) - (Size=465.8 GB) - (Type=42)
Partition 2: (Not Active) - (Size=9 MB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E985C10E)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Thanks again,

Steve



#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 16 January 2015 - 07:54 AM

We will clean the one pc after we have cleaned this system. :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#5 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 16 January 2015 - 01:00 PM

# AdwCleaner v4.107 - Report created 16/01/2015 at 09:40:45
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Owner\AppData\Local\Surf_Canyon
Folder Deleted : C:\Users\Owner\AppData\LocalLow\iac

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Key Deleted : HKCU\Software\SaveDailyDeals
Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon
Key Deleted : HKCU\Software\AppDataLow\Software\PassShow
Key Deleted : HKLM\SOFTWARE\InstallIQ
Key Deleted : HKLM\SOFTWARE\Surf Canyon
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\surfcanyon.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.surfcanyon.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

-\\ Google Chrome v

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?query={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [2710 octets] - [16/01/2015 09:31:39]
AdwCleaner[S0].txt - [2512 octets] - [16/01/2015 09:40:45]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2572 octets] ##########

 

*****

Malwarebytes scan log is attached.

*****

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Owner on Fri 01/16/2015 at 11:16:24.69
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\MapsGalaxy_39.ToolbarProtector.1

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/16/2015 at 11:46:43.74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

*****

This is all of FRST.txt:

*****

 

LastRegBack: 2015-01-14 00:35

==================== End Of Log ============================

Attached Files



#6 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 16 January 2015 - 01:09 PM

Please redownload FRST and post the log here. Please post the MBAM Log into the thread rather than attaching it. :)

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#7 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 16 January 2015 - 02:35 PM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/16/2015
Scan Time: 10:15:31 AM
Logfile: MWBscanlog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.16.06
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368416
Time Elapsed: 28 min, 43 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1320356333-3106105416-4248564086-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{71C1D63A-C944-428A-A5BD-BA513190E5D2}, Quarantined, [39184ea98207b97dfefd26c712f037c9],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-1320356333-3106105416-4248564086-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\MapsGalaxy_39, Quarantined, [ef620ee9107981b565ea7d1d20e33bc5],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Adware.Agent, C:\Users\Owner\Downloads\mp4PlayerSetup.exe, Quarantined, [53feb93e00890036ddf36424d52be21e],

Physical Sectors: 0
(No malicious items detected)

(end)

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 16-01-2015 14:23:13
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_IATIHMA.EXE
(Pantone & GretagMacbeth) C:\Program Files (x86)\Pantone\huey\hueyTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_257_ActiveX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\logagent.exe
(Microsoft Corporation) C:\Windows\SysWOW64\systray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dplaysvr.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyTray.lnk
ShortcutTarget: hueyTray.lnk -> C:\Program Files (x86)\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1320356333-3106105416-4248564086-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1320356333-3106105416-4248564086-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-19] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows ® Win 7 DDK provider)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:23 - 2015-01-16 14:24 - 00014605 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-16 14:09 - 2015-01-16 14:09 - 02125312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-01-16 14:00 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-16 11:46 - 2015-01-16 11:46 - 00000811 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-01-16 11:16 - 2015-01-16 11:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 11:11 - 2015-01-16 11:12 - 01707939 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-01-16 10:10 - 2015-01-16 12:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:10 - 2015-01-16 10:10 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 10:10 - 2015-01-16 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 10:09 - 2015-01-16 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 10:09 - 2015-01-16 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 10:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 10:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 10:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 10:01 - 2015-01-16 10:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 09:31 - 2015-01-16 09:42 - 00000000 ____D () C:\AdwCleaner
2015-01-16 09:26 - 2015-01-16 09:26 - 02191360 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2015-01-15 17:16 - 2015-01-15 17:16 - 00022025 _____ () C:\Users\Owner\Desktop\Additionold.txt
2015-01-15 17:14 - 2015-01-16 14:23 - 00000000 ____D () C:\FRST
2015-01-15 17:14 - 2015-01-16 12:36 - 00026939 _____ () C:\Users\Owner\Desktop\FRSTold.txt
2015-01-15 11:48 - 2015-01-15 11:48 - 00000472 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2015-01-15 11:48 - 2015-01-15 11:48 - 00000000 _____ () C:\Users\Owner\defogger_reenable
2015-01-15 11:45 - 2015-01-15 11:45 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2015-01-13 20:40 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:40 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:40 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:40 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:40 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:40 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 20:40 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 12:42 - 2015-01-09 12:42 - 00291176 _____ () C:\Windows\Minidump\010915-30685-01.dmp
2015-01-08 08:28 - 2015-01-08 08:28 - 00291136 _____ () C:\Windows\Minidump\010815-19827-01.dmp
2015-01-07 23:34 - 2015-01-08 07:07 - 00000394 ____H () C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job
2015-01-07 23:34 - 2015-01-07 23:34 - 00003250 _____ () C:\Windows\System32\Tasks\{2A732595-8385-4EA7-BE82-013362468642}
2015-01-07 14:37 - 2015-01-07 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Panda Security
2015-01-07 14:36 - 2015-01-07 14:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-07 14:36 - 2015-01-07 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-07 14:24 - 2015-01-07 14:37 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-07 11:03 - 2015-01-07 11:03 - 00000000 ____D () C:\Panda Security
2015-01-05 14:12 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-05 14:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-05 14:12 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-05 14:12 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-05 14:11 - 2015-01-05 14:12 - 00004596 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-30 17:50 - 2014-12-30 17:50 - 00007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-12-30 07:22 - 2014-12-30 07:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 15:56 - 2014-12-25 15:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Acer
2014-12-25 15:52 - 2014-12-25 15:52 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-12-25 15:47 - 2014-12-25 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Leader Technologies
2014-12-25 15:31 - 2014-12-28 09:23 - 00000000 ____D () C:\Program Files (x86)\LTCM Client
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-12-18 04:10 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 04:10 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 14:07 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:07 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 14:03 - 2014-03-17 10:11 - 01188995 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 13:59 - 2014-03-28 16:28 - 00009214 _____ () C:\Windows\setupact.log
2015-01-16 13:59 - 2014-03-17 13:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 13:59 - 2014-03-17 10:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 13:59 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 13:03 - 2010-11-20 22:47 - 00040710 _____ () C:\Windows\PFRO.log
2015-01-16 12:43 - 2014-03-17 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 12:37 - 2014-03-17 13:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 10:46 - 2014-03-17 16:28 - 00000000 ____D () C:\Windows\FltMgr
2015-01-16 09:31 - 2014-06-24 01:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-15 15:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-15 11:48 - 2014-03-17 10:12 - 00000000 ____D () C:\Users\Owner
2015-01-15 11:43 - 2014-03-17 13:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 11:43 - 2014-03-17 13:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 11:43 - 2014-03-17 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 03:04 - 2014-03-17 11:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2014-03-17 11:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 17:01 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SolSuite
2015-01-11 16:40 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 12:42 - 2014-03-26 09:29 - 477796871 _____ () C:\Windows\MEMORY.DMP
2015-01-09 12:42 - 2014-03-26 09:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-09 09:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-08 14:59 - 2014-03-21 15:25 - 01095675 _____ () C:\Users\Owner\AppData\Roaming\PS12_panel.log
2015-01-08 07:06 - 2009-07-13 23:45 - 04977152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-07 16:54 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 14:37 - 2014-03-17 10:37 - 00081136 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 10:39 - 2014-03-17 15:18 - 00000000 ____D () C:\Users\Owner\Downloads\Panda
2015-01-07 06:01 - 2014-03-17 16:31 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 14:54 - 2014-12-14 16:37 - 00017984 _____ () C:\Users\Owner\Documents\Savings Bonds_htm.htm
2015-01-05 14:12 - 2014-03-17 13:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-05 14:03 - 2014-03-17 15:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-02 09:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 09:06 - 2014-03-18 14:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-27 08:48 - 2014-03-17 13:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 18:36 - 2014-12-16 18:26 - 00000000 ____D () C:\Users\Owner\Documents\Calendar15
2014-12-25 15:42 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Info
2014-12-25 15:41 - 2014-03-18 13:40 - 00000095 _____ () C:\Windows\EART1430.ini
2014-12-25 15:31 - 2014-03-18 13:51 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-25 15:31 - 2014-03-18 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-25 15:24 - 2014-03-18 13:42 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-12-25 15:24 - 2014-03-17 16:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 10:51 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Calendar13
2014-12-21 09:36 - 2014-03-18 14:09 - 00001456 _____ () C:\Users\Owner\Sti_Trace.log

Files to move or delete:
====================
C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job

Some content of TEMP:
====================
C:\Users\Owner\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Owner\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Owner\AppData\Local\Temp\ose00000.exe
C:\Users\Owner\AppData\Local\Temp\Quarantine.exe
C:\Users\Owner\AppData\Local\Temp\sqlite3.dll
C:\Users\Owner\AppData\Local\Temp\_isCC45.exe
C:\Users\Owner\AppData\Local\Temp\_isEC43.exe
C:\Users\Owner\AppData\Local\Temp\{790F86D7-B532-4563-AB90-5051F73074B3}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 00:35

==================== End Of Log ============================



#8 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 16 January 2015 - 02:39 PM

Hey, :)

Step 1: FRST Fix
  • Please open Notepad.exe. Make sure that you don't use any other software than Notepad.exe!
  • Copy and Paste the content of the codebox below into the empty textfile:

    HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [AdobeBridge] => [X]
    HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
    HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1320356333-3106105416-4248564086-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
    C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job
    EmptyTemp:
  • Then click on File >> Save as
    • File Name: Fixlist.txt
    • From the Save as type drop down list, choose All Files
  • It is very important that you save this textfile on your Desktop!
Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe (Note: If FRST advises there is a new updated version to be downloaded, allow this.)and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply
Step 2: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.
Step 3: ESET

Please run a free online scan with the ESET Online Scanner:

IMPORTANT: You MUST use Internet Explorer for this step!
  • Visit the ESET Online Scanner Web Page
  • Select the blue Run ESET Online Scanner button:
    ESET1_zps23a5e840.png
  • Tick the box next to YES, I accept the Terms of Use and click Start
    ESET_EULA2_zps9451f1c3.png
  • When asked, allow the ActiveX control to install.
  • Select Enable detection of potentially unwanted applications and select Advanced Settings:
    ESET2_zpsc701c045.png
  • Make sure to check the options Remove found threats and Enable Anti-Stealth technology are checked:
    ESET4_zps0afafd0d.png
  • Click Start. (This scan can take several hours, so please be patient):
    ESET3_zpsccd1657d.png
  • Once the scan is completed, select List of found threats:
    ESET5_zpsd27be299.png
  • Select Export to text file... and save the file as ESETlog.txt on your Desktop:
    ESET6_zpsc17d154e.png
  • Click the Back button.
  • Click the Finish button:
    ESET9_zps51587217.png
  • Use Notepad to open the saved log file (on your Desktop- ESET.txt)[/b]
  • Copy and paste that log as a reply to this topic.
Step 4: Question

How is your PC running?

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#9 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 17 January 2015 - 11:21 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2015 01
Ran by Owner at 2015-01-16 16:35:07 Run:1
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHMA.EXE [283232 2012-02-29] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml.dll,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf> (the data entry has 243 more characters). <==== Poweliks!
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1320356333-3106105416-4248564086-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job
EmptyTemp:
*****************

HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge => value deleted successfully.
HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EPLTarget\P0000000000000000 => value deleted successfully.
"HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-1320356333-3106105416-4248564086-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-21-1320356333-3106105416-4248564086-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
C:\Windows\Tasks\{2A732595-8385-4EA7-BE82-013362468642}.job => Moved successfully.
EmptyTemp: => Removed 13.6 GB temporary data.

The system needed a reboot.

==== End of Fixlog 17:44:35 ====

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Owner (administrator) on OWNER-PC on 16-01-2015 17:54:11
Running from C:\Users\Owner\Desktop
Loaded Profiles: Owner & UpdatusUser (Available profiles: Owner & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Pantone & GretagMacbeth) C:\Program Files (x86)\Pantone\huey\hueyTray.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\hueyTray.lnk
ShortcutTarget: hueyTray.lnk -> C:\Program Files (x86)\Pantone\huey\hueyTray.exe (Pantone & GretagMacbeth)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin HKU\S-1-5-21-1320356333-3106105416-4248564086-1000: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)

