Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan/Win32.Dialer.3ea6


  • This topic is locked This topic is locked
29 replies to this topic

#1 sonicspro

sonicspro

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 20 April 2015 - 02:49 PM

I noticed that my laptop was behaving strangely: windows start menu, pc settings and other random programs/windows will populate and close unexpectedly. 

 

Coincidentally (or not) my credit card information was compromised within the last 2 weeks. 

 

I did a factory reset and updated accordingly. I used process explorer and found Trojan/Win32.Dialer.3ea6 associated with VAIOUpdt.exe and autoruns to find an image hijack of IEXPLORE.EXE also used malwarebytes, emisoft anti-malware and bitdefender but did not find anything. 

 

I realize that i could manually remove VAIOUpdt.exe and the image hijack but am concerned that this may not be the only issue or it may have propagated other issues as well. 

 

My knowledge of computers is pretty (very) limited and would really appreciate any help you could provide!

==============================================================================

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by G (administrator) on Y on 20-04-2015 11:32:34
Running from C:\Users\G\Desktop
Loaded Profiles: G (Available profiles: G)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Windows\System32\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\seccenter.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Improvement\vim.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-07] (Apple Inc.)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1691112 2015-04-15] (Bitdefender)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [68776 2012-08-18] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [724576 2012-07-27] (Sony Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4886608 2015-03-24] (Emsisoft GmbH)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1201469603-3977835290-1042468851-1001\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdwtxag.exe [790880 2015-04-15] (Bitdefender)
HKU\S-1-5-21-1201469603-3977835290-1042468851-1001\...\RunOnce: [Adobe Speed Launcher] => 1429552192
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-06] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-06] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1201469603-3977835290-1042468851-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://sony13.msn.com
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-15] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-04-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-06] (Microsoft Corporation)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-15] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-04-06] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-06] (Microsoft Corporation)
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-04-15] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-04-15] (Bitdefender)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-06] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.212.65.196 66.212.65.197
 
FireFox:
========
FF ProfilePath: C:\Users\G\AppData\Roaming\Mozilla\Firefox\Profiles\lg4p9vsp.default
FF Plugin: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\system32\npDeployJava1.dll [2012-09-24] (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 -> C:\WINDOWS\SysWOW64\npDeployJava1.dll [2012-09-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-04-06] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-06] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-02] (Adobe Systems Inc.)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-04-15]
FF HKLM-x32\...\Firefox\Extensions: [VIP5X@verisign.com] - C:\Program Files (x86)\Symantec\VIP Access Client
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-04-15]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
 