Chrome:
=======
CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Google Wallet) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-17]
CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [621336 2013-12-04] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 NmPar; C:\Windows\System32\DRIVERS\NmPar.sys [95744 2010-01-19] (Windows ® Codename Longhorn DDK provider)
R3 nmserial; C:\Windows\System32\DRIVERS\nmserial.sys [75264 2012-01-12] (Windows ® Win 7 DDK provider)
R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
S3 Prot6Flt; system32\DRIVERS\Prot6Flt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 17:54 - 2015-01-16 17:54 - 00012738 _____ () C:\Users\Owner\Desktop\FRST.txt
2015-01-16 14:26 - 2015-01-16 14:29 - 00016829 _____ () C:\Users\Owner\Desktop\Addition2.txt
2015-01-16 14:23 - 2015-01-16 14:29 - 00027283 _____ () C:\Users\Owner\Desktop\FRST2.txt
2015-01-16 14:09 - 2015-01-16 14:09 - 02125312 _____ (Farbar) C:\Users\Owner\Desktop\FRST64.exe
2015-01-16 14:00 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-16 11:46 - 2015-01-16 11:46 - 00000811 _____ () C:\Users\Owner\Desktop\JRT.txt
2015-01-16 11:16 - 2015-01-16 11:16 - 00000000 ____D () C:\Windows\ERUNT
2015-01-16 11:11 - 2015-01-16 11:12 - 01707939 _____ (Thisisu) C:\Users\Owner\Desktop\JRT.exe
2015-01-16 10:10 - 2015-01-16 12:40 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-16 10:10 - 2015-01-16 10:10 - 00001119 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-16 10:10 - 2015-01-16 10:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-16 10:09 - 2015-01-16 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-16 10:09 - 2015-01-16 10:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-16 10:09 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-16 10:09 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-16 10:09 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-16 10:01 - 2015-01-16 10:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Owner\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-16 09:31 - 2015-01-16 09:42 - 00000000 ____D () C:\AdwCleaner
2015-01-16 09:26 - 2015-01-16 09:26 - 02191360 _____ () C:\Users\Owner\Desktop\AdwCleaner.exe
2015-01-15 17:16 - 2015-01-15 17:16 - 00022025 _____ () C:\Users\Owner\Desktop\Additionold.txt
2015-01-15 17:14 - 2015-01-16 17:54 - 00000000 ____D () C:\FRST
2015-01-15 17:14 - 2015-01-16 12:36 - 00026939 _____ () C:\Users\Owner\Desktop\FRSTold.txt
2015-01-15 11:48 - 2015-01-15 11:48 - 00000472 _____ () C:\Users\Owner\Desktop\defogger_disable.log
2015-01-15 11:48 - 2015-01-15 11:48 - 00000000 _____ () C:\Users\Owner\defogger_reenable
2015-01-15 11:45 - 2015-01-15 11:45 - 00050477 _____ () C:\Users\Owner\Desktop\Defogger.exe
2015-01-13 20:40 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 20:40 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 20:40 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 20:40 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 20:40 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 20:40 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 20:40 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 20:40 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 20:40 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 20:40 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 20:40 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-09 12:42 - 2015-01-09 12:42 - 00291176 _____ () C:\Windows\Minidump\010915-30685-01.dmp
2015-01-08 08:28 - 2015-01-08 08:28 - 00291136 _____ () C:\Windows\Minidump\010815-19827-01.dmp
2015-01-07 23:34 - 2015-01-07 23:34 - 00003250 _____ () C:\Windows\System32\Tasks\{2A732595-8385-4EA7-BE82-013362468642}
2015-01-07 14:37 - 2015-01-07 14:37 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Panda Security
2015-01-07 14:36 - 2015-01-07 14:37 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-07 14:36 - 2015-01-07 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-07 14:24 - 2015-01-07 14:37 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-07 11:03 - 2015-01-07 11:03 - 00000000 ____D () C:\Panda Security
2015-01-05 14:12 - 2014-09-26 18:42 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-05 14:12 - 2014-09-26 18:36 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-05 14:12 - 2014-09-26 18:36 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-05 14:12 - 2014-09-26 18:35 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-05 14:11 - 2015-01-05 14:12 - 00004596 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-12-30 17:50 - 2014-12-30 17:50 - 00007605 _____ () C:\Users\Owner\AppData\Local\Resmon.ResmonCfg
2014-12-30 07:22 - 2014-12-30 07:22 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 15:56 - 2014-12-25 15:56 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Acer
2014-12-25 15:52 - 2014-12-25 15:52 - 00000000 ____D () C:\Windows\System32\Tasks\Leader Technologies
2014-12-25 15:47 - 2014-12-25 15:47 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Leader Technologies
2014-12-25 15:31 - 2014-12-28 09:23 - 00000000 ____D () C:\Program Files (x86)\LTCM Client
2014-12-25 15:30 - 2014-12-25 15:30 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EPSON Software
2014-12-18 04:10 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 04:10 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-16 17:53 - 2014-03-17 10:11 - 01209777 _____ () C:\Windows\WindowsUpdate.log
2015-01-16 17:49 - 2014-03-28 16:28 - 00009326 _____ () C:\Windows\setupact.log
2015-01-16 17:49 - 2014-03-17 13:52 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-16 17:49 - 2014-03-17 10:17 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-16 17:49 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-16 17:43 - 2014-03-17 13:54 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-16 17:37 - 2014-03-17 13:52 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-16 15:53 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-16 15:53 - 2009-07-13 23:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-16 15:44 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-16 13:03 - 2010-11-20 22:47 - 00040710 _____ () C:\Windows\PFRO.log
2015-01-16 10:46 - 2014-03-17 16:28 - 00000000 ____D () C:\Windows\FltMgr
2015-01-16 09:31 - 2014-06-24 01:00 - 00000000 ____D () C:\Users\Owner\AppData\Local\Adobe
2015-01-15 11:48 - 2014-03-17 10:12 - 00000000 ____D () C:\Users\Owner
2015-01-15 11:43 - 2014-03-17 13:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-15 11:43 - 2014-03-17 13:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-15 11:43 - 2014-03-17 13:54 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-14 03:04 - 2014-03-17 11:15 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 03:00 - 2014-03-17 11:15 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 17:01 - 2014-03-18 18:31 - 00000000 ____D () C:\Users\Owner\AppData\Roaming\SolSuite
2015-01-11 16:40 - 2009-07-14 00:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-09 12:42 - 2014-03-26 09:29 - 477796871 _____ () C:\Windows\MEMORY.DMP
2015-01-09 12:42 - 2014-03-26 09:29 - 00000000 ____D () C:\Windows\Minidump
2015-01-09 09:55 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-01-08 14:59 - 2014-03-21 15:25 - 01095675 _____ () C:\Users\Owner\AppData\Roaming\PS12_panel.log
2015-01-08 07:06 - 2009-07-13 23:45 - 04977152 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-07 16:54 - 2009-07-14 00:13 - 00781298 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 14:37 - 2014-03-17 10:37 - 00081136 _____ () C:\Users\Owner\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 10:39 - 2014-03-17 15:18 - 00000000 ____D () C:\Users\Owner\Downloads\Panda
2015-01-07 06:01 - 2014-03-17 16:31 - 00008627 _____ () C:\Windows\SysWOW64\PAV_FOG.OPC
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-05 14:54 - 2014-12-14 16:37 - 00017984 _____ () C:\Users\Owner\Documents\Savings Bonds_htm.htm
2015-01-05 14:12 - 2014-03-17 13:54 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-05 14:03 - 2014-03-17 15:52 - 00000000 ____D () C:\Users\Owner\AppData\Local\Windows Live
2015-01-02 09:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-27 09:06 - 2014-03-18 14:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-12-27 08:48 - 2014-03-17 13:51 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-26 18:36 - 2014-12-16 18:26 - 00000000 ____D () C:\Users\Owner\Documents\Calendar15
2014-12-25 15:42 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Info
2014-12-25 15:41 - 2014-03-18 13:40 - 00000095 _____ () C:\Windows\EART1430.ini
2014-12-25 15:31 - 2014-03-18 13:51 - 00000000 ____D () C:\Program Files (x86)\epson
2014-12-25 15:31 - 2014-03-18 13:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2014-12-25 15:24 - 2014-03-18 13:42 - 00000000 ____D () C:\Program Files (x86)\EPSON Software
2014-12-25 15:24 - 2014-03-17 16:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-22 10:51 - 2014-03-17 15:22 - 00000000 ____D () C:\Users\Owner\Documents\Calendar13
2014-12-21 09:36 - 2014-03-18 14:09 - 00001456 _____ () C:\Users\Owner\Sti_Trace.log

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-14 00:35

==================== End Of Log ============================

 

*****

ESET scanned 164,216 files and found zero threats, so no report was produced.

*****

 

The PC is running much, much better!  The performance is good, the performance tab in Task Manager shows no unusual resource usage, my security settings don't get reset, and cookies are working.

 

I still had no browser history this morning but found that 'days to save' in IE had been set to zero at some point.  I changed that setting and it will probably be okay.

 

The only weird behavior I've observed is this:  When I close Windows Live Mail, SOMETIMES part or all of the application window gets left on the screen.  The app closes correctly and the taskbar looks correct, it's just that some or all of the Live Mail window still shows above the taskbar.  Starting and stopping another full-screen app clears it.  No other application does this.  It's a minor problem and I'm not sure if it's connected to the other stuff.  Any thoughts?

 

Great job so far,

Steve



#10 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 17 January 2015 - 01:23 PM

Hey Steve,

The only weird behavior I've observed is this: When I close Windows Live Mail, SOMETIMES part or all of the application window gets left on the screen. The app closes correctly and the taskbar looks correct, it's just that some or all of the Live Mail window still shows above the taskbar. Starting and stopping another full-screen app clears it. No other application does this. It's a minor problem and I'm not sure if it's connected to the other stuff. Any thoughts?

This sometimes happens on my system. This isn't caused by Malware ... I would say it's caused by a bug of the specific application. :)

 

in my opinion your PC is clean. :) If you would like to donate some money to me that I can buy some beer, then click on the button paypal.gif. I'd really appreciate it, my friend. :)


We need to remove the tools we've used during cleaning your machine.
  • Download Delfix from here and run it (If you have Windows Vista / Windows 7 / Windows 8 please do a Right click on the Delfix icon and select Run as Administrator).
  • Ensure Remove disinfection tools is ticked
    Also tick:
    • Create registry backup
    • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply

 

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#11 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 17 January 2015 - 04:41 PM

I'm delighted that my PC is healthy, my friend, and I promise there will be beer money.  Please recall, though, that there is also a laptop that needs attention (please reread the original post.)

 

The tips on avoiding future problems are very logical.  The depressing thing is that I was already doing them.

 

The Delfix tool was a pleasant surprise and the Geekstogo link looks useful.

 

Best,

Steve

 

# DelFix v10.8 - Logfile created 17/01/2015 at 16:23:02
# Updated 29/07/2014 by Xplode
# Username : Owner - OWNER-PC
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Owner\Desktop\Addition.txt
Deleted : C:\Users\Owner\Desktop\Addition2.txt
Deleted : C:\Users\Owner\Desktop\Additionold.txt
Deleted : C:\Users\Owner\Desktop\AdwCleaner.exe
Deleted : C:\Users\Owner\Desktop\Defogger.exe
Deleted : C:\Users\Owner\Desktop\defogger_disable.log
Deleted : C:\Users\Owner\Desktop\Fixlog.txt
Deleted : C:\Users\Owner\Desktop\FRST.txt
Deleted : C:\Users\Owner\Desktop\FRST2.txt
Deleted : C:\Users\Owner\Desktop\FRST64.exe
Deleted : C:\Users\Owner\Desktop\FRSTold.txt
Deleted : C:\Users\Owner\Desktop\JRT.exe
Deleted : C:\Users\Owner\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #110 [Windows Update | 01/06/2015 07:37:30]
Deleted : RP #111 [Windows Update | 01/09/2015 14:08:54]
Deleted : RP #112 [Windows Update | 01/14/2015 01:39:54]
Deleted : RP #113 [Windows Update | 01/14/2015 08:00:12]

New restore point created !

########## - EOF - ##########



#12 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 18 January 2015 - 09:14 AM

Hey,
thanks for the donation. ;)

Now to your other system.

Please download FRST (by Farbar) from the link below and save it to your Desktop.

Download Mirror #1

If you are unsure whether you have 32-Bit or 64-Bit Windows, see here
  • Disable all anti-virus and anti-malware software to prevent them inhibiting FRST in any way. If you are unsure how to do this, see THIS.
  • Double-click FRST.exe/FRST64.exe (depending on which version you downloaded) to run it. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • When the disclaimer appears, click Yes.
  • Click Scan to start FRST.
  • When FRST finishes scanning, two logs, FRST.txt and Addition.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of both of these logs into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#13 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 18 January 2015 - 12:55 PM

I think this may have sorted itself out. I did a restart to bring back the kanuqrua.exe processes before beginning the fix process.  After the restart, Panda said it had found an infection and asked for another restart.  I've done two more restarts to be certain, but the kanuqrua.exe processes have not reappeared and performance seems normal.

 

Still, I would be grateful if you'd scan the FRST64 logs below and see if they look good to you.

 

Thanks,

Steve

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Steve (administrator) on SOLAPTOP on 18-01-2015 11:55:08
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\...\MountPoints2: {3e843446-96c6-11e4-a259-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS622
SearchScopes: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS622
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-04-15] (Microsoft Corporation) [File not signed]
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-04-15] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 11:55 - 2015-01-18 11:55 - 00012904 _____ () C:\Users\Steve\Desktop\FRST.txt
2015-01-18 11:55 - 2015-01-18 11:55 - 00000000 ____D () C:\FRST
2015-01-18 11:52 - 2015-01-18 11:52 - 02126848 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2015-01-13 17:23 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:23 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:23 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-13 17:23 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-13 17:23 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:23 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:23 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 17:22 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:22 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:22 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:22 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:22 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:22 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:22 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:22 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB4.tmp
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB3.tmp
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB2.tmp
2015-01-11 16:08 - 2015-01-11 16:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-11 16:08 - 2015-01-11 16:08 - 00000000 ____D () C:\ProgramData\Sun
2015-01-11 16:08 - 2015-01-11 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 16:07 - 2015-01-11 16:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 16:05 - 2015-01-11 16:05 - 00638888 _____ (Oracle Corporation) C:\Users\Steve\Downloads\JavaSetup8u25.com
2015-01-11 14:58 - 2015-01-11 14:58 - 00000000 ____D () C:\6884cb441916bcfc1c
2015-01-11 14:36 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-11 14:36 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-11 14:33 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-11 14:33 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-11 14:33 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-11 14:33 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-11 14:33 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-11 14:32 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-11 14:32 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-11 14:32 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-11 14:32 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-11 14:32 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-11 14:32 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-11 14:31 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-11 14:31 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-11 14:29 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-01-11 14:29 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-01-08 20:01 - 2015-01-08 20:25 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Games
2015-01-08 19:56 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieUserList
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieSiteList
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieBrowserModeList
2015-01-08 09:02 - 2015-01-08 09:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-08 08:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-08 08:27 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-08 08:24 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-08 08:24 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-08 08:06 - 2015-01-08 08:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-08 08:06 - 2015-01-08 08:06 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-08 05:46 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-01-08 05:46 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-01-08 05:46 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-01-08 05:46 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-01-08 05:35 - 2015-01-15 20:37 - 00774028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-08 05:04 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-08 05:04 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-08 05:04 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-08 05:04 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-08 05:04 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-08 05:04 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-08 05:04 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-08 05:04 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-08 05:04 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-08 05:04 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-08 05:04 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-08 05:04 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-08 05:04 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-08 05:04 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-08 05:04 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-08 01:06 - 2015-01-08 01:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-08 01:06 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 23:41 - 2015-01-08 09:02 - 00287756 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-07 22:42 - 2015-01-08 09:02 - 00292714 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-07 22:31 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-07 22:31 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-07 22:31 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-07 22:31 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-07 22:31 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-07 21:47 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-07 21:47 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-07 21:47 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-07 21:47 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-07 21:47 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-07 21:47 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-07 21:47 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-07 21:47 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-07 21:47 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-07 21:47 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-07 21:46 - 2015-01-07 21:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-07 21:41 - 2015-01-07 21:41 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-SOlaptop-Steve
2015-01-07 21:39 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-01-07 21:39 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-01-07 21:39 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-01-07 21:39 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-01-07 21:39 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-01-07 21:25 - 2015-01-07 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 21:23 - 2015-01-07 21:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-07 21:23 - 2015-01-07 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 20:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-07 20:53 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-07 20:53 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-07 20:53 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-07 20:53 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-07 20:53 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-07 20:53 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-07 20:53 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-07 20:53 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-07 20:49 - 2015-01-07 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-07 20:49 - 2015-01-07 20:49 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-07 20:49 - 2015-01-07 20:49 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-07 20:49 - 2015-01-07 20:49 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-07 20:49 - 2015-01-07 20:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-07 20:49 - 2015-01-07 20:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-07 20:49 - 2015-01-07 20:49 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-07 20:49 - 2015-01-07 20:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-07 20:49 - 2015-01-07 20:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-01-07 20:46 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-01-07 20:46 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-01-07 20:46 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-01-07 20:46 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-01-07 20:46 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-01-07 20:45 - 2015-01-07 20:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-07 20:45 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-07 20:45 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-07 20:45 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-07 20:45 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-07 20:45 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-07 20:45 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-07 20:44 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-07 20:44 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-07 20:44 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-07 20:44 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-07 20:44 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-07 20:44 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-07 20:43 - 2015-01-07 20:43 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-07 20:43 - 2015-01-07 20:43 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-07 20:43 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-07 20:43 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-07 20:43 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-07 20:43 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-07 20:43 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-07 20:43 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-07 20:43 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-07 20:43 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-07 20:43 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-07 20:43 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-07 20:43 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-07 20:43 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-07 20:43 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-07 20:43 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-07 20:43 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-07 20:43 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-07 20:43 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-07 20:43 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-07 20:42 - 2015-01-07 20:56 - 00014859 _____ () C:\Windows\IE11_main.log
2015-01-07 20:42 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-07 20:42 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-07 20:42 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-07 20:42 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-07 20:42 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-07 20:41 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-07 20:41 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-07 20:41 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-07 20:41 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-07 20:41 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-07 20:41 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-07 20:41 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-07 20:40 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-07 20:40 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-07 20:40 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-07 20:40 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-07 20:40 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-07 20:40 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-07 20:39 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-07 20:39 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-07 20:39 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-01-07 20:39 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-07 20:39 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-07 20:39 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-07 20:39 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-07 20:39 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-07 20:39 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-07 20:39 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-07 20:39 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-07 20:39 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-07 20:39 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-07 20:39 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-07 20:39 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-07 20:39 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-07 20:39 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-07 20:39 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-01-07 20:39 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-01-07 20:39 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-01-07 20:39 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-01-07 20:39 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-01-07 20:39 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-01-07 20:39 - 2012-01-04 05:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-01-07 20:39 - 2012-01-04 03:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-07 20:38 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-07 20:38 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-07 20:38 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-07 20:38 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-07 20:38 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-07 20:38 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-07 20:38 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-07 20:38 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-07 20:38 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-07 20:38 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-07 20:38 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-07 20:38 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-07 20:38 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-07 20:38 - 2012-11-02 00:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-01-07 20:38 - 2012-11-02 00:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-01-07 20:38 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-01-07 20:38 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-01-07 20:38 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-01-07 20:38 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-01-07 20:38 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-07 20:38 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-07 20:38 - 2011-02-22 23:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-01-07 20:37 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-07 20:37 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-07 20:37 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-07 20:37 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-07 20:37 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-07 20:37 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-07 20:37 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-07 20:37 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-07 20:37 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-07 20:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-07 20:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-07 20:37 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-07 20:37 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-07 20:37 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-07 20:37 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-07 20:37 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-07 20:37 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-07 20:37 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-07 20:37 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-07 20:37 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-07 20:37 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-07 20:37 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-07 20:37 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-07 20:37 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-07 20:37 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-07 20:37 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-07 20:37 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-07 20:37 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-07 20:37 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-07 20:37 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-07 20:37 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-07 20:37 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-07 20:37 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-07 20:37 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-07 20:37 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-07 20:37 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-07 20:37 - 2012-03-01 01:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-01-07 20:37 - 2012-03-01 01:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-01-07 20:37 - 2012-03-01 00:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-01-07 20:37 - 2011-10-15 01:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-01-07 20:37 - 2011-10-15 00:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-01-07 20:36 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-07 20:36 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-07 20:36 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-07 20:36 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-07 20:36 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-07 20:36 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-07 20:36 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-07 20:36 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-07 20:36 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-07 20:36 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-07 20:36 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-07 20:36 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-07 20:36 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-07 20:36 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-07 20:36 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-07 20:36 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-07 20:36 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-01-07 20:36 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-07 20:36 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-01-07 20:36 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-01-07 20:36 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-07 20:36 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-07 20:36 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-07 20:36 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-07 20:36 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-07 20:36 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-07 20:36 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-07 20:36 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-07 20:36 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-07 20:36 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-07 20:36 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-01-07 20:36 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-07 20:36 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-07 20:36 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-07 20:36 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-07 20:36 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-01-07 20:36 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-07 20:36 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-07 20:36 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-07 20:36 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-07 20:36 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-07 20:36 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-01-07 20:36 - 2013-02-11 23:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-01-07 20:36 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-01-07 20:36 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-01-07 20:36 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-01-07 20:36 - 2012-11-28 17:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-01-07 20:36 - 2012-09-25 17:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-01-07 20:36 - 2012-09-25 17:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-01-07 20:36 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-01-07 20:36 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-01-07 20:36 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-01-07 20:36 - 2012-04-26 00:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-01-07 20:36 - 2012-04-26 00:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-01-07 20:36 - 2012-03-17 02:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-01-07 20:36 - 2011-12-30 01:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-01-07 20:36 - 2011-12-30 00:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-01-07 20:36 - 2011-12-16 03:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-01-07 20:36 - 2011-12-16 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-01-07 20:36 - 2011-11-17 01:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-01-07 20:36 - 2011-11-17 00:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-01-07 20:36 - 2011-10-26 00:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-01-07 20:36 - 2011-10-25 23:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-01-07 20:36 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-07 20:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-07 20:35 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-07 20:35 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-07 20:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-07 20:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-07 20:35 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-01-07 20:35 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-01-07 20:35 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-01-07 20:35 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-01-07 20:35 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-01-07 20:35 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-07 20:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-07 20:30 - 2015-01-18 11:30 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:30 - 2015-01-11 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-07 20:30 - 2015-01-11 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-07 20:30 - 2015-01-11 16:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-07 20:29 - 2015-01-07 20:29 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-07 20:28 - 2012-06-06 00:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-01-07 20:27 - 2012-06-06 01:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-01-07 20:23 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-07 20:23 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-07 20:22 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-07 20:22 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-07 20:22 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-07 20:22 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-07 20:22 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-07 19:56 - 2015-01-07 21:41 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-07 19:56 - 2015-01-07 19:56 - 00001086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-01-07 19:55 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files\Adobe