Chrome: 
=======
CHR Profile: C:\Users\G\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-15]
CHR Extension: (Google Docs) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-15]
CHR Extension: (Google Drive) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-15]
CHR Extension: (YouTube) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-15]
CHR Extension: (Google Search) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-15]
CHR Extension: (Google Sheets) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-15]
CHR Extension: (AdBlock) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-15]
CHR Extension: (Bookmark Manager) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-15]
CHR Extension: (Google Wallet) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-15]
CHR Extension: (Gmail) - C:\Users\G\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-15]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [5020520 2015-03-24] (Emsisoft GmbH)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
R2 AtherosSvc; C:\Windows\system32\AdminService.exe [208384 2012-08-29] (Atheros Commnucations)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
S4 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S4 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S4 NetworkSupport; C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkSupport.exe [623784 2012-08-18] (Sony Corporation)
S4 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [474208 2012-07-27] (Sony Corporation)
S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () [File not signed]
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-04-15] (Bitdefender)
S4 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1266336 2012-07-24] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
S4 SOHCImp; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe" [X]
S4 SOHDms; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe" [X]
S4 SOHDs; "C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe" [X]
S4 VCFw; "C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe" [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-04-15] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-04-15] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-04-15] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-04-15] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\WINDOWS\system32\drivers\bdsandbox.sys [82824 2015-04-15] (BitDefender SRL)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [135800 2015-03-24] (Emsisoft GmbH)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160544 2015-04-15] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-20] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R3 SOWS; C:\Windows\System32\drivers\sows.sys [24280 2012-06-10] (Sony Corporation)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
S3 AthBTPort; \SystemRoot\system32\DRIVERS\btath_flt.sys [X]
S3 BTATH_A2DP; \SystemRoot\system32\drivers\btath_a2dp.sys [X]
S3 btath_avdt; \SystemRoot\system32\drivers\btath_avdt.sys [X]
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
S3 BTATH_HCRP; \SystemRoot\System32\drivers\btath_hcrp.sys [X]
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]
S3 BTATH_RCP; \SystemRoot\System32\drivers\btath_rcp.sys [X]
S3 BTATH_VDP; \SystemRoot\system32\drivers\btath_vdp.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 11:32 - 2015-04-20 11:32 - 00017095 _____ () C:\Users\G\Desktop\FRST.txt
2015-04-20 11:29 - 2015-04-20 11:32 - 00000000 ____D () C:\FRST
2015-04-20 11:28 - 2015-04-20 11:28 - 02099712 _____ (Farbar) C:\Users\G\Desktop\FRST64.exe
2015-04-17 17:03 - 2015-04-17 17:03 - 00291606 _____ () C:\Users\G\Downloads\TCPView.zip
2015-04-17 17:00 - 2015-04-17 17:00 - 00000000 ____D () C:\ProgramData\Emsisoft
2015-04-17 15:59 - 2015-04-17 15:59 - 00001095 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-04-17 15:59 - 2015-04-17 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-04-17 15:59 - 2015-03-24 00:17 - 00135800 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2015-04-17 15:58 - 2015-04-20 11:06 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-04-17 15:57 - 2015-04-17 15:58 - 159213392 _____ (Emsisoft Ltd. ) C:\Users\G\Downloads\EmsisoftAntiMalwareSetup.exe
2015-04-17 14:13 - 2015-04-17 14:56 - 00000000 ____D () C:\Users\G\Programfiles
2015-04-17 14:10 - 2015-04-17 14:10 - 00588816 _____ () C:\Users\G\Downloads\Autoruns.zip
2015-04-16 17:05 - 2015-04-17 17:04 - 00000000 ____D () C:\Tools
2015-04-16 16:56 - 2015-04-16 16:56 - 01190415 _____ () C:\Users\G\Downloads\ProcessExplorer.zip
2015-04-16 14:38 - 2015-04-16 14:38 - 00000000 ____D () C:\Users\G\Documents\Fax
2015-04-15 16:10 - 2015-04-15 16:10 - 00000000 ____D () C:\Users\G\AppData\Temp
2015-04-15 16:05 - 2015-04-15 16:05 - 00262544 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avchv.sys
2015-04-15 16:05 - 2015-04-15 16:05 - 00160544 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\gzflt.sys
2015-04-15 16:05 - 2015-04-15 16:05 - 00079192 _____ (BitDefender) C:\WINDOWS\system32\Drivers\bdvedisk.sys
2015-04-15 16:05 - 2015-04-15 16:05 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin32.dll
2015-04-15 15:58 - 2015-04-15 15:58 - 00528600 _____ () C:\ProgramData\1429138424.bdinstall.bin
2015-04-15 15:57 - 2015-04-15 15:57 - 00000385 _____ () C:\WINDOWS\system32\user_gensett.xml
2015-04-15 15:57 - 2015-04-15 15:57 - 00000385 _____ () C:\Users\G\AppData\Roaminguser_gensett.xml
2015-04-15 15:56 - 2015-04-15 22:29 - 00000000 ____D () C:\ProgramData\BDLogging
2015-04-15 15:56 - 2015-04-15 16:04 - 00082824 _____ (BitDefender SRL) C:\WINDOWS\system32\Drivers\bdsandbox.sys
2015-04-15 15:56 - 2015-04-15 15:56 - 00002201 _____ () C:\Users\Public\Desktop\Bitdefender Internet Security 2015.lnk
2015-04-15 15:56 - 2015-04-15 15:56 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-04-15 15:56 - 2015-04-15 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-04-15 15:56 - 2014-12-02 16:37 - 00074000 _____ (BitDefender SRL) C:\WINDOWS\SysWOW64\bdsandboxuiskin32.dll
2015-04-15 15:56 - 2013-11-19 14:44 - 00098768 _____ (BitDefender LLC) C:\WINDOWS\system32\Drivers\bdfndisf6.sys
2015-04-15 15:56 - 2013-09-08 20:04 - 00023568 _____ (Bitdefender) C:\WINDOWS\system32\Drivers\bdelam.sys
2015-04-15 15:56 - 2007-04-11 11:11 - 00511328 _____ (Microsoft Corporation) C:\WINDOWS\capicom.dll
2015-04-15 15:55 - 2015-04-15 16:05 - 01306464 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avc3.sys
2015-04-15 15:55 - 2015-04-15 16:04 - 00677104 _____ (BitDefender) C:\WINDOWS\system32\Drivers\avckf.sys
2015-04-15 15:55 - 2015-04-15 16:02 - 00000000 ____D () C:\Users\G\AppData\Roaming\Bitdefender
2015-04-15 15:53 - 2015-04-15 16:04 - 00084848 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuiskin.dll
2015-04-15 15:53 - 2015-04-15 16:04 - 00033360 _____ (BitDefender SRL) C:\WINDOWS\system32\bdsandboxuh.dll
2015-04-15 15:53 - 2015-04-15 15:57 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-04-15 15:53 - 2015-04-15 15:53 - 02868848 _____ () C:\Users\G\Downloads\bitdefender_isecurity (1).exe
2015-04-15 15:53 - 2015-04-15 15:53 - 00000000 ____D () C:\Users\G\AppData\Roaming\QuickScan
2015-04-15 15:53 - 2015-04-15 15:53 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-04-15 15:53 - 2015-04-15 15:53 - 00000000 ____D () C:\Program Files\Bitdefender
2015-04-15 15:53 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\trufos.sys
2015-04-15 15:48 - 2015-04-15 15:49 - 02868848 _____ () C:\Users\G\Downloads\bitdefender_isecurity.exe
2015-04-15 15:42 - 2015-04-15 15:42 - 00000000 ____D () C:\Users\G\AppData\Local\VeriSign
2015-04-15 13:18 - 2015-04-15 13:18 - 45142720 _____ (Microsoft Corporation) C:\Users\G\Downloads\Windows-KB890830-x64-V5.23.exe
2015-04-15 13:11 - 2015-04-15 13:11 - 00002259 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-15 13:11 - 2015-04-15 13:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-15 13:10 - 2015-04-20 11:15 - 00000892 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-15 13:10 - 2015-04-20 10:49 - 00000888 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-15 13:10 - 2015-04-15 13:10 - 00880208 _____ (Google Inc.) C:\Users\G\Downloads\ChromeSetup(1).exe
2015-04-15 13:10 - 2015-04-15 13:10 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-15 13:10 - 2015-04-15 13:10 - 00003628 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-15 10:52 - 2015-03-17 00:00 - 06971712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-04-15 10:52 - 2015-03-16 23:52 - 01822696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-04-15 10:52 - 2015-03-16 21:45 - 01409496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-04-15 10:52 - 2015-03-09 22:28 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-04-15 10:52 - 2015-03-09 22:28 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-04-15 10:52 - 2015-03-09 22:28 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 19292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 15409152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-04-15 10:52 - 2015-03-09 22:27 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-04-15 10:52 - 2015-03-09 20:49 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-04-15 10:52 - 2015-03-09 20:48 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-04-15 10:52 - 2015-03-04 00:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2015-04-15 10:52 - 2015-03-03 23:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2015-04-15 10:52 - 2015-03-03 21:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2015-04-15 10:52 - 2015-02-24 00:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2015-04-15 10:39 - 2015-04-15 10:39 - 00000000 ____D () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-04-09 19:22 - 2015-04-09 19:22 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-04-09 19:21 - 2015-04-09 19:22 - 00000000 ____D () C:\Users\G\AppData\Roaming\Apple Computer
2015-04-09 19:21 - 2015-04-09 19:21 - 00001753 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-04-09 19:21 - 2015-04-09 19:21 - 00000000 ____D () C:\Users\G\AppData\Local\Apple Computer
2015-04-09 19:21 - 2015-04-09 19:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-04-09 19:21 - 2012-10-03 16:14 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2015-04-09 19:20 - 2015-04-09 19:21 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-04-09 19:20 - 2015-04-09 19:21 - 00000000 ____D () C:\Program Files\iTunes
2015-04-09 19:20 - 2015-04-09 19:20 - 00002519 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Users\G\AppData\Local\Apple
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files\iPod
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files\Bonjour
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-04-09 19:20 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-04-09 19:19 - 2015-04-09 19:20 - 00000000 ____D () C:\ProgramData\Apple
2015-04-09 19:19 - 2015-04-09 19:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-04-09 19:17 - 2015-04-09 19:18 - 152362800 _____ (Apple Inc.) C:\Users\G\Downloads\iTunes6464Setup.exe
2015-04-09 17:42 - 2015-04-09 17:42 - 00000000 ____D () C:\Users\G\AppData\Roaming\iolo
2015-04-09 17:34 - 2015-04-09 17:34 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-04-09 17:34 - 2015-04-09 17:34 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-04-09 17:32 - 2015-03-22 22:19 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-04-09 17:32 - 2015-03-22 22:17 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-04-09 17:32 - 2015-03-22 22:17 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-04-09 17:32 - 2015-03-22 22:17 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-04-09 17:32 - 2015-03-22 22:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-04-09 17:32 - 2015-03-22 22:17 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-04-09 17:32 - 2015-03-22 15:04 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-04-09 17:32 - 2014-12-02 18:48 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2015-04-06 12:20 - 2015-04-06 12:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-04-06 12:20 - 2015-04-06 12:28 - 00002401 _____ () C:\Users\G\Desktop\Word 2013.lnk
2015-04-06 12:20 - 2015-04-06 12:28 - 00002363 _____ () C:\Users\G\Desktop\Excel 2013.lnk
2015-04-06 12:17 - 2015-04-06 12:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-04-06 12:15 - 2015-04-06 12:15 - 01075376 _____ (Microsoft Corporation) C:\Users\G\Downloads\Setup.X86.en-us_O365ProPlusRetail_90518aba-bd21-41b6-a90d-ffd53e69aae6_TX_PR_.exe
2015-04-06 11:35 - 2015-04-09 17:34 - 00430392 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-04-06 11:28 - 2014-04-16 11:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2015-04-06 11:28 - 2014-04-16 11:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2015-04-06 11:25 - 2015-03-14 01:07 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2015-04-06 11:25 - 2015-03-13 23:33 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2015-04-06 11:15 - 2015-04-06 11:41 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak1
2015-04-06 11:05 - 2015-04-16 12:05 - 00000000 ____D () C:\WINDOWS\system32\AutoUpdateLicense
2015-04-06 10:49 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2015-04-06 10:41 - 2012-09-20 00:55 - 03265256 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\evbda.sys
2015-04-06 10:40 - 2012-09-20 02:08 - 00027280 _____ (Microsoft Corporation) C:\WINDOWS\system32\avrt.dll
2015-04-06 10:40 - 2012-09-20 01:40 - 00389360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2015-04-06 10:40 - 2012-09-20 01:31 - 00425192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-04-06 10:40 - 2012-09-20 00:55 - 00533224 _____ (Broadcom Corporation) C:\WINDOWS\system32\Drivers\bxvbda.sys
2015-04-06 10:40 - 2012-09-19 23:47 - 00307192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MMDevAPI.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 03964416 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSAT.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 01304064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00866304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00757248 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00699392 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetup.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\webio.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSATAPI.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00541184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00344064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcredprov.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwm.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2015-04-06 10:40 - 2012-09-19 23:33 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2015-04-06 10:40 - 2012-09-19 23:33 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\svchost.exe
2015-04-06 10:40 - 2012-09-19 23:32 - 01739264 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 01400832 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\system32\provcore.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfos.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcEpMap.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfdisk.dll
2015-04-06 10:40 - 2012-09-19 23:32 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00437760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfh264enc.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPHLPAPI.DLL
2015-04-06 10:40 - 2012-09-19 23:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2015-04-06 10:40 - 2012-09-19 23:31 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmcss.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 02016256 _____ (Microsoft Corporation) C:\WINDOWS\system32\batmeter.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 01743872 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2015-04-06 10:40 - 2012-09-19 23:30 - 00634880 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\aelupsvc.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 00180736 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdsrv.dll
2015-04-06 10:40 - 2012-09-19 23:30 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2015-04-06 10:40 - 2012-09-19 23:13 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-kernel-power-events.dll
2015-04-06 10:40 - 2012-09-19 23:13 - 00023656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\avrt.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00995328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webio.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-04-06 10:40 - 2012-09-19 22:55 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSATAPI.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcredprov.dll
2015-04-06 10:40 - 2012-09-19 22:55 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe
2015-04-06 10:40 - 2012-09-19 22:55 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-04-06 10:40 - 2012-09-19 22:55 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2015-04-06 10:40 - 2012-09-19 22:55 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\svchost.exe
2015-04-06 10:40 - 2012-09-19 22:54 - 01369600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RacEngn.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00709632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\provcore.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00480768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00413184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfh264enc.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfdisk.dll
2015-04-06 10:40 - 2012-09-19 22:54 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfnet.dll
2015-04-06 10:40 - 2012-09-19 22:53 - 02007040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\batmeter.dll
2015-04-06 10:40 - 2012-09-19 22:53 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2015-04-06 10:40 - 2012-09-19 22:53 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2015-04-06 10:40 - 2012-09-19 22:53 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appwiz.cpl
2015-04-06 10:40 - 2012-09-19 22:53 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-04-06 10:40 - 2012-09-19 22:53 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IPHLPAPI.DLL
2015-04-06 10:39 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2015-04-06 10:39 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2015-04-06 10:39 - 2012-09-27 00:17 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.exe
2015-04-06 10:39 - 2012-09-27 00:17 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndadmin.exe