2015-01-07 19:55 - 2015-01-07 19:55 - 00001048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-01-07 19:53 - 2015-01-07 19:53 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-01-07 19:53 - 2015-01-07 19:53 - 00001368 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-01-07 19:51 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-07 19:32 - 2015-01-07 19:32 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Macromedia
2015-01-07 19:30 - 2015-01-18 11:30 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2015-01-07 19:21 - 2015-01-07 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-07 19:20 - 2015-01-07 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-07 19:17 - 2015-01-13 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-07 19:17 - 2015-01-11 14:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-07 19:17 - 2015-01-07 19:17 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2015-01-07 19:17 - 2015-01-07 19:17 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-07 19:16 - 2015-01-07 19:16 - 00000000 __RHD () C:\MSOCache
2015-01-07 18:42 - 2014-03-17 15:52 - 01239744 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\wlsetup-web.exe
2015-01-07 18:42 - 2014-02-28 16:26 - 00508684 _____ () C:\Users\Steve\Downloads\Screening_Packet_03182-36733.zip
2015-01-07 18:42 - 2014-02-18 09:16 - 00508701 _____ () C:\Users\Steve\Downloads\Screening_Packet_03182-29397.zip
2015-01-07 18:42 - 2013-01-21 17:54 - 00016062 _____ () C:\Users\Steve\Downloads\RGB_255to0_52steps_Bayer.dng.zip
2015-01-07 18:42 - 2009-11-02 16:19 - 00495308 _____ () C:\Users\Steve\Downloads\PWT_Code_1-12.zip
2015-01-07 18:42 - 2009-07-13 22:16 - 00046824 _____ () C:\Users\Steve\Downloads\TheColourWatcherTool.zip
2015-01-07 18:42 - 2008-04-05 11:43 - 00344252 _____ () C:\Users\Steve\Downloads\wgcmyk_gcr_light_b85_11-14-01.zip
2015-01-07 18:42 - 2008-02-22 22:15 - 00320223 _____ () C:\Users\Steve\Downloads\TLRSplitChannels.zip
2015-01-07 18:42 - 2007-12-05 23:01 - 04097968 _____ () C:\Users\Steve\Downloads\wzapload.exe
2015-01-07 18:42 - 2007-03-09 16:41 - 00506697 _____ () C:\Users\Steve\Downloads\winf1821.zip
2015-01-07 18:42 - 2006-02-11 20:22 - 00341531 _____ () C:\Users\Steve\Downloads\TactViewer2_5.zip
2015-01-07 18:42 - 2005-06-03 12:30 - 02417824 _____ () C:\Users\Steve\Downloads\winzip90.exe
2015-01-07 18:42 - 2005-05-11 14:25 - 00229880 _____ () C:\Users\Steve\Downloads\TactCor.zip
2015-01-07 18:42 - 2004-11-13 17:37 - 01152319 _____ () C:\Users\Steve\Downloads\tfti.zip
2015-01-07 18:42 - 2003-12-04 17:45 - 02267136 _____ () C:\Users\Steve\Downloads\WSetup.exe
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\wgcmyk_gcr_light_b85_11-14-01
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\TLRSplitChannels
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\tfti
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-17
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-14
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-12
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PPW_Tools_3.33_EN_Win
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Panda
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\NikonUsbScanners64
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Kelby
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Clip
2015-01-07 18:41 - 2014-09-10 13:19 - 02548448 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Steve\Downloads\ashampoo_burning_studio_14_dl.exe
2015-01-07 18:41 - 2014-03-29 14:04 - 00001296 _____ () C:\Users\Steve\Downloads\files.txt
2015-01-07 18:41 - 2014-03-29 13:57 - 15049096 _____ () C:\Users\Steve\Downloads\ns403en_vista.exe
2015-01-07 18:41 - 2014-03-29 13:49 - 00006382 _____ () C:\Users\Steve\Downloads\NikonUsbScanners64.zip
2015-01-07 18:41 - 2014-03-18 14:06 - 06625568 _____ () C:\Users\Steve\Downloads\epson15546.exe
2015-01-07 18:41 - 2013-11-18 17:46 - 44941817 _____ () C:\Users\Steve\Downloads\PPW_Tools_3.33_EN_Win.zip
2015-01-07 18:41 - 2013-06-03 12:02 - 39298960 _____ () C:\Users\Steve\Downloads\colorefexpro4.zip
2015-01-07 18:41 - 2012-10-15 08:34 - 39519104 _____ () C:\Users\Steve\Downloads\ColorEfexPro4.exe
2015-01-07 18:41 - 2012-10-09 08:05 - 02556354 _____ () C:\Users\Steve\Downloads\AdobeExchange.zxp
2015-01-07 18:41 - 2009-10-31 16:57 - 04116424 _____ () C:\Users\Steve\Downloads\Zap684.exe
2015-01-07 18:41 - 2009-10-10 15:46 - 00911119 _____ () C:\Users\Steve\Downloads\mp4PlayerSetup.exe
2015-01-07 18:41 - 2009-09-15 11:24 - 05383889 _____ (InstallShield Software Corporation) C:\Users\Steve\Downloads\Install Tact-2.0 S V1.0.65F9.exe
2015-01-07 18:41 - 2008-02-06 16:11 - 02048000 _____ (Adobe Systems, Copyright 2005-2007) C:\Users\Steve\Downloads\PatcherApplication.exe
2015-01-07 18:41 - 2007-07-25 15:42 - 07002416 _____ (Pantone & GretagMacbeth ) C:\Users\Steve\Downloads\Pantone_huey1_0_5_Installer.exe
2015-01-07 18:41 - 2007-03-26 17:11 - 01240851 _____ () C:\Users\Steve\Downloads\D200_Update.zip
2015-01-07 18:41 - 2005-06-12 17:59 - 02430161 _____ () C:\Users\Steve\Downloads\NastyMeds.wmv
2015-01-07 18:41 - 2005-06-03 12:35 - 00029378 _____ () C:\Users\Steve\Downloads\pkunzip.exe
2015-01-07 18:41 - 2005-05-11 14:19 - 00452164 _____ () C:\Users\Steve\Downloads\GoodVibrations.zip
2015-01-07 18:41 - 2005-05-11 14:17 - 00055290 _____ () C:\Users\Steve\Downloads\Cal4All.mic
2015-01-07 18:41 - 2005-03-18 21:10 - 03203920 _____ () C:\Users\Steve\Downloads\DCP-ProfileKit.zip
2015-01-07 18:40 - 2015-01-07 18:40 - 00000000 ____D () C:\Windows\CSC
2015-01-07 18:27 - 2015-01-07 18:28 - 00080178 _____ () C:\Users\Steve\Documents\January.eml
2015-01-07 18:27 - 2015-01-07 18:28 - 00035761 _____ () C:\Users\Steve\Documents\Candidate Bio.eml
2015-01-07 18:27 - 2015-01-07 18:27 - 00003530 _____ () C:\Users\Steve\Documents\ORSAOrientation.eml
2015-01-07 18:27 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\Version Cue
2015-01-07 18:27 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\TVA
2015-01-07 18:27 - 2014-12-14 16:37 - 00022165 _____ () C:\Users\Steve\Documents\Savings Bonds_htm.htm
2015-01-07 18:27 - 2014-03-14 10:04 - 00000000 ____D () C:\Users\Steve\Documents\Slideshows
2015-01-07 18:27 - 2012-12-10 15:20 - 00001240 _____ () C:\Users\Steve\Documents\ProShow Slideshow.psh
2015-01-07 18:27 - 2012-12-10 15:15 - 00000016 _____ () C:\Users\Steve\Documents\ProShow Slideshow.pxc
2015-01-07 18:27 - 2012-07-06 13:54 - 01034295 _____ () C:\Users\Steve\Documents\Trunk Monkey 2.wmv
2015-01-07 18:27 - 2011-01-20 10:35 - 00000000 ____D () C:\Users\Steve\Documents\Updater5
2015-01-07 18:27 - 2009-10-31 17:48 - 00011592 _____ () C:\Users\Steve\Documents\OCBusMeet101909.dotx
2015-01-07 18:27 - 2009-07-28 11:29 - 00022528 _____ () C:\Users\Steve\Documents\OssoliBODattendance2.xls
2015-01-07 18:27 - 2009-07-28 11:19 - 00022528 _____ () C:\Users\Steve\Documents\OssoliBODattendance.xls
2015-01-07 18:27 - 2007-12-07 12:37 - 00000338 _____ () C:\Users\Steve\Documents\nlprefs.nlp
2015-01-07 18:27 - 2007-07-08 22:31 - 00000520 _____ () C:\Users\Steve\Documents\spider.sav
2015-01-07 18:27 - 2006-12-19 21:24 - 00001776 _____ () C:\Users\Steve\Documents\Default007.bsf
2015-01-07 18:27 - 2005-05-16 19:27 - 00022528 _____ () C:\Users\Steve\Documents\Sixth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:24 - 00022016 _____ () C:\Users\Steve\Documents\Fourth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:17 - 00022016 _____ () C:\Users\Steve\Documents\RelatedArtsAttendance04.xls
2015-01-07 18:27 - 2005-05-16 19:13 - 00022528 _____ () C:\Users\Steve\Documents\Fifth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:08 - 00022016 _____ () C:\Users\Steve\Documents\Third Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:05 - 00022528 _____ () C:\Users\Steve\Documents\Second Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:04 - 00022016 _____ () C:\Users\Steve\Documents\First Period Attendance04.xls
2015-01-07 18:27 - 2005-04-26 20:14 - 00022016 _____ () C:\Users\Steve\Documents\Yearbookstaff04-05.xls
2015-01-07 18:27 - 2005-02-08 19:48 - 02236865 _____ () C:\Users\Steve\Documents\Trunk Monkey1.wmv
2015-01-07 18:27 - 2005-01-26 21:11 - 00000620 _____ () C:\Users\Steve\Documents\iris.alv
2015-01-07 18:27 - 2004-10-04 19:11 - 00022016 _____ () C:\Users\Steve\Documents\RelatedArts Attendance04.xls
2015-01-07 18:27 - 2004-04-15 19:58 - 00023113 _____ () C:\Users\Steve\Documents\089-04dc.wpd
2015-01-07 18:27 - 2004-04-10 17:18 - 00022016 _____ () C:\Users\Steve\Documents\AnnualStaff.xls
2015-01-07 18:27 - 2004-04-04 21:59 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#6.xls
2015-01-07 18:27 - 2004-03-21 13:04 - 00022016 _____ () C:\Users\Steve\Documents\Seventh Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:57 - 00022016 _____ () C:\Users\Steve\Documents\Sixth Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:52 - 00022016 _____ () C:\Users\Steve\Documents\Fifth Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:51 - 00022528 _____ () C:\Users\Steve\Documents\Third Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:48 - 00022016 _____ () C:\Users\Steve\Documents\Second Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:47 - 00022016 _____ () C:\Users\Steve\Documents\First Period Attendance.xls
2015-01-07 18:27 - 2003-10-19 15:47 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG #5.xls
2015-01-07 18:27 - 2003-10-19 15:37 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#4.xls
2015-01-07 18:27 - 2003-10-19 15:29 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#3.xls
2015-01-07 18:27 - 2003-10-19 15:13 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG #2.xls
2015-01-07 18:27 - 2003-10-19 15:03 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG#1.xls
2015-01-07 18:27 - 2003-10-19 15:03 - 00022016 _____ () C:\Users\Steve\Documents\AlphaAttend0203#1.xls
2015-01-07 18:27 - 2003-08-09 08:59 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsOliver03-04.xls
2015-01-07 18:27 - 2003-08-09 08:52 - 00020992 _____ () C:\Users\Steve\Documents\Homeroom recordsOliverAttendance.xls
2015-01-07 18:27 - 2003-05-09 17:38 - 00023552 _____ () C:\Users\Steve\Documents\2003FinalDCPay#3.xls
2015-01-07 18:27 - 2003-05-09 17:02 - 00026112 _____ () C:\Users\Steve\Documents\2003FinalDCPay-#2.xls
2015-01-07 18:27 - 2003-05-08 22:29 - 00026112 _____ () C:\Users\Steve\Documents\2003FinalDCPay- #1.xls.xls
2015-01-07 18:27 - 2003-03-22 14:06 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#5.xls
2015-01-07 18:27 - 2003-03-22 14:05 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#4.xls
2015-01-07 18:27 - 2003-03-22 14:03 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#3.xls
2015-01-07 18:27 - 2003-03-22 14:01 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#2.xls
2015-01-07 18:27 - 2003-03-02 15:12 - 00022016 _____ () C:\Users\Steve\Documents\Study Skills.xls
2015-01-07 18:27 - 2003-03-02 15:08 - 00022016 _____ () C:\Users\Steve\Documents\Fourth Period Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:51 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsE03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:48 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsD03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:45 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsC03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:42 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsB03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:35 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsfinkAttendance.xls
2015-01-07 18:27 - 2002-09-22 12:35 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsA03Attendance.xls
2015-01-07 18:27 - 2002-08-07 15:56 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsOliverStudySkills.xls
2015-01-07 18:27 - 2002-08-06 18:43 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttendance.xls
2015-01-07 18:27 - 2002-08-05 19:20 - 00020992 _____ () C:\Users\Steve\Documents\Homeroom Attendance.xls
2015-01-07 18:27 - 2002-04-30 19:32 - 00021504 _____ () C:\Users\Steve\Documents\DC3secpay2002.xls
2015-01-07 18:27 - 2002-04-02 20:15 - 00023040 _____ () C:\Users\Steve\Documents\DC2secpay2002.xls
2015-01-07 18:27 - 2002-04-02 20:12 - 00023040 _____ () C:\Users\Steve\Documents\DC Secpay2002.xls
2015-01-07 18:27 - 2002-03-10 14:31 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom oliverAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:55 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom HicksAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:50 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom alvisAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:45 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom NewMathAttendance.xls
2015-01-07 18:27 - 2001-10-15 09:47 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom cummingsAttendance.xls
2015-01-07 18:27 - 2001-08-19 13:04 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsNewmathAttendance.xls.xls
2015-01-07 18:27 - 2001-08-19 13:01 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom recordsHicksAttendance.xls
2015-01-07 18:27 - 2001-08-19 12:59 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordscummingsAttendance.xls
2015-01-07 18:27 - 2001-08-19 12:55 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom recordsalvisAttendance.xls
2015-01-07 18:27 - 2001-03-27 09:58 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom GronskiNODC.xls
2015-01-07 18:27 - 2001-03-27 09:30 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom HicksNODC.xls
2015-01-07 18:27 - 2001-03-27 09:25 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom alvisNODC.xls
2015-01-07 18:27 - 2001-03-27 09:20 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom cummingsNODC.xls
2015-01-07 18:27 - 2001-03-27 09:15 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom oliverNODC.xls
2015-01-07 18:27 - 2001-03-18 10:46 - 00020992 _____ () C:\Users\Steve\Documents\2003FinalDCPay.xls.xls
2015-01-07 18:27 - 2001-03-18 10:39 - 00020992 _____ () C:\Users\Steve\Documents\DC oliverAttendance.xls
2015-01-07 18:27 - 2001-01-01 18:36 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#3forNCT.xls
2015-01-07 18:27 - 2001-01-01 18:35 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG #2for NCT.xls
2015-01-07 18:27 - 2001-01-01 18:33 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#1forNCT.xls
2015-01-07 18:27 - 2000-11-07 17:12 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom WildeAttendance.xls
2015-01-07 18:27 - 2000-11-07 17:09 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsWildeAttendance.xls
2015-01-07 18:27 - 2000-08-12 15:38 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordscummingsAttendance.xls
2015-01-07 18:27 - 2000-04-09 19:50 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordsEnglishAttendance.xls
2015-01-07 18:27 - 2000-04-09 19:49 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordsalvisAttendance.xls
2015-01-07 18:27 - 2000-03-27 11:26 - 00021504 _____ () C:\Users\Steve\Documents\DCLOGlate3rd.xls
2015-01-07 18:27 - 2000-01-30 14:40 - 00021504 _____ () C:\Users\Steve\Documents\LATEDClist.xls
2015-01-07 18:27 - 1999-09-09 18:40 - 00021504 _____ () C:\Users\Steve\Documents\Ch One Scores.xls
2015-01-07 18:27 - 1999-07-31 23:07 - 00344064 _____ () C:\Users\Steve\Documents\Steve's Retirement.ppt
2015-01-07 18:27 - 1998-10-15 19:02 - 00017920 _____ () C:\Users\Steve\Documents\Field #1.xls
2015-01-07 18:27 - 1998-09-21 13:44 - 00060416 _____ () C:\Users\Steve\Documents\Comp98.xls
2015-01-07 18:27 - 1998-05-21 09:10 - 00080896 _____ () C:\Users\Steve\Documents\KPI15.ppt
2015-01-07 18:27 - 1998-03-15 20:20 - 00020992 _____ () C:\Users\Steve\Documents\Form1.xls
2015-01-07 18:27 - 1997-07-29 19:20 - 00230400 _____ () C:\Users\Steve\Documents\Invoice1.xls
2015-01-07 18:27 - 1997-03-28 19:22 - 08140288 _____ () C:\Users\Steve\Documents\steve.ppt
2015-01-07 18:27 - 1997-01-27 21:09 - 00930238 _____ () C:\Users\Steve\Documents\f&s.bmp
2015-01-07 18:27 - 1997-01-02 16:58 - 00820856 _____ () C:\Users\Steve\Documents\geticard.tif
2015-01-07 18:26 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\scsi driver
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ___SD () C:\Users\Steve\Documents\My DVDs
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ___RD () C:\Users\Steve\Documents\My Stationery
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\PSPrefBkup
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\OneNote Notebooks
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Info
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\CyberLink
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar15
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar14
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar13
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar12
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar11
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar10
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar09
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar08
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar07
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar06
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar05
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar02
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Ashampoo Burning Studio 14
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\AdobeStockPhotos
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Adobe
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Across Crosswords
2015-01-07 18:26 - 2011-01-20 10:53 - 00000000 ____D () C:\Users\Steve\Documents\Adobe Scripts
2015-01-07 18:26 - 2011-01-20 10:35 - 00000000 ____D () C:\Users\Steve\Documents\My Received Files
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Panda Security
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-07 17:23 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-07 17:17 - 2015-01-14 09:03 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Windows Live Writer
2015-01-07 17:17 - 2015-01-07 17:17 - 00000000 ____D () C:\Users\Steve\AppData\Local\Windows Live Writer
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 17:08 - 2015-01-07 17:08 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-07 17:08 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-07 17:07 - 2015-01-14 08:59 - 00000000 ____D () C:\Users\Steve\AppData\Local\Windows Live
2015-01-07 17:07 - 2015-01-07 17:07 - 00002190 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00002115 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00002115 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ___RD () C:\Users\Steve\OneDrive
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-07 16:59 - 2015-01-07 21:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Adobe
2015-01-07 16:54 - 2015-01-08 08:15 - 00001428 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 16:54 - 2015-01-07 17:11 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2015-01-07 16:54 - 2015-01-07 16:54 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Leadertech
2015-01-07 16:54 - 2015-01-07 16:54 - 00000000 ____D () C:\Users\Steve\AppData\Local\VirtualStore
2015-01-07 16:53 - 2012-02-17 01:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-07 16:53 - 2012-02-17 00:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-01-07 16:53 - 2012-02-16 23:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-07 16:47 - 2015-01-08 08:56 - 00081736 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 16:47 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-07 16:47 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-07 16:47 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-07 16:47 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-07 16:47 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-07 16:46 - 2015-01-07 17:07 - 00000000 ____D () C:\Users\Steve
2015-01-07 16:46 - 2015-01-07 16:46 - 00000020 ___SH () C:\Users\Steve\ntuser.ini
2015-01-07 16:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-07 16:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-07 16:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-07 16:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-07 16:46 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 16:46 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 11:52 - 2012-04-15 12:31 - 01487670 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 11:48 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 11:48 - 2009-07-13 23:51 - 00046324 _____ () C:\Windows\setupact.log
2015-01-18 11:44 - 2009-07-13 23:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 11:44 - 2009-07-13 23:45 - 00031072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 20:37 - 2009-07-14 00:13 - 00774028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 17:05 - 2012-04-15 12:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-11 16:09 - 2012-04-15 12:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 16:08 - 2012-04-15 12:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-11 16:08 - 2012-04-15 12:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-11 16:08 - 2012-04-15 12:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-11 15:56 - 2009-07-13 23:45 - 04947456 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 08:12 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-08 08:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-08 08:06 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-08 08:06 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-08 08:04 - 2010-11-20 22:47 - 00395630 _____ () C:\Windows\PFRO.log
2015-01-07 19:55 - 2012-04-15 12:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-07 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-07 19:17 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-07 18:40 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-07 18:38 - 2011-02-15 04:42 - 00000000 ____D () C:\Windows\Panther
2015-01-07 18:03 - 2012-04-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-07 17:31 - 2012-04-15 13:07 - 00000000 ____D () C:\ProgramData\Norton
2015-01-07 17:31 - 2012-04-15 12:59 - 00000000 ____D () C:\ProgramData\Partner
2015-01-07 17:31 - 2012-04-15 12:59 - 00000000 ____D () C:\Program Files\Google
2015-01-07 17:15 - 2012-04-15 13:03 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-07 17:08 - 2012-04-15 13:04 - 00001469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-07 17:07 - 2012-04-15 12:44 - 00353111 _____ () C:\Windows\DirectX.log
2015-01-07 16:59 - 2012-04-15 12:58 - 00000000 ____D () C:\ProgramData\Google
2015-01-07 16:54 - 2012-04-15 12:54 - 00000000 ____D () C:\swshare
2015-01-07 16:54 - 2011-02-15 04:42 - 00000000 ____D () C:\SWTOOLS
2015-01-07 16:47 - 2012-04-15 12:36 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_Edge_0319_46U.MRK
2015-01-07 16:46 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
C:\Users\Steve\AppData\Local\Temp\{B82795A3-204A-49B0-B28E-ADC2F26621B6}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2011-02-15 04:43