2015-04-06 10:39 - 2012-09-27 00:15 - 00301568 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2015-04-06 10:39 - 2012-09-26 23:35 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.exe
2015-04-06 10:39 - 2012-09-26 23:35 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndadmin.exe
2015-04-06 10:39 - 2012-09-26 23:34 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2015-04-06 10:39 - 2012-09-19 23:33 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2015-04-06 10:39 - 2012-09-19 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpo.dll
2015-04-06 10:39 - 2012-09-19 23:33 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-04-06 10:39 - 2012-09-19 23:32 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfctrs.dll
2015-04-06 10:39 - 2012-09-19 23:32 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfproc.dll
2015-04-06 10:39 - 2012-09-19 23:32 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\MUILanguageCleanup.dll
2015-04-06 10:39 - 2012-09-19 23:32 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-04-06 10:39 - 2012-09-19 23:31 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\LangCleanupSysprepAction.dll
2015-04-06 10:39 - 2012-09-19 23:31 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2015-04-06 10:39 - 2012-09-19 23:09 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2015-04-06 10:39 - 2012-09-19 22:55 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2015-04-06 10:39 - 2012-09-19 22:54 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfctrs.dll
2015-04-06 10:39 - 2012-09-19 22:54 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfproc.dll
2015-04-06 10:39 - 2012-09-19 22:54 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perfos.dll
2015-04-06 10:39 - 2012-09-19 22:54 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2015-04-06 10:38 - 2014-07-11 21:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2015-04-06 10:38 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2015-04-06 10:38 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2015-04-06 10:38 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2015-04-06 10:38 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2015-04-06 10:38 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2015-04-06 10:38 - 2014-07-11 21:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2015-04-06 10:38 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2015-04-06 10:38 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2015-04-06 10:38 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2015-04-06 10:38 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2015-04-06 10:38 - 2014-07-11 21:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2015-04-06 10:38 - 2014-07-08 15:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2015-04-06 10:38 - 2014-07-08 15:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2015-04-06 10:38 - 2014-07-08 15:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2015-04-06 10:38 - 2014-07-08 15:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2015-04-06 10:38 - 2014-07-06 22:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-04-06 10:38 - 2014-07-06 22:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-04-06 10:38 - 2014-07-04 03:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2015-04-06 10:38 - 2014-06-28 00:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-04-06 10:38 - 2014-06-27 23:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-04-06 10:38 - 2014-06-17 16:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2015-04-06 10:38 - 2014-06-17 16:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2015-04-06 10:38 - 2014-06-11 07:47 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2015-04-06 10:38 - 2014-06-10 21:40 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2015-04-06 10:38 - 2014-06-10 15:44 - 01403896 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-04-06 10:38 - 2014-02-04 03:57 - 01271664 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-04-06 10:38 - 2013-05-24 15:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-04-06 10:38 - 2013-05-24 15:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-04-06 10:37 - 2012-10-23 21:54 - 00396008 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-04-06 10:37 - 2012-10-16 21:32 - 01172992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-04-06 10:37 - 2012-10-16 21:32 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2015-04-06 10:37 - 2012-10-16 20:57 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-04-06 10:37 - 2012-10-16 20:57 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2015-04-06 10:37 - 2012-10-11 23:13 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\dskquota.dll
2015-04-06 10:37 - 2012-10-11 22:39 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dskquota.dll
2015-04-06 10:36 - 2012-10-11 00:47 - 00793200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-04-06 10:36 - 2012-10-11 00:25 - 00056552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-04-06 10:36 - 2012-10-11 00:23 - 00441576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-04-06 10:36 - 2012-10-11 00:13 - 00033512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2015-04-06 10:36 - 2012-10-10 22:46 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-04-06 10:36 - 2012-10-10 22:46 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.Compression.dll
2015-04-06 10:36 - 2012-10-10 22:46 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeUISrv.exe
2015-04-06 10:36 - 2012-10-10 22:45 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2015-04-06 10:36 - 2012-10-10 22:45 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2015-04-06 10:36 - 2012-10-10 22:45 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\PCPKsp.dll
2015-04-06 10:36 - 2012-10-10 22:44 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2015-04-06 10:36 - 2012-10-10 22:44 - 00264704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2015-04-06 10:36 - 2012-10-10 22:44 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 01280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00244224 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2015-04-06 10:36 - 2012-10-10 22:43 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2015-04-06 10:36 - 2012-10-10 22:42 - 00612416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-04-06 10:36 - 2012-10-10 22:23 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-pdc.dll
2015-04-06 10:36 - 2012-10-10 22:23 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\kbdhebl3.dll
2015-04-06 10:36 - 2012-10-10 22:07 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-04-06 10:36 - 2012-10-10 22:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2015-04-06 10:36 - 2012-10-10 22:07 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.Compression.dll
2015-04-06 10:36 - 2012-10-10 22:07 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PCPKsp.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\input.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2015-04-06 10:36 - 2012-10-10 22:06 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2015-04-06 10:36 - 2012-10-10 22:05 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2015-04-06 10:36 - 2012-10-10 21:42 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kbdhebl3.dll
2015-04-06 10:35 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2015-04-06 10:35 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2015-04-06 10:35 - 2014-02-03 16:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-04-06 10:35 - 2014-02-03 16:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2015-04-06 10:35 - 2014-01-30 17:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2015-04-06 10:35 - 2014-01-30 17:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2015-04-06 10:35 - 2014-01-26 20:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-04-06 10:35 - 2014-01-15 16:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2015-04-06 10:35 - 2014-01-02 16:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2015-04-06 10:35 - 2014-01-02 16:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2015-04-06 10:35 - 2013-07-24 16:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-04-06 10:35 - 2013-07-24 16:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-04-06 10:34 - 2013-08-29 22:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2015-04-06 10:34 - 2013-08-29 22:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-04-06 10:34 - 2013-08-29 16:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-04-06 10:34 - 2013-08-20 23:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2015-04-06 10:34 - 2013-08-09 23:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2015-04-06 10:34 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2015-04-06 10:34 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-04-06 10:34 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2015-04-06 10:34 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-04-06 10:34 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-04-06 10:34 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-04-06 10:34 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-04-06 10:34 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2015-04-06 10:34 - 2013-06-25 19:59 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2015-04-06 10:34 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-04-06 10:34 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2015-04-06 10:34 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2015-04-06 10:34 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2015-04-06 10:34 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2015-04-06 10:34 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2015-04-06 10:34 - 2013-06-01 04:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-04-06 10:34 - 2013-06-01 03:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-04-06 10:34 - 2013-06-01 02:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2015-04-06 10:34 - 2013-06-01 02:24 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-04-06 10:34 - 2013-06-01 02:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-04-06 10:34 - 2013-06-01 02:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2015-04-06 10:34 - 2013-06-01 02:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-04-06 10:34 - 2013-06-01 02:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2015-04-06 10:34 - 2013-06-01 02:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2015-04-06 10:34 - 2013-06-01 02:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-04-06 10:34 - 2013-06-01 02:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2015-04-06 10:34 - 2013-06-01 02:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2015-04-06 10:34 - 2013-06-01 02:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-04-06 10:34 - 2013-06-01 02:20 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-04-06 10:34 - 2013-06-01 02:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-04-06 10:34 - 2013-06-01 02:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2015-04-06 10:34 - 2013-06-01 02:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2015-04-06 10:34 - 2013-05-31 20:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2015-04-06 10:34 - 2012-09-19 23:48 - 00062488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpfve.sys
2015-04-06 10:33 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2015-04-06 10:33 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2015-04-06 10:33 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2015-04-06 10:33 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2015-04-06 10:33 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2015-04-06 10:33 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2015-04-06 10:33 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-04-06 10:33 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2015-04-06 10:33 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-04-06 10:33 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2015-04-06 10:33 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2015-04-06 10:33 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2015-04-06 10:33 - 2013-06-16 15:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-04-06 10:33 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2015-04-06 10:33 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2015-04-06 10:33 - 2012-11-19 22:24 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2015-04-06 10:33 - 2012-11-19 22:17 - 01184256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2015-04-06 10:33 - 2012-11-19 22:02 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDKURD.DLL
2015-04-06 10:33 - 2012-11-19 21:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDKURD.DLL
2015-04-06 10:33 - 2012-10-02 00:34 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-04-06 10:32 - 2012-11-06 00:33 - 01566432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2015-04-06 10:32 - 2012-11-05 21:48 - 01150160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00883712 _____ (Microsoft Corporation) C:\WINDOWS\HelpPane.exe
2015-04-06 10:32 - 2012-11-05 21:20 - 00516608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe
2015-04-06 10:32 - 2012-11-05 21:20 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-04-06 10:32 - 2012-11-05 21:20 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 08552448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00466944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcncsvc.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapPeerProxy.dll
2015-04-06 10:32 - 2012-11-05 21:19 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2015-04-06 10:32 - 2012-11-05 21:18 - 11459584 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
2015-04-06 10:32 - 2012-11-05 21:18 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthprops.cpl
2015-04-06 10:32 - 2012-11-05 21:18 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-04-06 10:32 - 2012-11-05 21:18 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-04-06 10:32 - 2012-11-05 21:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-04-06 10:32 - 2012-11-05 21:17 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2015-04-06 10:32 - 2012-11-05 21:17 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-04-06 10:32 - 2012-11-05 21:00 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2015-04-06 10:32 - 2012-11-05 20:58 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2015-04-06 10:32 - 2012-11-05 20:56 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2015-04-06 10:32 - 2012-11-05 20:55 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdk8.sys
2015-04-06 10:32 - 2012-11-05 20:55 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelppm.sys
2015-04-06 10:32 - 2012-11-05 20:55 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\amdppm.sys
2015-04-06 10:32 - 2012-11-05 20:55 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\processr.sys
2015-04-06 10:32 - 2012-11-05 20:55 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fxppm.sys
2015-04-06 10:31 - 2015-04-06 10:31 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-04-06 10:31 - 2015-04-06 10:31 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2015-04-06 10:30 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-04-06 10:30 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2015-04-06 10:30 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2015-04-06 10:30 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2015-04-06 10:30 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2015-04-06 10:30 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2015-04-06 10:30 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2015-04-06 10:30 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2015-04-06 10:30 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2015-04-06 10:30 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-04-06 10:30 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-04-06 10:29 - 2015-04-06 10:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-04-06 10:29 - 2013-08-09 22:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-04-06 10:29 - 2013-08-09 22:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2015-04-06 10:29 - 2013-08-09 20:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-04-06 10:29 - 2013-08-02 23:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2015-04-06 10:29 - 2013-08-02 23:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2015-04-06 10:29 - 2013-08-02 23:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2015-04-06 10:29 - 2013-08-02 22:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2015-04-06 10:29 - 2013-08-02 22:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2015-04-06 10:29 - 2013-08-02 22:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2015-04-06 10:29 - 2013-08-01 23:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2015-04-06 10:29 - 2013-08-01 22:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2015-04-06 10:29 - 2013-07-24 16:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2015-04-06 10:29 - 2013-07-24 16:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2015-04-06 10:28 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-04-06 10:28 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-04-06 10:28 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2015-04-06 10:28 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2015-04-06 10:28 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2015-04-06 10:28 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2015-04-06 10:28 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2015-04-06 10:28 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2015-04-06 10:28 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2015-04-06 10:28 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2015-04-06 10:28 - 2012-11-26 23:39 - 01122768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Taskmgr.exe
2015-04-06 10:28 - 2012-11-26 21:49 - 01027152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Taskmgr.exe
2015-04-06 10:28 - 2012-11-26 21:20 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll
2015-04-06 10:28 - 2012-11-26 21:20 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserLanguagesCpl.dll
2015-04-06 10:28 - 2012-11-26 21:20 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-04-06 10:28 - 2012-11-26 21:20 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vds_ps.dll
2015-04-06 10:28 - 2012-11-26 21:19 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2015-04-06 10:28 - 2012-11-26 21:19 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserLanguagesCpl.dll
2015-04-06 10:28 - 2012-11-26 21:19 - 00244736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-04-06 10:28 - 2012-10-10 22:46 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2015-04-06 10:28 - 2012-10-10 22:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\icfupgd.dll
2015-04-06 10:28 - 2012-10-10 22:07 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2015-04-06 10:28 - 2012-09-10 22:28 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
2015-04-06 10:28 - 2012-09-10 22:27 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds_ps.dll
2015-04-06 10:27 - 2015-03-04 00:26 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoUpdate.exe
2015-04-06 10:27 - 2015-03-04 00:26 - 00467952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2015-04-06 10:27 - 2015-03-04 00:26 - 00011105 _____ () C:\WINDOWS\system32\AutoconfigV2.cab
2015-04-06 10:27 - 2015-03-03 23:41 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2015-04-06 10:27 - 2015-03-03 23:41 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-06 10:27 - 2015-03-03 21:53 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2015-04-06 10:27 - 2015-03-03 21:53 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-04-06 10:27 - 2014-10-21 18:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-04-06 10:27 - 2014-10-21 18:00 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2015-04-06 10:25 - 2015-04-06 12:03 - 00000000 ____D () C:\Users\G\AppData\Local\Adobe
2015-04-06 10:17 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2015-04-06 10:17 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2015-04-06 10:17 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2015-04-06 10:17 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2015-04-06 10:17 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2015-04-06 10:17 - 2013-11-25 16:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2015-04-06 10:15 - 2015-04-15 13:11 - 00000000 ____D () C:\Users\G\AppData\Local\Google
2015-04-06 10:15 - 2015-04-15 13:11 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-06 10:14 - 2015-04-06 10:14 - 00880208 _____ (Google Inc.) C:\Users\G\Downloads\ChromeSetup.exe
2015-04-06 10:11 - 2015-04-06 10:11 - 00000000 ____D () C:\Users\G\AppData\Roaming\Mozilla
2015-04-06 10:11 - 2015-04-06 10:11 - 00000000 ____D () C:\Users\G\AppData\Local\Mozilla
2015-04-06 10:11 - 2015-04-06 10:11 - 00000000 ____D () C:\ProgramData\Mozilla
2015-04-06 00:27 - 2015-04-06 00:27 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3936593.txt
2015-04-06 00:17 - 2015-04-06 00:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3378531.txt
2015-04-06 00:14 - 2015-04-06 00:14 - 00000355 _____ () C:\Users\G\Desktop\Computer - Shortcut.lnk
2015-04-05 23:35 - 2015-04-05 23:35 - 00000117 _____ () C:\WINDOWS\system32\netcfg-819218.txt
2015-04-05 23:29 - 2013-05-14 19:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2015-04-05 23:29 - 2013-05-14 19:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2015-04-05 23:29 - 2013-05-14 19:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2015-04-05 23:29 - 2013-05-14 19:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2015-04-05 23:28 - 2015-04-05 23:28 - 00000117 _____ () C:\WINDOWS\system32\netcfg-387375.txt
2015-04-05 23:28 - 2012-11-09 21:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-04-05 23:28 - 2012-11-09 21:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2015-04-05 23:28 - 2012-11-09 21:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2015-04-05 23:28 - 2012-11-09 21:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2015-04-05 23:22 - 2015-04-05 23:22 - 00000136 _____ () C:\WINDOWS\system32\netcfg-52312.txt
2015-04-05 23:22 - 2015-04-05 23:22 - 00000134 _____ () C:\WINDOWS\system32\netcfg-52062.txt
2015-04-05 23:22 - 2015-04-05 23:22 - 00000134 _____ () C:\WINDOWS\system32\netcfg-43968.txt
2015-04-05 23:22 - 2015-04-05 23:22 - 00000128 _____ () C:\WINDOWS\system32\netcfg-62640.txt
2015-04-05 23:21 - 2015-04-05 23:21 - 00000117 _____ () C:\WINDOWS\system32\netcfg-8237890.txt
2015-04-05 23:11 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-04-05 23:11 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2015-04-05 23:11 - 2014-07-06 22:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2015-04-05 23:11 - 2014-07-06 22:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2015-04-05 23:11 - 2014-07-06 22:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2015-04-05 23:11 - 2014-07-06 22:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2015-04-05 23:11 - 2014-07-06 21:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2015-04-05 23:11 - 2014-07-06 21:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2015-04-05 23:11 - 2014-07-06 21:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2015-04-05 23:11 - 2014-07-06 20:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2015-04-05 23:06 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2015-04-05 23:05 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2015-04-05 23:05 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2015-04-05 23:00 - 2014-12-07 23:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-04-05 23:00 - 2014-12-07 22:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-04-05 23:00 - 2013-04-23 16:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2015-04-05 23:00 - 2013-04-23 16:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2015-04-05 23:00 - 2013-04-23 15:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2015-04-05 23:00 - 2013-04-23 15:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2015-04-05 22:54 - 2014-10-11 00:45 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-04-05 22:54 - 2014-10-11 00:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-04-05 22:54 - 2014-10-11 00:44 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2015-04-05 22:54 - 2014-10-11 00:43 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-04-05 22:54 - 2014-10-10 22:58 - 08858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-04-05 22:54 - 2014-10-10 22:57 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-04-05 22:54 - 2014-10-10 22:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2015-04-05 22:54 - 2014-10-10 22:56 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-04-05 22:54 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-04-05 22:54 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-04-05 22:52 - 2014-12-06 00:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-04-05 22:52 - 2014-12-06 00:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-04-05 22:52 - 2014-12-06 00:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2015-04-05 22:52 - 2014-12-05 23:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2015-04-05 22:52 - 2012-10-05 21:53 - 02893824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-04-05 22:52 - 2012-10-05 21:15 - 02400256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-04-05 22:47 - 2013-03-02 01:23 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-04-05 22:47 - 2013-03-01 19:44 - 01011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-04-05 22:47 - 2012-12-14 21:55 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-04-05 22:47 - 2012-11-02 22:26 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysreset.exe
2015-04-05 22:47 - 2012-11-02 22:25 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\resetengmig.dll
2015-04-05 22:47 - 2012-10-23 20:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2015-04-05 22:47 - 2012-10-23 19:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2015-04-05 22:43 - 2013-02-02 01:40 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlroamextension.dll
2015-04-05 22:43 - 2013-02-02 01:40 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-04-05 22:43 - 2013-02-02 01:40 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-04-05 22:43 - 2013-02-02 01:40 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tasklist.exe
2015-04-05 22:43 - 2013-02-02 01:40 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskkill.exe
2015-04-05 22:43 - 2013-02-02 01:38 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
2015-04-05 22:43 - 2013-02-02 01:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskkill.exe
2015-04-05 22:43 - 2013-02-02 01:24 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\tasklist.exe
2015-04-05 22:43 - 2013-02-02 01:23 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
2015-04-05 22:43 - 2013-02-02 01:23 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlroamextension.dll
2015-04-05 22:43 - 2013-02-02 01:23 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-04-05 22:43 - 2013-02-02 01:23 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-04-05 22:43 - 2013-02-02 01:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
2015-04-05 22:43 - 2013-02-02 01:20 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
2015-04-05 22:43 - 2013-02-02 01:20 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hotspotauth.dll
2015-04-05 22:43 - 2013-02-02 00:25 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2015-04-05 22:43 - 2013-02-01 22:41 - 01437184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-04-05 22:43 - 2013-02-01 22:31 - 01690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-04-05 22:43 - 2012-11-26 20:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2015-04-05 22:43 - 2012-11-26 20:55 - 00029952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthhfHid.sys
2015-04-05 22:38 - 2013-06-30 18:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-04-05 22:38 - 2013-06-30 18:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2015-04-05 22:38 - 2013-06-30 18:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2015-04-05 22:38 - 2013-06-30 18:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-04-05 22:38 - 2013-06-28 20:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-04-05 22:38 - 2013-06-28 20:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2015-04-05 22:38 - 2012-11-19 21:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-04-05 22:37 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-04-05 22:37 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-04-05 22:37 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2015-04-05 22:37 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2015-04-05 22:37 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2015-04-05 22:37 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2015-04-05 22:37 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2015-04-05 22:37 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2015-04-05 22:37 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2015-04-05 22:37 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2015-04-05 22:37 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2015-04-05 22:37 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2015-04-05 22:37 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2015-04-05 22:37 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2015-04-05 22:37 - 2013-04-11 15:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-04-05 22:37 - 2013-04-11 15:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-04-05 22:37 - 2013-02-11 17:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-04-05 22:36 - 2014-12-06 00:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-04-05 22:36 - 2014-12-06 00:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2015-04-05 22:36 - 2014-12-06 00:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2015-04-05 22:36 - 2014-12-06 00:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-04-05 22:36 - 2014-12-06 00:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-04-05 22:36 - 2014-12-05 23:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2015-04-05 22:36 - 2014-12-05 23:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2015-04-05 22:36 - 2014-12-05 23:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2015-04-05 22:36 - 2014-11-25 23:43 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-04-05 22:36 - 2014-11-25 21:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-04-05 22:36 - 2014-10-02 18:21 - 00522728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-04-05 22:36 - 2014-10-02 15:29 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-04-05 22:36 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2015-04-05 22:36 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2015-04-05 22:29 - 2013-05-04 00:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2015-04-05 22:29 - 2013-05-03 23:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2015-04-05 22:29 - 2013-05-03 23:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-04-05 22:29 - 2013-05-03 23:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2015-04-05 22:29 - 2013-05-03 23:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-04-05 22:29 - 2013-05-03 23:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2015-04-05 22:29 - 2013-05-03 23:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2015-04-05 22:29 - 2013-05-03 23:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2015-04-05 22:29 - 2013-05-03 23:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2015-04-05 22:29 - 2013-05-03 23:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2015-04-05 22:29 - 2013-05-03 21:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2015-04-05 22:29 - 2013-05-03 21:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-04-05 22:29 - 2013-05-03 21:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2015-04-05 22:29 - 2013-05-03 21:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2015-04-05 22:29 - 2013-05-03 21:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2015-04-05 22:29 - 2013-05-03 21:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2015-04-05 22:29 - 2013-05-03 21:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2015-04-05 22:29 - 2013-05-03 21:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-04-05 22:29 - 2013-05-03 21:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2015-04-05 22:29 - 2013-05-03 21:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2015-04-05 22:29 - 2013-05-03 21:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2015-04-05 22:29 - 2013-05-03 21:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2015-04-05 22:29 - 2013-05-03 21:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2015-04-05 22:29 - 2013-05-03 21:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2015-04-05 22:29 - 2013-02-02 01:39 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmproxy.dll
2015-04-05 22:29 - 2013-02-02 01:39 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmsprep.dll
2015-04-05 22:28 - 2013-12-04 16:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2015-04-05 22:28 - 2013-12-04 16:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2015-04-05 22:27 - 2014-10-08 21:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2015-04-05 22:27 - 2014-10-08 21:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2015-04-05 22:27 - 2014-10-08 21:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2015-04-05 22:27 - 2014-10-08 20:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2015-04-05 22:27 - 2014-10-08 20:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2015-04-05 22:27 - 2012-09-19 23:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
2015-04-05 22:27 - 2012-09-19 22:53 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
2015-04-05 22:23 - 2015-01-08 23:43 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-04-05 22:23 - 2015-01-08 22:03 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-04-05 22:23 - 2015-01-08 16:52 - 00478296 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-04-05 22:23 - 2015-01-08 16:52 - 00478296 _____ () C:\WINDOWS\system32\locale.nls
2015-04-05 22:23 - 2014-12-18 01:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2015-04-05 22:23 - 2014-12-17 23:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2015-04-05 22:23 - 2014-12-17 23:51 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2015-04-05 22:23 - 2014-12-17 23:50 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2015-04-05 22:23 - 2014-12-17 23:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2015-04-05 22:23 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2015-04-05 22:23 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2015-04-05 22:23 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2015-04-05 22:23 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2015-04-05 22:23 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2015-04-05 22:23 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2015-04-05 22:23 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2015-04-05 22:23 - 2013-07-19 15:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-04-05 22:23 - 2013-07-19 15:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-04-05 22:23 - 2013-07-12 23:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-04-05 22:23 - 2013-07-12 23:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2015-04-05 22:23 - 2013-07-12 23:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2015-04-05 22:23 - 2013-07-12 23:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2015-04-05 22:23 - 2013-07-12 21:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-04-05 22:23 - 2013-07-12 21:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2015-04-05 22:23 - 2013-07-12 21:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2015-04-05 22:23 - 2012-10-23 20:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2015-04-05 22:23 - 2012-10-23 20:24 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
2015-04-05 22:23 - 2012-10-23 20:24 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
2015-04-05 22:23 - 2012-10-23 20:05 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2015-04-05 22:22 - 2015-01-23 21:31 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2015-04-05 22:22 - 2014-10-11 00:44 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2015-04-05 22:22 - 2014-09-24 16:29 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2015-04-05 22:22 - 2014-09-24 16:01 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2015-04-05 22:22 - 2013-11-19 17:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2015-04-05 22:22 - 2013-11-19 16:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2015-04-05 22:22 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-04-05 22:22 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-04-05 22:22 - 2013-07-01 18:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-04-05 22:22 - 2013-07-01 18:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2015-04-05 22:22 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-04-05 22:22 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-04-05 22:22 - 2012-11-02 22:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-04-05 22:22 - 2012-11-02 22:26 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-04-05 22:22 - 2012-11-02 22:24 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-04-05 22:22 - 2012-11-02 22:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-04-05 22:22 - 2012-11-02 22:04 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-04-05 22:22 - 2012-11-02 22:04 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-04-05 22:22 - 2012-11-02 22:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-04-05 22:22 - 2012-11-02 22:00 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-04-05 22:22 - 2012-10-12 01:08 - 00027880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