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-01-2015 01
Ran by Steve at 2015-01-18 11:56:33
Running from C:\Users\Steve\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Panda Global Protection 2015 (Enabled - Up to date) {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AS: Panda Global Protection 2015 (Enabled - Up to date) {8F3797EF-DB90-F073-3C72-40C753554CD1}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall (Disabled) {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (HKLM\...\W7DevOR) (Version: 1.00 - )
Access Help (HKLM-x32\...\{C6FA39A7-26B1-480A-BC74-6D17531AC222}) (Version: 3.00 - Lenovo)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader 9.4.0 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A94000000001}) (Version: 9.4.0 - Adobe Systems Incorporated)
Burn.Now 4.5 (x32 Version: 4.5.0 - Corel Corporation) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Corel Burn.Now Lenovo Edition (HKLM-x32\...\InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}) (Version: 4.5.0 - Corel Corporation)
Corel DVD MovieFactory 7 (x32 Version: 7.0.0 - Corel Corporation) Hidden
Corel DVD MovieFactory Lenovo Edition (HKLM-x32\...\InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}) (Version: 7.0.0 - Corel Corporation)
Create Recovery Media (HKLM-x32\...\{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}) (Version: 1.20.0.00 - Lenovo Group Limited)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Direct DiscRecorder (x32 Version: 1.00.0000 - Corel Corporation) Hidden
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.15 - Evernote Corp.)
Integrated Camera (HKLM\...\Integrated Camera) (Version: 5.50.2.7 - Silicon Motion)
Integrated Camera (HKLM-x32\...\{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}) (Version: 5.50.2.7 - Silicon Motion)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2125 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
InterVideo WinDVD 8 (HKLM-x32\...\InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}) (Version: 8.0.20.199 - InterVideo Inc.)
InterVideo WinDVD 8 (x32 Version: 8.0.20.199 - InterVideo Inc.) Hidden
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Lenovo Auto Scroll Utility (HKLM\...\LenovoAutoScrollUtility) (Version: 1.11 - )
Lenovo Patch Utility (HKLM-x32\...\{24E92E7A-6848-4747-A3EA-3AAC0576BE52}) (Version: 1.0.1.1 - Lenovo Group Limited)
Lenovo Patch Utility 64 bit (HKLM\...\{39A04221-294E-4D90-A0F2-CCB1EF15CB56}) (Version: 1.2.0.1 - Lenovo Group Limited)
Lenovo Registration (HKLM-x32\...\{6707C034-ED6B-4B6A-B21F-969B3606FBDE}) (Version: 1.0.4 - Lenovo Inc.)
Lenovo System Interface Driver (HKLM\...\LENOVO.SMIIF) (Version: 1.05 - )
Lenovo Warranty Information (HKLM-x32\...\{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}) (Version: 1.0.0004.00 - Lenovo)
Lenovo Welcome (HKLM-x32\...\Lenovo Welcome_is1) (Version: 3.00.006.0 - Lenovo)
Message Center Plus (HKLM-x32\...\{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}) (Version: 2.0.0012.00 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Broadband (HKLM-x32\...\{4330AAE7-1893-42F9-BC38-539A1A60530B}) (Version: 3.6.0034 - Lenovo)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
On Screen Display (HKLM\...\OnScreenDisplay) (Version: 6.60.03 - )
Panda Devices Agent (HKLM-x32\...\Panda Devices Agent) (Version: 1.03.04 - Panda Security)
Panda Devices Agent (x32 Version: 1.05.00 - Panda Security) Hidden
Panda Global Protection 2015 (HKLM-x32\...\Panda Universal Agent Endpoint) (Version: 15.00.04.0002 - Panda Security)
Panda Global Protection 2015 (Version: 7.23.00.0000 - Panda Security) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Realtek Ethernet Controller Driver For Windows Vista and Later (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 1.00.0010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6146 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30113 - Realtek Semiconductor Corp.)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (HKLM\...\EnablePS) (Version: 1.00 - )
System Update (HKLM-x32\...\{25C64847-B900-48AD-A164-1B4F9B774650}) (Version: 4.01.0015 - Lenovo)
ThinkPad Power Management Driver (HKLM\...\Power Management Driver) (Version: 1.60.0.4 - )
ThinkPad Power Manager (HKLM-x32\...\{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}) (Version: 3.30 - )
ThinkPad UltraNav Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.19.0 - )
ThinkPad Wireless LAN Adapter Software (HKLM-x32\...\{9D3D2C60-A55F-4fed-B2B9-17311226DF01}) (Version: 1.00.0029.5 - REALTEK Semiconductor Corp.)
ThinkVantage Active Protection System (HKLM\...\{46A84694-59EC-48F0-964C-7E76E9F8A2ED}) (Version: 1.74 - Lenovo)
ThinkVantage Communications Utility (HKLM\...\{88C6A6D9-324C-46E8-BA87-563D14021442}_is1) (Version: 1.43 - Lenovo)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Windows Driver Package - Intel (iaStor) hdc  (01/15/2010 9.5.7.1002) (HKLM\...\C39A7AFB5CAF49F10B9573FFE2E981F1AB2074B6) (Version: 01/15/2010 9.5.7.1002 - Intel)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (HKLM\...\1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31) (Version: 06/04/2009 7.0.0.1013 - Intel)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (HKLM\...\E7B58217635B8F723D4744A328A4B3237DB35FA9) (Version: 06/04/2009 1.0.0.0002 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\573C3C32A1DB5625CA00E633E584E8A0E6383672) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel System  (10/28/2009 9.1.1.1022) (HKLM\...\D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1) (Version: 10/28/2009 9.1.1.1022 - Intel)
Windows Driver Package - Intel USB  (08/20/2009 9.1.1.1020) (HKLM\...\A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9) (Version: 08/20/2009 9.1.1.1020 - Intel)
Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4) (HKLM\...\114EB224AD576F278686036AA9E1EFB7847E3935) (Version: 11/18/2009 1.60.0.4 - Lenovo)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (06/29/2010 6.0.1.6146) (HKLM\...\03A7DBDC77B53F52C7EA041F531310CFC5E2AD9E) (Version: 06/29/2010 6.0.1.6146 - Realtek Semiconductor Corp.)
Windows Driver Package - Synaptics (SynTP) Mouse  (03/24/2011 15.2.19.0) (HKLM\...\5DF942712DC7660AE4A1B04809A1C3F67B0CA27C) (Version: 03/24/2011 15.2.19.0 - Synaptics)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Steve\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points  =========================