2015-04-05 22:22 - 2012-10-11 23:14 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
2015-04-05 22:21 - 2014-12-18 21:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2015-04-05 22:21 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2015-04-05 22:21 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2015-04-05 22:21 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-04-05 22:20 - 2015-01-23 23:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2015-04-05 22:20 - 2015-01-23 22:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2015-04-05 22:20 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2015-04-05 22:20 - 2013-04-02 16:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2015-04-05 22:20 - 2013-04-02 16:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2015-04-05 22:20 - 2013-03-05 23:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2015-04-05 22:19 - 2013-04-08 22:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-04-05 22:19 - 2013-04-08 22:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-04-05 22:19 - 2013-04-08 22:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-04-05 22:19 - 2013-04-08 22:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2015-04-05 22:19 - 2013-04-08 22:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2015-04-05 22:19 - 2013-04-08 22:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2015-04-05 22:19 - 2013-04-08 21:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-04-05 22:19 - 2013-04-08 21:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-04-05 22:19 - 2013-04-08 21:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-04-05 22:19 - 2013-04-08 21:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2015-04-05 22:19 - 2013-04-08 21:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-04-05 22:19 - 2013-04-08 21:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-04-05 22:19 - 2013-04-08 21:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2015-04-05 22:19 - 2013-04-08 21:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-04-05 22:19 - 2013-04-08 21:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2015-04-05 22:19 - 2013-04-08 21:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2015-04-05 22:19 - 2013-04-08 21:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-04-05 22:19 - 2013-04-08 21:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2015-04-05 22:19 - 2013-04-08 21:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2015-04-05 22:19 - 2013-04-08 19:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2015-04-05 22:19 - 2013-04-08 19:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2015-04-05 22:19 - 2013-04-08 19:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2015-04-05 22:19 - 2013-04-08 16:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2015-04-05 22:19 - 2013-04-08 16:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-04-05 22:19 - 2013-04-08 16:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-04-05 22:19 - 2013-04-08 14:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-04-05 22:19 - 2013-04-08 14:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-04-05 22:19 - 2013-04-08 14:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-04-05 22:19 - 2013-04-08 14:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2015-04-05 22:19 - 2013-04-08 14:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-04-05 22:19 - 2013-04-08 14:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2015-04-05 22:19 - 2013-04-04 16:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-04-05 22:19 - 2013-03-15 15:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2015-04-05 22:19 - 2013-03-15 15:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2015-04-05 22:19 - 2013-02-02 01:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll
2015-04-05 22:19 - 2013-02-02 01:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
2015-04-05 22:19 - 2012-11-05 22:00 - 00463768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-04-05 22:19 - 2012-09-19 23:32 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
2015-04-05 22:19 - 2012-09-19 22:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
2015-04-05 22:18 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-04-05 22:18 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-04-05 22:18 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-04-05 22:18 - 2013-04-08 21:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2015-04-05 22:18 - 2013-04-08 21:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2015-04-05 22:18 - 2013-04-08 21:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-04-05 22:18 - 2013-04-08 21:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2015-04-05 22:18 - 2013-04-08 21:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2015-04-05 22:18 - 2013-04-08 21:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2015-04-05 22:18 - 2013-04-08 19:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2015-04-05 22:18 - 2013-04-08 14:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2015-04-05 22:18 - 2013-04-08 14:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2015-04-05 22:18 - 2013-04-08 14:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2015-04-05 22:18 - 2013-04-08 14:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2015-04-05 22:18 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2015-04-05 22:18 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
2015-04-05 22:18 - 2012-10-10 22:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
2015-04-05 22:18 - 2012-10-10 22:44 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
2015-04-05 22:18 - 2012-10-10 22:44 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
2015-04-05 22:18 - 2012-10-10 22:19 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-04-05 22:18 - 2012-10-10 22:18 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2015-04-05 22:18 - 2012-10-10 22:06 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
2015-04-05 22:18 - 2012-10-10 22:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
2015-04-05 22:18 - 2012-09-19 23:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhmanagew.exe
2015-04-05 22:18 - 2012-09-19 23:33 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndptsp.tsp
2015-04-05 22:18 - 2012-09-19 23:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
2015-04-05 22:18 - 2012-09-19 23:32 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
2015-04-05 22:18 - 2012-09-19 23:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
2015-04-05 22:18 - 2012-09-19 23:32 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-04-05 22:18 - 2012-09-19 23:32 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2015-04-05 22:18 - 2012-09-19 23:32 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2015-04-05 22:18 - 2012-09-19 23:32 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhshl.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchapi.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchph.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhlisten.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhautoplay.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcleanup.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
2015-04-05 22:18 - 2012-09-19 23:31 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2015-04-05 22:18 - 2012-09-19 23:12 - 09374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2015-04-05 22:18 - 2012-09-19 23:09 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-04-05 22:18 - 2012-09-19 22:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndptsp.tsp
2015-04-05 22:18 - 2012-09-19 22:55 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
2015-04-05 22:18 - 2012-09-19 22:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
2015-04-05 22:18 - 2012-09-19 22:54 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
2015-04-05 22:18 - 2012-09-19 22:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
2015-04-05 22:18 - 2012-09-19 22:54 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2015-04-05 22:18 - 2012-09-19 22:54 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2015-04-05 22:18 - 2012-09-19 22:54 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2015-04-05 22:18 - 2012-09-19 22:32 - 09374208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2015-04-05 22:17 - 2015-02-16 23:54 - 19777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-04-05 22:17 - 2015-02-16 22:13 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-04-05 22:17 - 2014-11-08 04:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2015-04-05 22:17 - 2014-11-07 23:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2015-04-05 22:17 - 2014-10-23 05:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2015-04-05 22:17 - 2014-10-23 04:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2015-04-05 22:16 - 2015-04-15 11:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-05 22:16 - 2015-04-01 11:16 - 128913832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-04-05 22:16 - 2015-02-12 16:18 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-04-05 22:16 - 2014-12-18 23:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2015-04-05 22:16 - 2012-10-31 21:41 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-04-05 22:16 - 2012-10-31 21:40 - 02361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-04-05 22:16 - 2012-10-31 21:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
2015-04-05 22:16 - 2012-10-31 21:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
2015-04-05 22:15 - 2014-08-21 16:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-04-05 22:15 - 2014-08-21 16:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-04-05 22:15 - 2012-10-31 21:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
2015-04-05 22:15 - 2012-10-31 21:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
2015-04-05 22:14 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-04-05 22:14 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-04-05 22:12 - 2015-02-23 03:50 - 02656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-04-05 22:12 - 2015-02-23 03:50 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-04-05 22:12 - 2015-02-23 03:50 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2015-04-05 22:12 - 2015-02-23 03:50 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-04-05 22:12 - 2015-02-23 03:50 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-04-05 22:12 - 2015-02-23 02:17 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-04-05 22:12 - 2015-02-20 22:30 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-04-05 22:12 - 2015-02-20 22:30 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2015-04-05 22:12 - 2015-02-20 22:30 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-04-05 22:12 - 2015-02-20 22:29 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-04-05 22:12 - 2015-02-20 22:29 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2015-04-05 22:12 - 2015-02-20 22:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-04-05 22:12 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2015-04-05 22:12 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2015-04-05 22:11 - 2015-02-23 03:52 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-04-05 22:11 - 2015-02-23 03:51 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-04-05 22:11 - 2015-02-23 03:51 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2015-04-05 22:11 - 2015-02-23 03:51 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2015-04-05 22:11 - 2015-02-23 03:50 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-04-05 22:11 - 2015-02-23 03:50 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2015-04-05 22:11 - 2015-02-23 03:50 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-04-05 22:11 - 2015-02-23 03:50 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-04-05 22:11 - 2015-02-23 03:49 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-04-05 22:11 - 2015-02-23 02:15 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2015-04-05 22:11 - 2015-02-23 01:51 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2015-04-05 22:11 - 2015-02-20 22:31 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2015-04-05 22:11 - 2015-02-20 22:30 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-04-05 22:11 - 2015-02-20 22:30 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2015-04-05 22:11 - 2015-02-20 22:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2015-04-05 22:11 - 2015-02-20 22:30 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2015-04-05 22:11 - 2015-02-20 22:30 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2015-04-05 22:11 - 2015-02-20 22:29 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-04-05 22:11 - 2015-02-20 22:07 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2015-04-05 22:11 - 2015-02-20 21:42 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2015-04-05 22:11 - 2015-02-20 20:00 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-04-05 22:11 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-04-05 22:10 - 2012-10-10 00:04 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\synceng.dll
2015-04-05 22:10 - 2012-10-09 23:31 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\synceng.dll
2015-04-05 22:09 - 2014-01-30 17:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-04-05 22:09 - 2013-01-09 18:53 - 00028904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-04-05 22:09 - 2013-01-09 18:29 - 00091880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2015-04-05 22:09 - 2013-01-09 16:26 - 01752064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2015-04-05 22:09 - 2013-01-09 16:26 - 01611776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mmc.exe
2015-04-05 22:09 - 2013-01-09 16:26 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2015-04-05 22:09 - 2013-01-09 16:26 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-04-05 22:09 - 2013-01-09 16:26 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wiaacmgr.exe
2015-04-05 22:09 - 2013-01-09 16:23 - 02094592 _____ (Microsoft Corporation) C:\WINDOWS\system32\mmc.exe
2015-04-05 22:09 - 2013-01-09 16:23 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-04-05 22:09 - 2013-01-09 16:23 - 01886208 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2015-04-05 22:09 - 2013-01-09 16:23 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-04-05 22:09 - 2013-01-09 16:23 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2015-04-05 22:09 - 2013-01-09 16:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaacmgr.exe
2015-04-05 22:09 - 2013-01-09 16:22 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2015-04-05 22:09 - 2013-01-09 16:22 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2015-04-05 22:09 - 2013-01-09 16:22 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2015-04-05 22:09 - 2012-11-01 22:19 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2015-04-05 22:09 - 2012-11-01 22:18 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2015-04-05 22:09 - 2012-11-01 22:18 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2015-04-05 22:09 - 2012-11-01 22:18 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2015-04-05 22:09 - 2012-11-01 22:18 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2015-04-05 22:09 - 2012-11-01 22:18 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\keepaliveprovider.dll
2015-04-05 22:08 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-04-05 22:08 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2015-04-05 22:08 - 2013-01-09 18:40 - 00303848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-04-05 22:07 - 2015-01-23 23:42 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2015-04-05 22:07 - 2015-01-23 22:00 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2015-04-05 22:07 - 2014-09-02 19:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2015-04-05 22:07 - 2014-09-02 19:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2015-04-05 22:07 - 2013-08-15 22:41 - 00058200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-04-05 22:07 - 2013-08-15 22:39 - 02371728 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2015-04-05 22:07 - 2013-08-15 22:22 - 04917760 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2015-04-05 22:07 - 2013-08-15 22:21 - 01164288 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-04-05 22:07 - 2013-08-15 22:21 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2015-04-05 22:07 - 2013-08-15 22:21 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2015-04-05 22:07 - 2013-08-15 22:21 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSSync.dll
2015-04-05 22:07 - 2013-08-15 22:21 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll
2015-04-05 22:07 - 2013-08-15 22:21 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupcln.dll
2015-04-05 22:07 - 2013-08-15 15:43 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2015-04-05 22:07 - 2013-08-15 15:43 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSSync.dll
2015-04-05 22:07 - 2013-08-15 15:43 - 00083968 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2015-04-05 22:07 - 2013-08-15 15:42 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll
2015-04-05 22:07 - 2013-08-15 15:42 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupcln.dll
2015-04-05 22:07 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2015-04-05 22:07 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2015-04-05 22:07 - 2012-09-19 23:33 - 00110592 _____ () C:\WINDOWS\system32\OEMLicense.dll
2015-04-05 22:05 - 2014-11-04 23:40 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2015-04-05 22:05 - 2014-11-04 23:39 - 01024512 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2015-04-05 22:05 - 2014-10-31 23:28 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-04-05 22:05 - 2014-10-29 07:21 - 00499008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2015-04-05 22:05 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2015-04-05 22:05 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2015-04-05 22:05 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2015-04-05 22:05 - 2013-07-05 17:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2015-04-05 22:05 - 2013-07-03 19:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2015-04-05 22:04 - 2015-03-06 00:39 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2015-04-05 22:04 - 2015-03-06 00:39 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-04-05 22:04 - 2015-03-05 22:48 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2015-04-05 22:04 - 2015-03-05 22:48 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-04-05 22:04 - 2015-02-02 16:18 - 00569712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-04-05 22:04 - 2015-01-15 04:44 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2015-04-05 22:04 - 2015-01-15 04:43 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-04-05 22:04 - 2015-01-15 03:00 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2015-04-05 22:04 - 2015-01-15 02:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-04-05 22:04 - 2015-01-15 02:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-04-05 22:04 - 2014-11-14 23:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-04-05 22:04 - 2014-11-14 22:13 - 03286016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2015-04-05 22:04 - 2014-11-14 22:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2015-04-05 22:04 - 2014-11-14 22:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-04-05 22:04 - 2014-11-14 20:54 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2015-04-05 22:04 - 2014-11-14 20:53 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-04-05 22:04 - 2014-11-14 20:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2015-04-05 22:04 - 2014-11-14 20:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2015-04-05 22:04 - 2014-11-08 04:21 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-04-05 22:04 - 2014-11-07 23:56 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-04-05 22:04 - 2014-10-11 01:35 - 00171840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-04-05 22:04 - 2014-10-10 22:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-04-05 22:04 - 2014-10-10 22:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-04-05 22:02 - 2015-02-25 21:35 - 04063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-04-05 22:02 - 2014-12-10 23:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2015-04-05 22:02 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2015-04-05 22:02 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2015-04-05 22:02 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2015-04-05 22:02 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2015-04-05 22:02 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2015-04-05 22:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-04-05 22:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2015-04-05 22:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2015-04-05 22:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2015-04-05 22:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2015-04-05 22:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2015-04-05 22:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2015-04-05 22:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2015-04-05 22:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2015-04-05 22:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-04-05 22:01 - 2015-02-20 06:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-04-05 22:01 - 2015-02-20 04:56 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-04-05 22:01 - 2015-02-20 01:10 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-04-05 22:01 - 2015-02-20 00:24 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-04-05 22:01 - 2015-01-31 06:48 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2015-04-05 22:01 - 2015-01-30 22:55 - 00275712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2015-04-05 22:01 - 2012-11-07 21:24 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-04-05 22:01 - 2012-11-07 21:24 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-04-05 22:01 - 2012-11-07 21:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-04-05 22:01 - 2012-11-07 21:20 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-04-05 22:01 - 2012-11-07 21:02 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-04-05 22:01 - 2012-11-07 21:01 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-04-05 21:59 - 2014-09-12 23:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-04-05 21:59 - 2014-09-02 19:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2015-04-05 21:59 - 2014-09-02 19:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2015-04-05 21:59 - 2014-08-28 21:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2015-04-05 21:59 - 2014-08-28 21:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2015-04-05 21:59 - 2014-08-28 21:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2015-04-05 21:59 - 2014-08-28 21:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2015-04-05 21:59 - 2014-08-27 23:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2015-04-05 21:59 - 2014-08-27 23:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2015-04-05 21:59 - 2014-08-27 22:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2015-04-05 21:59 - 2014-08-27 22:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2015-04-05 21:59 - 2014-08-27 22:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2015-04-05 21:59 - 2014-08-27 22:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2015-04-05 21:59 - 2014-07-24 06:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2015-04-05 21:57 - 2015-01-29 01:05 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-04-05 21:57 - 2015-01-28 23:19 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-04-05 21:57 - 2013-07-05 15:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2015-04-05 21:57 - 2013-07-05 15:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2015-04-05 21:57 - 2013-07-01 15:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2015-04-05 21:57 - 2013-06-28 20:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2015-04-05 21:57 - 2013-06-21 22:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-04-05 21:57 - 2013-06-21 22:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2015-04-05 21:57 - 2013-05-03 21:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2015-04-05 21:57 - 2012-11-19 21:54 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidi2c.sys
2015-04-05 21:57 - 2012-08-30 17:53 - 00017888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
2015-04-05 21:57 - 2012-08-30 17:52 - 00017888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
2015-04-05 21:56 - 2014-10-08 20:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2015-04-05 21:56 - 2014-10-08 20:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2015-04-05 21:56 - 2014-09-21 22:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-04-05 21:56 - 2014-09-21 20:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-04-05 21:55 - 2014-10-08 20:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2015-04-05 21:52 - 2013-03-02 03:57 - 00077544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2015-04-05 21:52 - 2013-03-02 03:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-04-05 21:52 - 2013-03-02 02:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-04-05 21:52 - 2013-03-02 01:23 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-04-05 21:52 - 2013-03-02 01:23 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-04-05 21:52 - 2013-03-02 01:23 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2015-04-05 21:52 - 2013-03-02 01:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2015-04-05 21:52 - 2013-03-02 01:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2015-04-05 21:52 - 2013-03-02 01:21 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2015-04-05 21:52 - 2013-03-02 01:21 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 01149952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
2015-04-05 21:52 - 2013-03-01 19:45 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2015-04-05 21:52 - 2013-03-01 19:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
2015-04-05 21:52 - 2013-03-01 19:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
2015-04-05 21:52 - 2013-03-01 19:45 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
2015-04-05 21:52 - 2013-03-01 19:44 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2015-04-05 21:52 - 2013-03-01 19:44 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2015-04-05 21:52 - 2013-03-01 19:44 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2015-04-05 21:52 - 2013-03-01 19:44 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NdisImPlatform.dll
2015-04-05 21:52 - 2013-03-01 19:44 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2015-04-05 21:52 - 2013-03-01 19:43 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2015-04-05 21:52 - 2013-03-01 19:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-04-05 21:52 - 2013-02-28 21:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2015-04-05 21:52 - 2013-02-28 21:56 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2015-04-05 21:52 - 2013-02-28 21:55 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2015-04-05 21:52 - 2013-01-08 20:59 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-04-05 21:52 - 2013-01-08 20:58 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-04-05 21:49 - 2015-04-05 21:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2746406.txt
2015-04-05 21:49 - 2015-04-05 21:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2740531.txt
2015-04-05 21:47 - 2014-10-30 00:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2015-04-05 21:47 - 2014-10-29 22:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2015-04-05 21:46 - 2015-04-05 21:46 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2521093.txt
2015-04-05 21:45 - 2015-04-05 21:45 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2480250.txt
2015-04-05 21:30 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2015-04-05 21:30 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-04-05 21:30 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2015-04-05 21:30 - 2012-11-05 21:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
2015-04-05 21:26 - 2015-03-03 06:17 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-04-05 21:25 - 2015-04-20 10:58 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-04-05 21:24 - 2015-04-05 21:24 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-05 21:24 - 2015-04-05 21:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-05 21:24 - 2015-04-05 21:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-05 21:24 - 2015-04-05 21:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-05 21:24 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-04-05 21:24 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-04-05 21:24 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-04-05 21:23 - 2015-04-05 21:23 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\G\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-05 21:22 - 2015-04-05 21:22 - 00000000 ____D () C:\Users\G\AppData\Roaming\Macromedia
2015-04-05 21:17 - 2015-04-05 21:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-820750.txt
2015-04-05 21:17 - 2015-04-05 21:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-820703.txt
2015-04-05 21:17 - 2015-04-05 21:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-817640.txt
2015-04-05 21:17 - 2015-04-05 21:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-811546.txt
2015-04-05 20:04 - 2015-04-05 20:04 - 00000000 ____D () C:\Users\G\AppData\Local\CrashDumps
2015-04-05 19:57 - 2015-04-05 19:57 - 00001101 _____ () C:\WINDOWS\system32\netcfg-9406.txt
2015-04-05 19:57 - 2015-04-05 19:57 - 00000162 _____ () C:\WINDOWS\system32\netcfg-9843.txt
2015-04-05 19:41 - 2015-04-05 19:41 - 00000161 _____ () C:\WINDOWS\system32\netcfg-6084328.txt
2015-04-05 19:41 - 2015-04-05 19:41 - 00000161 _____ () C:\WINDOWS\system32\netcfg-6084187.txt
2015-04-05 19:39 - 2015-04-05 19:39 - 00000167 _____ () C:\WINDOWS\system32\netcfg-5981468.txt
2015-04-05 19:00 - 2015-04-05 19:00 - 00000000 _____ () C:\Recovery.txt
2015-04-05 18:45 - 2015-04-15 21:42 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1201469603-3977835290-1042468851-1001
2015-04-05 18:44 - 2015-04-05 18:44 - 00000000 ____D () C:\Users\G\AppData\Local\Sony Corporation
2015-04-05 18:41 - 2015-04-05 18:41 - 00000000 ____D () C:\Users\G\AppData\Roaming\Intel Corporation
2015-04-05 18:40 - 2015-04-05 18:40 - 00000000 ____D () C:\Users\G\Documents\Bluetooth Folder
2015-04-05 18:40 - 2015-04-05 18:40 - 00000000 ____D () C:\Users\G\AppData\Local\Intel_Corporation
2015-04-05 18:40 - 2015-04-05 18:40 - 00000000 ____D () C:\Users\G\AppData\Local\BMExplorer
2015-04-05 18:39 - 2015-04-15 10:44 - 00000000 ____D () C:\Users\G\AppData\Local\Packages
2015-04-05 18:39 - 2015-04-06 12:03 - 00000000 ____D () C:\Users\G\AppData\Roaming\Adobe
2015-04-05 18:39 - 2015-04-05 18:39 - 00002071 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music Unlimited.lnk
2015-04-05 18:39 - 2015-04-05 18:39 - 00001434 _____ () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-05 18:39 - 2015-04-05 18:39 - 00000000 ____D () C:\WINDOWS\SysWOW64\VAIO Startup Setting Tool
2015-04-05 18:39 - 2015-04-05 18:39 - 00000000 ____D () C:\WINDOWS\pss
2015-04-05 18:39 - 2015-04-05 18:39 - 00000000 ____D () C:\Users\G\AppData\Roaming\Sony Corporation
2015-04-05 18:39 - 2015-04-05 18:39 - 00000000 ____D () C:\Users\G\AppData\Local\VirtualStore
2015-04-05 18:38 - 2015-04-17 14:13 - 00000000 ____D () C:\Users\G
2015-04-05 18:38 - 2015-04-15 10:50 - 00000000 ___RD () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-05 18:38 - 2015-04-05 18:38 - 00000020 ___SH () C:\Users\G\ntuser.ini
2015-04-05 18:38 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-05 18:38 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-05 18:38 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-05 18:38 - 2012-07-25 13:32 - 00000405 _____ () C:\Users\G\Desktop\Control Panel.lnk
2015-04-05 18:38 - 2012-07-25 13:17 - 00001142 _____ () C:\Users\G\Desktop\Command Prompt.lnk
2015-04-05 18:36 - 2015-04-05 18:36 - 00000117 _____ () C:\WINDOWS\system32\netcfg-2163859.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-20 11:03 - 2012-09-24 11:23 - 01101521 _____ () C:\WINDOWS\WindowsUpdate.log
2015-04-20 10:48 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-04-17 17:10 - 2011-07-25 12:40 - 00300832 _____ (Sysinternals - www.sysinternals.com) C:\Users\G\Desktop\Tcpview.exe
2015-04-17 14:53 - 2012-07-26 00:28 - 00850046 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-04-17 14:49 - 2012-07-26 00:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-04-17 14:49 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2015-04-17 14:34 - 2012-07-26 00:21 - 00023220 _____ () C:\WINDOWS\setupact.log
2015-04-17 14:33 - 2012-08-02 19:22 - 00015980 _____ () C:\WINDOWS\PFRO.log
2015-04-17 14:33 - 2012-07-25 22:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-04-17 14:13 - 2015-03-08 10:22 - 00670880 _____ (Sysinternals - www.sysinternals.com) C:\Users\G\Desktop\autoruns.exe
2015-04-16 17:06 - 2015-03-09 14:48 - 02508440 _____ (Sysinternals - www.sysinternals.com) C:\Users\G\Desktop\procexp.exe
2015-04-15 22:29 - 2012-07-26 01:12 - 00000000 ___RD () C:\WINDOWS\Offline Web Pages
2015-04-15 15:42 - 2012-09-24 11:52 - 00000000 ____D () C:\Program Files (x86)\Symantec
2015-04-15 12:39 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-04-15 11:10 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-04-15 10:44 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2015-04-13 15:07 - 2012-07-26 01:14 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-04-13 15:07 - 2012-07-26 01:14 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-09 17:42 - 2012-09-24 13:00 - 00000000 ____D () C:\ProgramData\iolo
2015-04-09 17:34 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\AppCompat
2015-04-06 12:45 - 2012-09-24 11:41 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-04-06 12:04 - 2012-09-24 12:34 - 00000000 ____D () C:\ProgramData\Adobe
2015-04-06 11:07 - 2012-07-26 01:12 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-04-06 11:07 - 2012-07-26 01:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-04-06 11:07 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2015-04-06 11:07 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-04-06 11:06 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-06 11:05 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\WinStore
2015-04-06 00:42 - 2012-07-25 22:37 - 00000000 ____D () C:\WINDOWS\servicing
2015-04-06 00:41 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-06 00:40 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-06 00:38 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-06 00:38 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-04-06 00:38 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-04-06 00:38 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-04-06 00:38 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-04-06 00:38 - 2012-07-25 22:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-04-05 23:33 - 2012-09-24 11:23 - 00000000 ____D () C:\WINDOWS\softwaredistribution.bak
2015-04-05 23:18 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-04-05 23:18 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-04-05 23:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-05 23:17 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-04-05 23:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-05 23:17 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-05 19:50 - 2012-09-24 11:03 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-04-05 19:40 - 2012-09-24 11:33 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-04-05 18:59 - 2012-07-26 01:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2015-04-05 18:57 - 2012-09-24 11:06 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-04-05 18:46 - 2012-09-24 11:02 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-04-05 18:40 - 2012-09-24 11:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2015-04-05 18:39 - 2012-09-24 12:28 - 00000000 ____D () C:\WINDOWS\System32\Tasks\SONY
2015-04-05 18:39 - 2012-09-24 11:57 - 00000000 ____D () C:\Program Files\Sony
2015-04-05 18:01 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\rescache
 