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {274A11C2-5ECD-4549-9F6C-DA2422D1D181} - System32\Tasks\PMTask => C:\Program Files (x86)\ThinkPad\Utilities\PWMIDTSV.EXE [2010-08-24] (Lenovo Group Limited)
Task: {359D9685-368D-4E14-8B55-C32612FA59A9} - System32\Tasks\AdobeAAMUpdater-1.0-SOlaptop-Steve => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {A578C4FC-7B39-4AD5-8D4A-6197EBEDEEF3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-11] (Adobe Systems Incorporated)
Task: {CEF1A33A-1B85-47C5-94B3-80A74604129A} - System32\Tasks\MCP => C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe [2009-05-28] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-04-15 12:41 - 2010-08-24 13:30 - 00038912 _____ () C:\Program Files (x86)\ThinkPad\Utilities\US\PWMRT64V.DLL
2012-04-15 12:16 - 2011-03-24 05:48 - 00057640 _____ () C:\Program Files\Synaptics\SynTP\SynTPEnhPS.dll
2009-05-28 00:09 - 2009-05-28 00:09 - 00049976 _____ () C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
2013-04-12 12:23 - 2013-04-12 12:23 - 00612664 _____ () C:\Program Files (x86)\Panda Security\Panda Security Protection\SQLite3.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Steve\Documents\Candidate Bio.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Documents\January.eml:OECustomProperty
AlternateDataStreams: C:\Users\Steve\Documents\ORSAOrientation.eml:OECustomProperty

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NanoServiceMain => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PSUAService => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1760945978-2905922680-1676196245-500 - Administrator - Disabled)
Guest (S-1-5-21-1760945978-2905922680-1676196245-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1760945978-2905922680-1676196245-1002 - Limited - Enabled)
Steve (S-1-5-21-1760945978-2905922680-1676196245-1000 - Administrator - Enabled) => C:\Users\Steve

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (01/18/2015 11:49:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 11:37:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/18/2015 11:34:59 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/17/2015 00:21:50 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 284c

Start Time: 01d0321120fdca19

Termination Time: 80

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/16/2015 09:33:11 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (01/16/2015 09:31:44 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (01/15/2015 08:33:37 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (01/14/2015 00:58:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/14/2015 09:14:20 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 46d0

Start Time: 01d030030a575a7b

Termination Time: 16

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (01/13/2015 05:31:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/18/2015 11:49:08 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2015 11:37:34 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/18/2015 11:37:11 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (01/18/2015 11:34:53 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/14/2015 00:58:23 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/13/2015 06:25:12 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (01/13/2015 06:25:07 PM) (Source: ACPI) (EventID: 13) (User: )
Description: : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

Error: (01/13/2015 05:31:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureActions with the following error:
%%5

Error: (01/13/2015 05:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (01/13/2015 05:14:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Intel® Core™ i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 36%
Total physical RAM: 3892.55 MB
Available physical RAM: 2457.7 MB
Total Pagefile: 7783.29 MB
Available Pagefile: 6220.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (Windows7_OS) (Fixed) (Total:284.91 GB) (Free:203.77 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive q: (Lenovo_Recovery) (Fixed) (Total:11.72 GB) (Free:3.15 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 2C08A594)
Partition 1: (Active) - (Size=1.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=284.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=11.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#14 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 4,015 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:51 AM

Posted 18 January 2015 - 04:42 PM

Hey, :)

Step 1: Adwarecleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1
  • Right-click on AdwCleaner.exe and select Run as administrator. (If you have Windows XP the just run it)
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.
Note: The log can also be found in here: C:\AdwCleaner\

Step 2: Malwarebytes

Please download Malwarebytes Anti-Malware to your desktop Install the progamme and select update
Once it has updated select Settings > Detection and Protection
Tick Scan for rootkits

MBAMsettings.JPG

Go back to the Dashboard and select Scan Now

MBAMScan.JPG

If threats are detected, click the Apply Actions button, MBAM will ask for a reboot.

MBAMReboot.JPG

MBAMLog.JPG

On completion of the scan (or after the reboot) select View Detailed Log
Select Export > Select text file and save to the desktop
Attach/Post that log

Step 3: Junkware Removal Tool

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 4: FRST Scan
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#15 steveo5108

steveo5108
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:51 AM

Posted 18 January 2015 - 06:43 PM

# AdwCleaner v4.108 - Report created 18/01/2015 at 17:11:01
# Updated 17/01/2015 by Xplode
# Database : 2015-01-18.1 [Live]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Steve - SOLAPTOP
# Running from : C:\Users\Steve\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Partner

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\nym1.ib.adnxs.com

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496

*************************

AdwCleaner[R0].txt - [951 octets] - [18/01/2015 17:07:19]
AdwCleaner[S0].txt - [879 octets] - [18/01/2015 17:11:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [938 octets] ##########

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/18/2015
Scan Time: 5:20:19 PM
Logfile: mwblog.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.18.11
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Steve

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325632
Time Elapsed: 15 min, 58 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Adware.Agent, C:\Users\Steve\Downloads\mp4PlayerSetup.exe, Quarantined, [df725f9807821125df6595f4946c0cf4],

Physical Sectors: 0
(No malicious items detected)

(end)

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x64
Ran by Steve on Sun 01/18/2015 at 18:27:52.58
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARINSTALLER_UPDATE-8471E048.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARMANAGER_EAA6E347-6828E064.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARNOTIFIER.EXE-7AE0A20E.pf
Successfully deleted: [File] C:\Windows\prefetch\GOOGLETOOLBARUSER_32.EXE-34B1B1C5.pf

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/18/2015 at 18:30:57.18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 01
Ran by Steve (administrator) on SOLAPTOP on 18-01-2015 18:33:24
Running from C:\Users\Steve\Desktop
Loaded Profiles: Steve (Available profiles: Steve)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Lenovo.) C:\Windows\System32\ibmpmsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tphkload.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\tpnumlkd.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\CamMute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\HOTKEY\micmute.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
(Ulead Systems, Inc.) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Lenovo.) C:\Windows\System32\TpShocks.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo Group Limited) C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Panda Security, S.L.) C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Lenovo Group Limited) C:\Program Files (x86)\Lenovo\System Update\SUService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_16_0_0_235_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11049576 2010-07-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2731304 2011-03-24] (Synaptics Incorporated)
HKLM\...\Run: [TpShocks] => C:\Windows\system32\TpShocks.exe [380776 2011-01-14] (Lenovo.)
HKLM\...\Run: [LENOVO.TPKNRRES] => C:\Program Files\Lenovo\Communications Utility\TPKNRRES.exe [54632 2011-01-14] (Lenovo Group Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PWMTRV] => rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Lenovo Registration] => C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe [4351712 2011-07-13] (Lenovo, Inc.)
HKLM-x32\...\Run: [PSUAMain] => C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe [37624 2014-10-16] (Panda Security, S.L.)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\...\MountPoints2: {3e843446-96c6-11e4-a259-806e6f6e6963} - Q:\LenovoQDrive.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=LENP&bmod=LENP
HKU\S-1-5-21-1760945978-2905922680-1676196245-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS622
SearchScopes: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENP_enUS622
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKU\S-1-5-21-1760945978-2905922680-1676196245-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll No File