==================== Files in the root of some directories =======
 
2015-04-15 15:58 - 2015-04-15 15:58 - 0528600 _____ () C:\ProgramData\1429138424.bdinstall.bin
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-16 13:51
 

 

==================== End Of Log ============================

 

 



BC AdBot (Login to Remove)

 


m

#2 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 20 April 2015 - 04:34 PM

Hello sonicspro and Welcome to the BleepingComputer. :welcome:  
 
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
Addition.txt is created by default from the first run of FRST, can you check inside this folder: C:\FRST\Logs I need to see that log before we progress. If no Addition log inside the Logs folder run FRST scan one more time, ensure "Addition" is checked in the optional scan box...
Attached Images
 
Ashampoo_Snap_20140927_13h17m38s_001_Far

 

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 20 April 2015 - 05:02 PM

Hi Yilmaz i really appreciate your help. Full disclosure, I did not run farbar as an administrator or disable my firewalls when running the logs. Would you like me to make those changes and re- run the logs?

 

Here is my additional log: 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
Ran by G at 2015-04-20 11:33:25
Running from C:\Users\G\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bitdefender Internet Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.)
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2828 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.)
KUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4701.1002 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4701.1002 - Microsoft Corporation) Hidden
PlayMemories Home (HKLM-x32\...\{10DD6128-A810-4A90-9523-475D573FBB37}) (Version: 6.3.02.07270 - Sony Corporation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.8400.28121 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.10.5 - Synaptics Incorporated)
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.0.0.08170 - Sony Corporation)
VAIO Care (HKLM\...\{E0F928B4-2BB2-4D7E-B16E-2B202CB58EDE}) (Version: 8.0.0.08150 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.0.0.08200 - Sony Corporation)
VAIO CPU Fan Diagnostic (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.1.0.09200 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.10.0.07270 - Sony Corporation)
VAIO Easy Connect (x32 Version: 1.2.0.08150 - Sony Corporation) Hidden
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 3.0.0.08060 - Sony Corporation)
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.0.0.08240 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.0.0.08240 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.0.00.08170 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.0.00.08170 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.0.0.08090 - Sony Corporation)
VAIO Manual (HKLM-x32\...\{C6E893E7-E5EA-4CD5-917C-5443E753FCBD}) (Version: 3.0.0.08100 - Sony Corporation)
VAIO Media Server Settings (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.0.0.08240 - Sony Corporation)
VAIO Movie Creator Template Data (HKLM-x32\...\InstallShield_{00A663F1-6C03-48CA-8E85-55806AAE2615}) (Version: 4.0.00.08170 - Sony Corporation)
VAIO Movie Creator Template Data (x32 Version: 4.0.00.08170 - Sony Corporation) Hidden
VAIO Transfer Support (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.8.0.08212 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.0.0.08170 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VMLx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VUx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VUx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
05-04-2015 21:29:37 Windows Update
09-04-2015 17:25:13 Windows Modules Installer
15-04-2015 10:56:14 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0AA54235-36FA-4C63-A084-BF4C77CF5B4D} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {1108EDCA-4D11-4F90-B2C3-1CFAEC80B9BF} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {210E5466-D680-4529-B15C-4A70081CC84F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15] (Google Inc.)
Task: {24378E3E-9BEE-49D2-A042-978FD11973A9} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-04-01] (Microsoft Corporation)
Task: {2CC9774A-48D8-414A-8C0D-C7DED46A6919} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {38E5D805-3158-4C1A-A002-9CBD2FB25059} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {38E700EB-EDC5-42C2-803F-BF377F3117B5} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2012-08-20] (Sony Corporation)
Task: {3F907FBC-734F-4B19-BD10-B5FEE9DE269B} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-02-10] (Microsoft Corporation)
Task: {484E9C3B-AEC3-44E7-85D3-29B42C90180A} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {4AAFA909-E280-48F2-B007-9063CD5E5FA6} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorSystem => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {4AF87F3D-BB69-4EB1-92B3-0059A3B057D8} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-06] (Microsoft Corporation)
Task: {5B600033-E153-4190-AD3A-6860C93EB19B} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2012-08-09] (Sony Corporation)
Task: {68CB75D0-CF34-4FE6-99F9-B935EF050642} - System32\Tasks\VaioRegistrationDesktopTask => C:\Program Files\Sony\VAIO Registration\Sony.VAIO.Desktop.RegistrationTask.exe [2012-08-09] (Sony)
Task: {6E804C45-755F-472E-A2C9-5314F67A92A8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-04-06] (Microsoft Corporation)
Task: {72F0E6D3-2A6C-466D-8A42-AC7E35C5E015} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {7C6C58ED-936F-48DA-9C11-5B9E1FADE0FE} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {8A27C048-153F-4ED0-A5C6-E30B6F86DF59} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementMonitorUser => C:\Program Files\Sony\VAIO Improvement\vim.exe [2012-08-09] (Sony Corporation)
Task: {9B4BE25C-F3E0-4B37-B60E-57C99F589346} - System32\Tasks\VHDInformationCheck => C:\Program Files (x86)\Sony\VAIO Recovery\plugins\InformationCheck.exe [2012-07-30] (Sony Corporation)
Task: {A578143D-286A-4ED5-9926-080ACECEBCA5} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-08-18] (Sony Corporation)
Task: {B08DCC8D-331C-4035-ABC0-CCBA74188A37} - System32\Tasks\VaioWarrantyActivationTask => C:\Program Files\Sony\OOBE\VAIO Warranty\Sony.VAIO.DesktopWarrantyActivation.exe [2012-08-04] (Sony)
Task: {B3D7D5F5-B41D-43BA-A763-CC8BC22A482F} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2012-08-04] (Sony Corporation)
Task: {C85C603C-F828-4198-B3A5-8E19A0A5E0E2} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-08-15] (Sony Corporation)
Task: {E5F8F51E-3219-44C7-8BC2-7A862672CEEE} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-08-27] (Synaptics Incorporated)
Task: {EED42C2C-F926-409A-BA71-0E3979C6319A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F07237FD-E080-4CC0-ABF7-5929D03C92B7} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {F10F5E49-626C-4A8C-A9A2-6B1C1F430A5A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-15] (Google Inc.)
Task: {F6964C2A-8B23-4E8D-B4C5-042505488B51} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-04-06] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-04-15 15:56 - 2014-08-27 16:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-04-15 15:55 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-04-15 15:56 - 2014-12-17 14:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-04-15 15:56 - 2012-10-29 14:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-04-15 16:02 - 2015-04-15 16:02 - 00785736 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpbr.mdl
2015-04-15 16:02 - 2015-04-15 16:02 - 00706408 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpdsp.mdl
2015-04-15 16:02 - 2015-04-15 16:02 - 02681448 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttpph.mdl
2015-04-15 16:02 - 2015-04-15 16:02 - 01324432 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00150_002\ashttprbl.mdl
2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-04-06 12:17 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-06 12:28 - 2015-04-06 12:28 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2012-08-19 17:39 - 2012-08-17 10:33 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-04-15 15:55 - 2015-04-15 16:04 - 00471056 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdidntconp.dll
2015-04-15 15:56 - 2015-04-15 16:04 - 00187904 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\ui\bdidntconp.ui
2015-04-06 12:29 - 2015-04-06 12:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-04-15 13:11 - 2015-04-13 14:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
2015-04-15 13:11 - 2015-04-13 14:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\G\Desktop\autoruns.exe:AGC
AlternateDataStreams: C:\Users\G\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\G\Downloads\EmsisoftAntiMalwareSetup.exe:BDU
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, the associated entry will be removed from the registry.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1201469603-3977835290-1042468851-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Sony\VAIO 11 img1 Wallpaper 1366x768.jpg
DNS Servers: 66.212.65.196 - 66.212.65.197
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: IconMan_R => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel® ME Service => 2
MSCONFIG\Services: jhi_service => 2
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: NetworkSupport => 3
MSCONFIG\Services: PMBDeviceInfoProvider => 2
MSCONFIG\Services: SampleCollector => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: UNS => 2
MSCONFIG\Services: VAIO Event Service => 2
MSCONFIG\Services: VAIO Power Management => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\Services: VCService => 3
MSCONFIG\Services: VIPAppService => 2
MSCONFIG\Services: VUAgent => 3
HKLM\...\StartupApproved\Run: => "BtTray"
HKLM\...\StartupApproved\Run: => "BtvStack"
HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"
HKLM\...\StartupApproved\Run32: => "Intel AT Service signup"
HKLM\...\StartupApproved\Run32: => "ISBMgr.exe"
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1201469603-3977835290-1042468851-500 - Administrator - Disabled)
G (S-1-5-21-1201469603-3977835290-1042468851-1001 - Administrator - Enabled) => C:\Users\G
Guest (S-1-5-21-1201469603-3977835290-1042468851-501 - Limited - Disabled)
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/17/2015 00:59:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/17/2015 00:05:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/17/2015 11:17:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/15/2015 11:22:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/15/2015 10:05:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 115c
 