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)
R2 NanoServiceMain; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [142072 2014-10-13] (Panda Security, S.L.)
R2 PandaAgent; C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [66808 2014-10-09] (Panda Security, S.L.)
R2 PSUAService; C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [38136 2014-10-16] (Panda Security, S.L.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [199272 2010-07-15] (Realtek Semiconductor)
R2 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [28672 2011-07-26] (Lenovo Group Limited) [File not signed]
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UleadBurningHelper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [61440 2008-01-10] (Ulead Systems, Inc.) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 NNSALPC; C:\Windows\System32\DRIVERS\NNSAlpc.sys [96800 2014-06-04] (Panda Security, S.L.)
R1 NNSHTTP; C:\Windows\System32\DRIVERS\NNSHttp.sys [162336 2014-06-18] (Panda Security, S.L.)
R1 NNSHTTPS; C:\Windows\System32\DRIVERS\NNSHttps.sys [112160 2014-06-04] (Panda Security, S.L.)
R1 NNSIDS; C:\Windows\System32\DRIVERS\NNSIds.sys [115232 2014-06-04] (Panda Security, S.L.)
R1 NNSNAHSL; C:\Windows\System32\DRIVERS\NNSNAHSL.sys [46336 2014-01-16] (Panda Security, S.L.)
R1 NNSPICC; C:\Windows\System32\DRIVERS\NNSPicc.sys [95776 2014-06-04] (Panda Security, S.L.)
R1 NNSPIHSW; C:\Windows\System32\DRIVERS\NNSPihsw.sys [70176 2014-06-04] (Panda Security, S.L.)
R1 NNSPOP3; C:\Windows\System32\DRIVERS\NNSPop3.sys [125984 2014-06-04] (Panda Security, S.L.)
R1 NNSPROT; C:\Windows\System32\DRIVERS\NNSProt.sys [306720 2014-06-04] (Panda Security, S.L.)
R1 NNSPRV; C:\Windows\System32\DRIVERS\NNSPrv.sys [169504 2014-06-04] (Panda Security, S.L.)
R1 NNSSMTP; C:\Windows\System32\DRIVERS\NNSSmtp.sys [115744 2014-06-04] (Panda Security, S.L.)
R1 NNSSTRM; C:\Windows\System32\DRIVERS\NNSStrm.sys [261152 2014-06-04] (Panda Security, S.L.)
R1 NNSTLSC; C:\Windows\System32\DRIVERS\NNSTlsc.sys [109088 2014-06-04] (Panda Security, S.L.)
R2 PSINAflt; C:\Windows\System32\DRIVERS\PSINAflt.sys [163088 2014-10-13] (Panda Security, S.L.)
R2 PSINFile; C:\Windows\System32\DRIVERS\PSINFile.sys [121616 2014-10-13] (Panda Security, S.L.)
R1 PSINKNC; C:\Windows\System32\DRIVERS\psinknc.sys [195616 2014-07-24] (Panda Security, S.L.)
R2 PSINProc; C:\Windows\System32\DRIVERS\PSINProc.sys [122400 2014-07-24] (Panda Security, S.L.)
R2 PSINProt; C:\Windows\System32\DRIVERS\PSINProt.sys [132128 2014-07-24] (Panda Security, S.L.)
R2 PSINReg; C:\Windows\System32\DRIVERS\PSINReg.sys [107792 2014-10-13] (Panda Security, S.L.)
R3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [60400 2014-03-25] (Panda Security, S.L.)
R1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-08-24] ()
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2012-04-15] (Microsoft Corporation) [File not signed]
R3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [205952 2009-11-23] (SMI)
S3 usbuhci; C:\Windows\system32\drivers\usbuhci.sys [30720 2012-04-15] (Microsoft Corporation) [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 18:33 - 2015-01-18 18:33 - 00012803 _____ () C:\Users\Steve\Desktop\FRST.txt
2015-01-18 18:30 - 2015-01-18 18:30 - 00000994 _____ () C:\Users\Steve\Desktop\JRT.txt
2015-01-18 18:27 - 2015-01-18 18:27 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 17:15 - 2015-01-18 18:20 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 17:07 - 2015-01-18 17:11 - 00000000 ____D () C:\AdwCleaner
2015-01-18 17:04 - 2015-01-18 17:04 - 01707939 _____ (Thisisu) C:\Users\Steve\Desktop\JRT.exe
2015-01-18 17:03 - 2015-01-18 17:03 - 00001117 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 17:03 - 2015-01-18 17:03 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 17:03 - 2015-01-18 17:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-18 17:03 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 17:03 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 17:03 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 17:01 - 2015-01-18 17:01 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Steve\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-18 17:00 - 2015-01-18 17:00 - 02186752 _____ () C:\Users\Steve\Desktop\AdwCleaner.exe
2015-01-18 11:56 - 2015-01-18 11:56 - 00022811 _____ () C:\Users\Steve\Desktop\AdditionX.txt
2015-01-18 11:55 - 2015-01-18 18:33 - 00000000 ____D () C:\FRST
2015-01-18 11:55 - 2015-01-18 11:56 - 00120978 _____ () C:\Users\Steve\Desktop\FRSTX.txt
2015-01-18 11:52 - 2015-01-18 11:52 - 02126848 _____ (Farbar) C:\Users\Steve\Desktop\FRST64.exe
2015-01-13 17:23 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 17:23 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 17:23 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-13 17:23 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-13 17:23 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 17:23 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 17:23 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-13 17:22 - 2014-12-12 00:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 17:22 - 2014-12-12 00:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 17:22 - 2014-12-12 00:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 17:22 - 2014-12-12 00:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 17:22 - 2014-12-12 00:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 17:22 - 2014-12-12 00:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 17:22 - 2014-12-12 00:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 17:22 - 2014-12-11 12:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-01-13 17:14 - 2015-01-13 17:14 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB4.tmp
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB3.tmp
2015-01-11 16:09 - 2015-01-11 16:09 - 00000000 _____ () C:\Windows\SysWOW64\REN8AB2.tmp
2015-01-11 16:08 - 2015-01-11 16:08 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-11 16:08 - 2015-01-11 16:08 - 00000000 ____D () C:\ProgramData\Sun
2015-01-11 16:08 - 2015-01-11 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-11 16:07 - 2015-01-11 16:10 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-11 16:05 - 2015-01-11 16:05 - 00638888 _____ (Oracle Corporation) C:\Users\Steve\Downloads\JavaSetup8u25.com
2015-01-11 14:58 - 2015-01-11 14:58 - 00000000 ____D () C:\6884cb441916bcfc1c
2015-01-11 14:36 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-11 14:36 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-11 14:33 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-11 14:33 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-11 14:33 - 2014-05-08 04:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-11 14:33 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-11 14:33 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-11 14:32 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-11 14:32 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-11 14:32 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-11 14:32 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-11 14:32 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-11 14:32 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-11 14:32 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-11 14:32 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-11 14:31 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-11 14:31 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-11 14:29 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-01-11 14:29 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-01-08 20:01 - 2015-01-08 20:25 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Games
2015-01-08 19:56 - 2014-03-25 08:15 - 00060400 _____ (Panda Security, S.L.) C:\Windows\system32\Drivers\PSKMAD.sys
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieUserList
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieSiteList
2015-01-08 09:11 - 2015-01-08 09:11 - 00000000 __SHD () C:\Users\Steve\AppData\Local\EmieBrowserModeList
2015-01-08 09:02 - 2015-01-08 09:02 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-01-08 08:27 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-08 08:27 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-08 08:24 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-08 08:24 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-08 08:06 - 2015-01-08 08:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-01-08 08:06 - 2015-01-08 08:06 - 00000000 ____D () C:\Windows\system32\appraiser
2015-01-08 05:46 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-01-08 05:46 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-01-08 05:46 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-01-08 05:46 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-01-08 05:35 - 2015-01-15 20:37 - 00774028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-08 05:04 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-08 05:04 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-08 05:04 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-08 05:04 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-08 05:04 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-08 05:04 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-08 05:04 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-08 05:04 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-08 05:04 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-08 05:04 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-08 05:04 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-08 05:04 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-08 05:04 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-08 05:04 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-08 05:04 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-08 01:06 - 2015-01-08 01:09 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-08 01:06 - 2014-12-31 13:12 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-07 23:41 - 2015-01-08 09:02 - 00287756 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2015-01-07 22:42 - 2015-01-08 09:02 - 00292714 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-01-07 22:31 - 2012-08-23 09:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-07 22:31 - 2012-08-23 09:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-07 22:31 - 2012-08-23 09:08 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2015-01-07 22:31 - 2012-08-23 06:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-07 22:31 - 2012-08-23 05:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-07 21:47 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-07 21:47 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-07 21:47 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-07 21:47 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-07 21:47 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-07 21:47 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-07 21:47 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-07 21:47 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-07 21:47 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-07 21:47 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-07 21:46 - 2015-01-07 21:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2015-01-07 21:41 - 2015-01-07 21:41 - 00003502 _____ () C:\Windows\System32\Tasks\AdobeAAMUpdater-1.0-SOlaptop-Steve
2015-01-07 21:39 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-01-07 21:39 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-01-07 21:39 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-01-07 21:39 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-01-07 21:39 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-01-07 21:39 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-01-07 21:25 - 2015-01-07 21:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-07 21:23 - 2015-01-07 21:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-07 21:23 - 2015-01-07 21:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-07 20:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-07 20:53 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-07 20:53 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-07 20:53 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-07 20:53 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-07 20:53 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-07 20:53 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-07 20:53 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-07 20:53 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-07 20:49 - 2015-01-07 20:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-07 20:49 - 2015-01-07 20:49 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-07 20:49 - 2015-01-07 20:49 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-07 20:49 - 2015-01-07 20:49 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-07 20:49 - 2015-01-07 20:49 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-07 20:49 - 2015-01-07 20:49 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-07 20:49 - 2015-01-07 20:49 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-07 20:49 - 2015-01-07 20:49 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-07 20:49 - 2015-01-07 20:49 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-07 20:49 - 2015-01-07 20:49 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-07 20:49 - 2015-01-07 20:49 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-07 20:48 - 2015-01-07 20:48 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-07 20:47 - 2015-01-07 20:47 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-01-07 20:46 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-01-07 20:46 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-01-07 20:46 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-01-07 20:46 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-01-07 20:46 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-01-07 20:46 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-01-07 20:46 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-01-07 20:46 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-01-07 20:45 - 2015-01-07 20:45 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-07 20:45 - 2015-01-07 20:45 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-01-07 20:45 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-07 20:45 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-07 20:45 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-07 20:45 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-07 20:45 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-07 20:45 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-07 20:44 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-07 20:44 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-07 20:44 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-07 20:44 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-07 20:44 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-07 20:44 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-07 20:43 - 2015-01-07 20:43 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-01-07 20:43 - 2015-01-07 20:43 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-01-07 20:43 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-07 20:43 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-07 20:43 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-07 20:43 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-07 20:43 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-07 20:43 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-07 20:43 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-07 20:43 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-07 20:43 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-07 20:43 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-07 20:43 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-07 20:43 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-07 20:43 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-07 20:43 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-07 20:43 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-07 20:43 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-07 20:43 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-07 20:43 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-07 20:43 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-01-07 20:42 - 2015-01-07 20:56 - 00014859 _____ () C:\Windows\IE11_main.log
2015-01-07 20:42 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-07 20:42 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-07 20:42 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-07 20:42 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-07 20:42 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-07 20:41 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-07 20:41 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-07 20:41 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-07 20:41 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-07 20:41 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-07 20:41 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-07 20:41 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-07 20:41 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-07 20:41 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-07 20:41 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-07 20:41 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-07 20:41 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-07 20:41 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-07 20:40 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-07 20:40 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-07 20:40 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-07 20:40 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-07 20:40 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-07 20:40 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-07 20:39 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-07 20:39 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-07 20:39 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-01-07 20:39 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-07 20:39 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-07 20:39 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-07 20:39 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-07 20:39 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-07 20:39 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-07 20:39 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-07 20:39 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-07 20:39 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-07 20:39 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-07 20:39 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-01-07 20:39 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-01-07 20:39 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-01-07 20:39 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-01-07 20:39 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-01-07 20:39 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-01-07 20:39 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-01-07 20:39 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-01-07 20:39 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-01-07 20:39 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-01-07 20:39 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-01-07 20:39 - 2012-01-04 05:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-01-07 20:39 - 2012-01-04 03:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-01-07 20:38 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-01-07 20:38 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-01-07 20:38 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-01-07 20:38 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-07 20:38 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-07 20:38 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-07 20:38 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-07 20:38 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-07 20:38 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-07 20:38 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-07 20:38 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-07 20:38 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-07 20:38 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-07 20:38 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-07 20:38 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-07 20:38 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-07 20:38 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-07 20:38 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-07 20:38 - 2012-11-02 00:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-01-07 20:38 - 2012-11-02 00:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-01-07 20:38 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-01-07 20:38 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-01-07 20:38 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-01-07 20:38 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-01-07 20:38 - 2011-04-09 01:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-01-07 20:38 - 2011-04-09 00:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-01-07 20:38 - 2011-02-22 23:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-01-07 20:37 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-07 20:37 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-07 20:37 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-07 20:37 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-07 20:37 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-07 20:37 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-07 20:37 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-07 20:37 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-07 20:37 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-07 20:37 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-07 20:37 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-07 20:37 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-07 20:37 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-07 20:37 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-07 20:37 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-07 20:37 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-07 20:37 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-07 20:37 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-07 20:37 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-07 20:37 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-07 20:37 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-07 20:37 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-07 20:37 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-07 20:37 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-07 20:37 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-07 20:37 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-07 20:37 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-07 20:37 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-07 20:37 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-07 20:37 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-07 20:37 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-07 20:37 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-07 20:37 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-07 20:37 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-07 20:37 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-07 20:37 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-07 20:37 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-07 20:37 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-01-07 20:37 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-01-07 20:37 - 2012-03-01 01:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-01-07 20:37 - 2012-03-01 01:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-01-07 20:37 - 2012-03-01 00:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-01-07 20:37 - 2011-10-15 01:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-01-07 20:37 - 2011-10-15 00:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-01-07 20:36 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-07 20:36 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-07 20:36 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-07 20:36 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-07 20:36 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-07 20:36 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-07 20:36 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-07 20:36 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-07 20:36 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-07 20:36 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-07 20:36 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-07 20:36 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-07 20:36 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-07 20:36 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-07 20:36 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-07 20:36 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-07 20:36 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-07 20:36 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-07 20:36 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-01-07 20:36 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-07 20:36 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-07 20:36 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-01-07 20:36 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-01-07 20:36 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-07 20:36 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-07 20:36 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-07 20:36 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-07 20:36 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-07 20:36 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-07 20:36 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-07 20:36 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-07 20:36 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-07 20:36 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-07 20:36 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-01-07 20:36 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-07 20:36 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-07 20:36 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-07 20:36 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-07 20:36 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-01-07 20:36 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-07 20:36 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-07 20:36 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-07 20:36 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-07 20:36 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-01-07 20:36 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-01-07 20:36 - 2013-02-11 23:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-01-07 20:36 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-01-07 20:36 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-01-07 20:36 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-01-07 20:36 - 2012-11-28 17:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-01-07 20:36 - 2012-09-25 17:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-01-07 20:36 - 2012-09-25 17:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-01-07 20:36 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-01-07 20:36 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-01-07 20:36 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-01-07 20:36 - 2012-04-26 00:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-01-07 20:36 - 2012-04-26 00:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-01-07 20:36 - 2012-03-17 02:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-01-07 20:36 - 2011-12-30 01:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-01-07 20:36 - 2011-12-30 00:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-01-07 20:36 - 2011-12-16 03:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-01-07 20:36 - 2011-12-16 02:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-01-07 20:36 - 2011-11-17 01:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-01-07 20:36 - 2011-11-17 00:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-01-07 20:36 - 2011-10-26 00:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-01-07 20:36 - 2011-10-25 23:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-01-07 20:36 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-01-07 20:35 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-07 20:35 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-07 20:35 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-07 20:35 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-07 20:35 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-07 20:35 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-01-07 20:35 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-01-07 20:35 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-01-07 20:35 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-01-07 20:35 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-01-07 20:35 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-01-07 20:33 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-07 20:30 - 2015-01-18 18:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-07 20:30 - 2015-01-11 16:14 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-07 20:30 - 2015-01-11 16:14 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-07 20:30 - 2015-01-11 16:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-07 20:29 - 2015-01-07 20:29 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-07 20:28 - 2012-06-06 00:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-01-07 20:27 - 2012-06-06 01:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-01-07 20:23 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-07 20:23 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-07 20:22 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-07 20:22 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-07 20:22 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-07 20:22 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-07 20:22 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-07 19:56 - 2015-01-07 21:41 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-01-07 19:56 - 2015-01-07 19:56 - 00001086 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
2015-01-07 19:55 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files\Adobe
2015-01-07 19:55 - 2015-01-07 19:55 - 00001048 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
2015-01-07 19:53 - 2015-01-07 19:53 - 00001534 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
2015-01-07 19:53 - 2015-01-07 19:53 - 00001368 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
2015-01-07 19:51 - 2015-01-07 19:56 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2015-01-07 19:32 - 2015-01-07 19:32 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Macromedia
2015-01-07 19:30 - 2015-01-18 11:30 - 00000000 ____D () C:\Users\Steve\AppData\Local\Adobe
2015-01-07 19:21 - 2015-01-07 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-07 19:20 - 2015-01-07 21:28 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2015-01-07 19:17 - 2015-01-13 17:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-01-07 19:17 - 2015-01-11 14:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-01-07 19:17 - 2015-01-07 19:17 - 00000000 ____D () C:\Users\Steve\AppData\Local\Microsoft Help
2015-01-07 19:17 - 2015-01-07 19:17 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-01-07 19:16 - 2015-01-07 19:16 - 00000000 __RHD () C:\MSOCache
2015-01-07 18:42 - 2014-03-17 15:52 - 01239744 _____ (Microsoft Corporation) C:\Users\Steve\Downloads\wlsetup-web.exe
2015-01-07 18:42 - 2014-02-28 16:26 - 00508684 _____ () C:\Users\Steve\Downloads\Screening_Packet_03182-36733.zip
2015-01-07 18:42 - 2014-02-18 09:16 - 00508701 _____ () C:\Users\Steve\Downloads\Screening_Packet_03182-29397.zip
2015-01-07 18:42 - 2013-01-21 17:54 - 00016062 _____ () C:\Users\Steve\Downloads\RGB_255to0_52steps_Bayer.dng.zip
2015-01-07 18:42 - 2009-11-02 16:19 - 00495308 _____ () C:\Users\Steve\Downloads\PWT_Code_1-12.zip
2015-01-07 18:42 - 2009-07-13 22:16 - 00046824 _____ () C:\Users\Steve\Downloads\TheColourWatcherTool.zip
2015-01-07 18:42 - 2008-04-05 11:43 - 00344252 _____ () C:\Users\Steve\Downloads\wgcmyk_gcr_light_b85_11-14-01.zip
2015-01-07 18:42 - 2008-02-22 22:15 - 00320223 _____ () C:\Users\Steve\Downloads\TLRSplitChannels.zip
2015-01-07 18:42 - 2007-12-05 23:01 - 04097968 _____ () C:\Users\Steve\Downloads\wzapload.exe
2015-01-07 18:42 - 2007-03-09 16:41 - 00506697 _____ () C:\Users\Steve\Downloads\winf1821.zip
2015-01-07 18:42 - 2006-02-11 20:22 - 00341531 _____ () C:\Users\Steve\Downloads\TactViewer2_5.zip
2015-01-07 18:42 - 2005-06-03 12:30 - 02417824 _____ () C:\Users\Steve\Downloads\winzip90.exe
2015-01-07 18:42 - 2005-05-11 14:25 - 00229880 _____ () C:\Users\Steve\Downloads\TactCor.zip
2015-01-07 18:42 - 2004-11-13 17:37 - 01152319 _____ () C:\Users\Steve\Downloads\tfti.zip
2015-01-07 18:42 - 2003-12-04 17:45 - 02267136 _____ () C:\Users\Steve\Downloads\WSetup.exe
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\wgcmyk_gcr_light_b85_11-14-01
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\TLRSplitChannels
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\tfti
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-17
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-14
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PWT_Code_1-12
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\PPW_Tools_3.33_EN_Win
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Panda
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\NikonUsbScanners64
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Kelby
2015-01-07 18:41 - 2015-01-07 18:41 - 00000000 ____D () C:\Users\Steve\Downloads\Clip
2015-01-07 18:41 - 2014-09-10 13:19 - 02548448 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Steve\Downloads\ashampoo_burning_studio_14_dl.exe
2015-01-07 18:41 - 2014-03-29 14:04 - 00001296 _____ () C:\Users\Steve\Downloads\files.txt
2015-01-07 18:41 - 2014-03-29 13:57 - 15049096 _____ () C:\Users\Steve\Downloads\ns403en_vista.exe
2015-01-07 18:41 - 2014-03-29 13:49 - 00006382 _____ () C:\Users\Steve\Downloads\NikonUsbScanners64.zip
2015-01-07 18:41 - 2014-03-18 14:06 - 06625568 _____ () C:\Users\Steve\Downloads\epson15546.exe
2015-01-07 18:41 - 2013-11-18 17:46 - 44941817 _____ () C:\Users\Steve\Downloads\PPW_Tools_3.33_EN_Win.zip
2015-01-07 18:41 - 2013-06-03 12:02 - 39298960 _____ () C:\Users\Steve\Downloads\colorefexpro4.zip
2015-01-07 18:41 - 2012-10-15 08:34 - 39519104 _____ () C:\Users\Steve\Downloads\ColorEfexPro4.exe
2015-01-07 18:41 - 2012-10-09 08:05 - 02556354 _____ () C:\Users\Steve\Downloads\AdobeExchange.zxp
2015-01-07 18:41 - 2009-10-31 16:57 - 04116424 _____ () C:\Users\Steve\Downloads\Zap684.exe
2015-01-07 18:41 - 2009-09-15 11:24 - 05383889 _____ (InstallShield Software Corporation) C:\Users\Steve\Downloads\Install Tact-2.0 S V1.0.65F9.exe
2015-01-07 18:41 - 2008-02-06 16:11 - 02048000 _____ (Adobe Systems, Copyright 2005-2007) C:\Users\Steve\Downloads\PatcherApplication.exe
2015-01-07 18:41 - 2007-07-25 15:42 - 07002416 _____ (Pantone & GretagMacbeth ) C:\Users\Steve\Downloads\Pantone_huey1_0_5_Installer.exe
2015-01-07 18:41 - 2007-03-26 17:11 - 01240851 _____ () C:\Users\Steve\Downloads\D200_Update.zip
2015-01-07 18:41 - 2005-06-12 17:59 - 02430161 _____ () C:\Users\Steve\Downloads\NastyMeds.wmv
2015-01-07 18:41 - 2005-06-03 12:35 - 00029378 _____ () C:\Users\Steve\Downloads\pkunzip.exe
2015-01-07 18:41 - 2005-05-11 14:19 - 00452164 _____ () C:\Users\Steve\Downloads\GoodVibrations.zip
2015-01-07 18:41 - 2005-05-11 14:17 - 00055290 _____ () C:\Users\Steve\Downloads\Cal4All.mic
2015-01-07 18:41 - 2005-03-18 21:10 - 03203920 _____ () C:\Users\Steve\Downloads\DCP-ProfileKit.zip
2015-01-07 18:40 - 2015-01-07 18:40 - 00000000 ____D () C:\Windows\CSC
2015-01-07 18:27 - 2015-01-07 18:28 - 00080178 _____ () C:\Users\Steve\Documents\January.eml
2015-01-07 18:27 - 2015-01-07 18:28 - 00035761 _____ () C:\Users\Steve\Documents\Candidate Bio.eml
2015-01-07 18:27 - 2015-01-07 18:27 - 00003530 _____ () C:\Users\Steve\Documents\ORSAOrientation.eml
2015-01-07 18:27 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\Version Cue
2015-01-07 18:27 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\TVA
2015-01-07 18:27 - 2014-12-14 16:37 - 00022165 _____ () C:\Users\Steve\Documents\Savings Bonds_htm.htm
2015-01-07 18:27 - 2014-03-14 10:04 - 00000000 ____D () C:\Users\Steve\Documents\Slideshows
2015-01-07 18:27 - 2012-12-10 15:20 - 00001240 _____ () C:\Users\Steve\Documents\ProShow Slideshow.psh
2015-01-07 18:27 - 2012-12-10 15:15 - 00000016 _____ () C:\Users\Steve\Documents\ProShow Slideshow.pxc
2015-01-07 18:27 - 2012-07-06 13:54 - 01034295 _____ () C:\Users\Steve\Documents\Trunk Monkey 2.wmv
2015-01-07 18:27 - 2011-01-20 10:35 - 00000000 ____D () C:\Users\Steve\Documents\Updater5
2015-01-07 18:27 - 2009-10-31 17:48 - 00011592 _____ () C:\Users\Steve\Documents\OCBusMeet101909.dotx
2015-01-07 18:27 - 2009-07-28 11:29 - 00022528 _____ () C:\Users\Steve\Documents\OssoliBODattendance2.xls
2015-01-07 18:27 - 2009-07-28 11:19 - 00022528 _____ () C:\Users\Steve\Documents\OssoliBODattendance.xls
2015-01-07 18:27 - 2007-12-07 12:37 - 00000338 _____ () C:\Users\Steve\Documents\nlprefs.nlp
2015-01-07 18:27 - 2007-07-08 22:31 - 00000520 _____ () C:\Users\Steve\Documents\spider.sav
2015-01-07 18:27 - 2006-12-19 21:24 - 00001776 _____ () C:\Users\Steve\Documents\Default007.bsf
2015-01-07 18:27 - 2005-05-16 19:27 - 00022528 _____ () C:\Users\Steve\Documents\Sixth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:24 - 00022016 _____ () C:\Users\Steve\Documents\Fourth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:17 - 00022016 _____ () C:\Users\Steve\Documents\RelatedArtsAttendance04.xls
2015-01-07 18:27 - 2005-05-16 19:13 - 00022528 _____ () C:\Users\Steve\Documents\Fifth Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:08 - 00022016 _____ () C:\Users\Steve\Documents\Third Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:05 - 00022528 _____ () C:\Users\Steve\Documents\Second Period Attendance04.xls
2015-01-07 18:27 - 2005-05-16 19:04 - 00022016 _____ () C:\Users\Steve\Documents\First Period Attendance04.xls
2015-01-07 18:27 - 2005-04-26 20:14 - 00022016 _____ () C:\Users\Steve\Documents\Yearbookstaff04-05.xls
2015-01-07 18:27 - 2005-02-08 19:48 - 02236865 _____ () C:\Users\Steve\Documents\Trunk Monkey1.wmv
2015-01-07 18:27 - 2005-01-26 21:11 - 00000620 _____ () C:\Users\Steve\Documents\iris.alv
2015-01-07 18:27 - 2004-10-04 19:11 - 00022016 _____ () C:\Users\Steve\Documents\RelatedArts Attendance04.xls
2015-01-07 18:27 - 2004-04-15 19:58 - 00023113 _____ () C:\Users\Steve\Documents\089-04dc.wpd
2015-01-07 18:27 - 2004-04-10 17:18 - 00022016 _____ () C:\Users\Steve\Documents\AnnualStaff.xls
2015-01-07 18:27 - 2004-04-04 21:59 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#6.xls
2015-01-07 18:27 - 2004-03-21 13:04 - 00022016 _____ () C:\Users\Steve\Documents\Seventh Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:57 - 00022016 _____ () C:\Users\Steve\Documents\Sixth Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:52 - 00022016 _____ () C:\Users\Steve\Documents\Fifth Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:51 - 00022528 _____ () C:\Users\Steve\Documents\Third Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:48 - 00022016 _____ () C:\Users\Steve\Documents\Second Period Attendance.xls
2015-01-07 18:27 - 2004-03-21 12:47 - 00022016 _____ () C:\Users\Steve\Documents\First Period Attendance.xls
2015-01-07 18:27 - 2003-10-19 15:47 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG #5.xls
2015-01-07 18:27 - 2003-10-19 15:37 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#4.xls
2015-01-07 18:27 - 2003-10-19 15:29 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#3.xls
2015-01-07 18:27 - 2003-10-19 15:13 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG #2.xls
2015-01-07 18:27 - 2003-10-19 15:03 - 00022016 _____ () C:\Users\Steve\Documents\DCLOG#1.xls
2015-01-07 18:27 - 2003-10-19 15:03 - 00022016 _____ () C:\Users\Steve\Documents\AlphaAttend0203#1.xls
2015-01-07 18:27 - 2003-08-09 08:59 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsOliver03-04.xls
2015-01-07 18:27 - 2003-08-09 08:52 - 00020992 _____ () C:\Users\Steve\Documents\Homeroom recordsOliverAttendance.xls
2015-01-07 18:27 - 2003-05-09 17:38 - 00023552 _____ () C:\Users\Steve\Documents\2003FinalDCPay#3.xls
2015-01-07 18:27 - 2003-05-09 17:02 - 00026112 _____ () C:\Users\Steve\Documents\2003FinalDCPay-#2.xls
2015-01-07 18:27 - 2003-05-08 22:29 - 00026112 _____ () C:\Users\Steve\Documents\2003FinalDCPay- #1.xls.xls
2015-01-07 18:27 - 2003-03-22 14:06 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#5.xls
2015-01-07 18:27 - 2003-03-22 14:05 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#4.xls
2015-01-07 18:27 - 2003-03-22 14:03 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#3.xls
2015-01-07 18:27 - 2003-03-22 14:01 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttend0203#2.xls
2015-01-07 18:27 - 2003-03-02 15:12 - 00022016 _____ () C:\Users\Steve\Documents\Study Skills.xls
2015-01-07 18:27 - 2003-03-02 15:08 - 00022016 _____ () C:\Users\Steve\Documents\Fourth Period Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:51 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsE03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:48 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsD03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:45 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsC03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:42 - 00021504 _____ () C:\Users\Steve\Documents\DCrecordsB03Attendance.xls
2015-01-07 18:27 - 2002-09-22 12:35 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsfinkAttendance.xls
2015-01-07 18:27 - 2002-09-22 12:35 - 00021504 _____ () C:\Users\Steve\Documents\DC recordsA03Attendance.xls
2015-01-07 18:27 - 2002-08-07 15:56 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsOliverStudySkills.xls
2015-01-07 18:27 - 2002-08-06 18:43 - 00021504 _____ () C:\Users\Steve\Documents\AlphaAttendance.xls
2015-01-07 18:27 - 2002-08-05 19:20 - 00020992 _____ () C:\Users\Steve\Documents\Homeroom Attendance.xls
2015-01-07 18:27 - 2002-04-30 19:32 - 00021504 _____ () C:\Users\Steve\Documents\DC3secpay2002.xls
2015-01-07 18:27 - 2002-04-02 20:15 - 00023040 _____ () C:\Users\Steve\Documents\DC2secpay2002.xls
2015-01-07 18:27 - 2002-04-02 20:12 - 00023040 _____ () C:\Users\Steve\Documents\DC Secpay2002.xls
2015-01-07 18:27 - 2002-03-10 14:31 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom oliverAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:55 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom HicksAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:50 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom alvisAttendance.xls
2015-01-07 18:27 - 2001-11-18 18:45 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom NewMathAttendance.xls
2015-01-07 18:27 - 2001-10-15 09:47 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom cummingsAttendance.xls
2015-01-07 18:27 - 2001-08-19 13:04 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsNewmathAttendance.xls.xls
2015-01-07 18:27 - 2001-08-19 13:01 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom recordsHicksAttendance.xls
2015-01-07 18:27 - 2001-08-19 12:59 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordscummingsAttendance.xls
2015-01-07 18:27 - 2001-08-19 12:55 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom recordsalvisAttendance.xls
2015-01-07 18:27 - 2001-03-27 09:58 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom GronskiNODC.xls
2015-01-07 18:27 - 2001-03-27 09:30 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom HicksNODC.xls
2015-01-07 18:27 - 2001-03-27 09:25 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom alvisNODC.xls
2015-01-07 18:27 - 2001-03-27 09:20 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom cummingsNODC.xls
2015-01-07 18:27 - 2001-03-27 09:15 - 00021504 _____ () C:\Users\Steve\Documents\Homeroom oliverNODC.xls
2015-01-07 18:27 - 2001-03-18 10:46 - 00020992 _____ () C:\Users\Steve\Documents\2003FinalDCPay.xls.xls
2015-01-07 18:27 - 2001-03-18 10:39 - 00020992 _____ () C:\Users\Steve\Documents\DC oliverAttendance.xls
2015-01-07 18:27 - 2001-01-01 18:36 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#3forNCT.xls
2015-01-07 18:27 - 2001-01-01 18:35 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG #2for NCT.xls
2015-01-07 18:27 - 2001-01-01 18:33 - 00021504 _____ () C:\Users\Steve\Documents\DCLOG#1forNCT.xls
2015-01-07 18:27 - 2000-11-07 17:12 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom WildeAttendance.xls
2015-01-07 18:27 - 2000-11-07 17:09 - 00022016 _____ () C:\Users\Steve\Documents\Homeroom recordsWildeAttendance.xls
2015-01-07 18:27 - 2000-08-12 15:38 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordscummingsAttendance.xls
2015-01-07 18:27 - 2000-04-09 19:50 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordsEnglishAttendance.xls
2015-01-07 18:27 - 2000-04-09 19:49 - 00020992 _____ () C:\Users\Steve\Documents\DCrecordsalvisAttendance.xls
2015-01-07 18:27 - 2000-03-27 11:26 - 00021504 _____ () C:\Users\Steve\Documents\DCLOGlate3rd.xls
2015-01-07 18:27 - 2000-01-30 14:40 - 00021504 _____ () C:\Users\Steve\Documents\LATEDClist.xls
2015-01-07 18:27 - 1999-09-09 18:40 - 00021504 _____ () C:\Users\Steve\Documents\Ch One Scores.xls
2015-01-07 18:27 - 1999-07-31 23:07 - 00344064 _____ () C:\Users\Steve\Documents\Steve's Retirement.ppt
2015-01-07 18:27 - 1998-10-15 19:02 - 00017920 _____ () C:\Users\Steve\Documents\Field #1.xls
2015-01-07 18:27 - 1998-09-21 13:44 - 00060416 _____ () C:\Users\Steve\Documents\Comp98.xls
2015-01-07 18:27 - 1998-05-21 09:10 - 00080896 _____ () C:\Users\Steve\Documents\KPI15.ppt
2015-01-07 18:27 - 1998-03-15 20:20 - 00020992 _____ () C:\Users\Steve\Documents\Form1.xls
2015-01-07 18:27 - 1997-07-29 19:20 - 00230400 _____ () C:\Users\Steve\Documents\Invoice1.xls
2015-01-07 18:27 - 1997-03-28 19:22 - 08140288 _____ () C:\Users\Steve\Documents\steve.ppt
2015-01-07 18:27 - 1997-01-27 21:09 - 00930238 _____ () C:\Users\Steve\Documents\f&s.bmp
2015-01-07 18:27 - 1997-01-02 16:58 - 00820856 _____ () C:\Users\Steve\Documents\geticard.tif
2015-01-07 18:26 - 2015-01-07 18:27 - 00000000 ____D () C:\Users\Steve\Documents\scsi driver
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ___SD () C:\Users\Steve\Documents\My DVDs
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ___RD () C:\Users\Steve\Documents\My Stationery
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\PSPrefBkup
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\OneNote Notebooks
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Info
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\CyberLink
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar15
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar14
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar13
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar12
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar11
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar10
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar09
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar08
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar07
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar06
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar05
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Calendar02
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Ashampoo Burning Studio 14
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\AdobeStockPhotos
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Adobe
2015-01-07 18:26 - 2015-01-07 18:26 - 00000000 ____D () C:\Users\Steve\Documents\Across Crosswords
2015-01-07 18:26 - 2011-01-20 10:53 - 00000000 ____D () C:\Users\Steve\Documents\Adobe Scripts
2015-01-07 18:26 - 2011-01-20 10:35 - 00000000 ____D () C:\Users\Steve\Documents\My Received Files
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Panda Security
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Global Protection 2015
2015-01-07 17:25 - 2015-01-07 17:25 - 00000000 ____D () C:\Program Files (x86)\Panda Security
2015-01-07 17:23 - 2015-01-07 17:25 - 00000000 ____D () C:\ProgramData\Panda Security
2015-01-07 17:17 - 2015-01-14 09:03 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Windows Live Writer
2015-01-07 17:17 - 2015-01-07 17:17 - 00000000 ____D () C:\Users\Steve\AppData\Local\Windows Live Writer
2015-01-07 17:12 - 2015-01-07 17:12 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-01-07 17:08 - 2015-01-07 17:08 - 00000000 ____D () C:\Program Files\Windows Live
2015-01-07 17:08 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-01-07 17:08 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-01-07 17:08 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-01-07 17:07 - 2015-01-14 08:59 - 00000000 ____D () C:\Users\Steve\AppData\Local\Windows Live
2015-01-07 17:07 - 2015-01-07 17:07 - 00002190 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00002115 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00002115 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ___RD () C:\Users\Steve\OneDrive
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2015-01-07 17:07 - 2015-01-07 17:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
2015-01-07 16:59 - 2015-01-07 21:46 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Adobe
2015-01-07 16:54 - 2015-01-08 08:15 - 00001428 _____ () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-07 16:54 - 2015-01-07 17:11 - 00000000 ____D () C:\Users\Steve\AppData\Local\Google
2015-01-07 16:54 - 2015-01-07 16:54 - 00000000 ____D () C:\Users\Steve\AppData\Roaming\Leadertech
2015-01-07 16:54 - 2015-01-07 16:54 - 00000000 ____D () C:\Users\Steve\AppData\Local\VirtualStore
2015-01-07 16:53 - 2012-02-17 01:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-07 16:53 - 2012-02-17 00:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-01-07 16:53 - 2012-02-16 23:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-07 16:47 - 2015-01-08 08:56 - 00081736 _____ () C:\Users\Steve\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-07 16:47 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-07 16:47 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-07 16:47 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-07 16:47 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-07 16:47 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-07 16:47 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-07 16:46 - 2015-01-07 17:07 - 00000000 ____D () C:\Users\Steve
2015-01-07 16:46 - 2015-01-07 16:46 - 00000020 ___SH () C:\Users\Steve\ntuser.ini
2015-01-07 16:46 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-07 16:46 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-07 16:46 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-07 16:46 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-07 16:46 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-07 16:46 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Steve\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-18 18:23 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 18:23 - 2009-07-13 23:45 - 00031296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 18:20 - 2012-04-15 12:31 - 01519865 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 18:16 - 2010-11-20 22:47 - 00396544 _____ () C:\Windows\PFRO.log
2015-01-18 18:16 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 18:16 - 2009-07-13 23:51 - 00046436 _____ () C:\Windows\setupact.log
2015-01-18 17:56 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2015-01-15 20:37 - 2009-07-14 00:13 - 00774028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-13 17:05 - 2012-04-15 12:46 - 00000000 ____D () C:\ProgramData\Adobe
2015-01-11 16:09 - 2012-04-15 12:53 - 00000000 ____D () C:\Program Files (x86)\Java
2015-01-11 16:08 - 2012-04-15 12:53 - 00272296 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2015-01-11 16:08 - 2012-04-15 12:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2015-01-11 16:08 - 2012-04-15 12:53 - 00176552 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2015-01-11 15:56 - 2009-07-13 23:45 - 04947456 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-08 08:12 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-08 08:06 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-08 08:06 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-08 08:06 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat
2015-01-08 08:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-08 08:05 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-07 19:55 - 2012-04-15 12:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-01-07 19:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-07 19:17 - 2010-11-21 02:16 - 00000000 ____D () C:\Windows\ShellNew
2015-01-07 18:38 - 2011-02-15 04:42 - 00000000 ____D () C:\Windows\Panther
2015-01-07 18:03 - 2012-04-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-07 17:31 - 2012-04-15 13:07 - 00000000 ____D () C:\ProgramData\Norton
2015-01-07 17:31 - 2012-04-15 12:59 - 00000000 ____D () C:\Program Files\Google
2015-01-07 17:15 - 2012-04-15 13:03 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2015-01-07 17:08 - 2012-04-15 13:04 - 00001469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2015-01-07 17:07 - 2012-04-15 12:44 - 00353111 _____ () C:\Windows\DirectX.log
2015-01-07 16:59 - 2012-04-15 12:58 - 00000000 ____D () C:\ProgramData\Google
2015-01-07 16:54 - 2012-04-15 12:54 - 00000000 ____D () C:\swshare
2015-01-07 16:54 - 2011-02-15 04:42 - 00000000 ____D () C:\SWTOOLS
2015-01-07 16:47 - 2012-04-15 12:36 - 00000042 _____ () C:\Windows\SysWOW64\Drivers\17AA_Lenovo_ThinkPad_Edge_0319_46U.MRK
2015-01-07 16:46 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-06 04:36 - 2010-11-20 22:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Steve\AppData\Local\Temp\ose00000.exe
C:\Users\Steve\AppData\Local\Temp\Quarantine.exe
C:\Users\Steve\AppData\Local\Temp\sqlite3.dll
C:\Users\Steve\AppData\Local\Temp\{B82795A3-204A-49B0-B28E-ADC2F26621B6}.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-18 17:49

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users