Start Time: 01d077fdf900ec8d
 
Termination Time: 0
 
Application Path: C:\WINDOWS\Explorer.EXE
 
Report Id: 38a86c2d-e3f6-11e4-be7d-083e8eb430d8
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (04/11/2015 09:48:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/09/2015 05:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/09/2015 05:25:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/06/2015 00:47:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/05/2015 08:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taskmgr.exe, version: 6.2.9200.16384, time stamp: 0x50107c26
Faulting module name: hhctrl.ocx, version: 6.2.9200.16384, time stamp: 0x50109393
Exception code: 0xc0000005
Fault offset: 0x000000000001750c
Faulting process id: 0x8c0
Faulting application start time: 0xTaskmgr.exe0
Faulting application path: Taskmgr.exe1
Faulting module path: Taskmgr.exe2
Report Id: Taskmgr.exe3
Faulting package full name: Taskmgr.exe4
Faulting package-relative application ID: Taskmgr.exe5
 
 
System errors:
=============
Error: (04/17/2015 02:49:16 PM) (Source: DCOM) (EventID: 10010) (User: Y)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}
 
Error: (04/15/2015 11:46:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/15/2015 00:41:23 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/15/2015 00:25:50 PM) (Source: DCOM) (EventID: 10016) (User: Y)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}YGS-1-5-21-1201469603-3977835290-1042468851-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/15/2015 00:14:41 PM) (Source: DCOM) (EventID: 10016) (User: Y)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}YGS-1-5-21-1201469603-3977835290-1042468851-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/15/2015 00:14:41 PM) (Source: DCOM) (EventID: 10016) (User: Y)
Description: machine-defaultLocalActivation{000C101C-0000-0000-C000-000000000046}{000C101C-0000-0000-C000-000000000046}YGS-1-5-21-1201469603-3977835290-1042468851-1001LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (04/11/2015 09:48:02 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/11/2015 09:47:57 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
Error: (04/09/2015 05:49:04 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error: 
%%5
 
Error: (04/09/2015 05:49:01 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error: 
%%5
 
 
Microsoft Office Sessions:
=========================
Error: (04/17/2015 00:59:51 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/17/2015 00:05:13 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/17/2015 11:17:13 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/15/2015 11:22:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/15/2015 10:05:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.2.9200.16628115c01d077fdf900ec8d0C:\WINDOWS\Explorer.EXE38a86c2d-e3f6-11e4-be7d-083e8eb430d8
 
Error: (04/11/2015 09:48:11 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/09/2015 05:49:29 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/09/2015 05:25:02 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/06/2015 00:47:41 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1
 
Error: (04/05/2015 08:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Taskmgr.exe6.2.9200.1638450107c26hhctrl.ocx6.2.9200.1638450109393c0000005000000000001750c8c001d070158b337c1eC:\WINDOWS\System32\Taskmgr.exeC:\Windows\System32\hhctrl.ocxa785086c-dc09-11e4-be74-083e8eb430d8
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-3217U CPU @ 1.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3975.27 MB
Available physical RAM: 1973.91 MB
Total Pagefile: 5671.27 MB
Available Pagefile: 2998.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:433.67 GB) (Free:378.95 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D2019B77)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 11.2 GB) (Disk ID: 0E0771FD)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 20 April 2015 - 05:11 PM

Hi Yilmaz i really appreciate your help. Full disclosure, I did not run farbar as an administrator or disable my firewalls when running the logs. Would you like me to make those changes and re- run the logs?

No,thank you.No need.

I am currently reviewing your log.I will be back with a fix for your problem as soon as possible.Please be patient with me during this time.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 20 April 2015 - 05:59 PM

Go take a look in C:\Windows\System32. I bet you'll find some text files called (example) netcfg-3936593.txt.
What is creating them? Please see and write to me the results.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#6 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 20 April 2015 - 06:51 PM

I am not sure who/what is creating them. This is all above my level of understanding. I did find a link discussing the issue that may be helpful?

 

http://www.msfn.org/board/topic/158189-netcfg-log-files-in-system32/

 

They are ALL owned by SYSTEM, same permissions/users and vary and size and content. 

Created, modified, accessed (same date/time) ranging from: 7/26/12 to 4/6/15

 

netcfg-3936593.txt.

Text file contains the following: 

 

Command line arguments: C:\WINDOWS\system32\svchost.exe -k netsvcs

CSteelhead::CSteelhead
CSteelhead::~CSteelhead
 
Size: 117 bytes (117 bytes)
Size on disk 4.00 KB (4,096 bytes) 
 
Owner: System 
 
Users:
1 ALL APPLICATION PACKAGES 
2 SYSTEM
3 ADMINISTRATORS (Y\ADMINISTRATORS) 
4 USERS (Y\USERS) 
 
Permissions: 
Users 1 and 4 (read and exectute)
Users 2 and 3 (Full)
 
There are 106 of these files with the prefix netcfg
 
Reported size of all files varies as 1KB to 2 KB
===============================================================================================
A few other examples:
 
netcfg-9406 
 
Command line arguments: DrvInst.exe "1" "0" "BTH\MS_BTHPAN\7&25d0219b&1&2" "" "" "40c9490e7" "0000000000000000"
CSteelhead::CSteelhead
CSteelhead::HrUpdateRouterConfiguration
Updating dialin restrictions
Inside HrUpdateWanEndPoints
SLGetWindowsInformationDWORD(g_wszLP_MAXCONNECTIONS) succeeded and returned: 3
SLGetWindowsInformationDWORD(g_wszLP_DEFAULTCONNECTIONS) succeeded and returned: 2
Max WAN endpoints: 3
Default WAN endpoints: 2
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for PPPoE
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for PPTP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for L2TP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for SSTP
Steelhead::HrUpdateWanEndPoints(MaxWanEndPoints). succeeded for AGILEVPN
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for PPTP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for L2TP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for SSTP
Steelhead::HrUpdateWanEndPoints(WanEndPoints). succeeded for AGILEVPN
CSteelhead::~CSteelhead
 
==================================================================================
netcfg-33462
 
Command line arguments: DrvInst.exe "1" "20" "ROOT\MS_NDISWANBH\0000" "" "" "4bdfa2ed7" "0000000000000000"
CSteelhead::CSteelhead
CSteelhead::~CSteelhead
 

 



#7 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 21 April 2015 - 03:46 PM

I am not sure who/what is creating them. This is all above my level of understanding. I did find a link discussing the issue that may be helpful?

http://www.msfn.org/board/topic/158189-netcfg-log-files-in-system32/

Okay. I saw. Still working on that. There are just some doubts.

-----------------------------------------------------------------------------

 

MSCONFIG\Services: cphs

 

Does it ring a bell you this information. What do you think?

 

----------------------------------------------------------------------------

Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on  Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Step2:
Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista / 7 / 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step3:

Download Autoruns for Windows: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
No installation required.
Simply unzip Autoruns.zip file, and double click on autoruns.exe file to run the program.
Go File>Save, and save it as AutoRuns.txt file to know location.
You must select Text from drop-down menu as a file type:

p4436801.gif

Upload the file(s) here: http://www.sendspace.com/
Click on Browse button and navigate to the file you want to upload.
Click on Upload button.

 

Good work.


Edited by olgun52, 21 April 2015 - 03:49 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 21 April 2015 - 05:12 PM

Hi Yilmaz, thank you again for taking the time to help me!

 

 

MSCONFIG\Services: cphs

 

Does it ring a bell you this information. What do you think?

 

I am not aware of what this application is. It did not appear in MSCONFIG but it did appear in AUTORUNS (which was previously installed on my computer)

 

cphs Intel® Content Protection HECI Service - enables communication with the Content Protection FW (Verified) Intel Corporation c:\windows\syswow64\intelcphecisvc.exe 12/21/2011 11:45 PM 0/42

 

CPHS_zpsl1rw0qpz.png

----------------------------------------------------------------------------

Step1:
Please download AdwCleaner by Xplode onto your desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on  Clean.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

I also cannot select "clean" as an option. Would you like me to run "scan" first? Sorry if this is a ridiculous question, I just want to follow your steps exactly.



#9 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 21 April 2015 - 06:09 PM

Okay. thank you.No problem then .Please continue


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 21 April 2015 - 06:40 PM

Step 1: Adware Cleaner Logs

 

# AdwCleaner v4.201 - Logfile created 21/04/2015 at 15:49:32
# Updated 08/04/2015 by Xplode
# Database : 2015-04-21.3 [Server]
# Operating system : Windows 8  (x64)
# Username : G - Y
# Running from : C:\Users\G\Downloads\adwcleaner_4.201.exe
# Option : Cleaning
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v10.0.9200.17267
 
 
-\\ Mozilla Firefox v
 
 
-\\ Google Chrome v42.0.2311.90
 
 
*************************
 
AdwCleaner[R0].txt - [927 bytes] - [21/04/2015 15:46:47]
AdwCleaner[S0].txt - [857 bytes] - [21/04/2015 15:49:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [915  bytes] ##########
=================================================================================================================
 
Step 2: JRT Logs
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.6.0 (04.20.2015:1)
OS: Windows 8 x64
Ran by G on Tue 04/21/2015 at 16:05:09.47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Tasks
 
Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1201469603-3977835290-1042468851-1001
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 04/21/2015 at 16:11:18.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
=================================================================================================================
Step 3: AUTORUNS
 
 
Thanks!
 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 22 April 2015 - 01:36 PM

Hi sonicspro,
 
Step 1:
FRST Script:
Please download this attached txt.gif  fixlist.txt  954bytes  0 downloads and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

NOT : It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.
and fixlist.txt are in the same location or the fix will not work.

 

Step 2:
Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 3:

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.

Have a nice day.

Attached Files


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 23 April 2015 - 07:18 PM

Yilmaz here are the results as instructed: 

 

Step 1:
FRST Log File: 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015

Ran by G at 2015-04-23 14:21:19 Run:1
Running from C:\FRST
Loaded Profiles: G (Available profiles: G)
Boot Mode: Normal
 
 
Content of fixlist:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
2015-04-15 13:10 - 2015-04-15 13:10 - 00880208 _____ (Google Inc.) C:\Users\G\Downloads\ChromeSetup(1).exe
AlternateDataStreams: C:\Users\G\Desktop\autoruns.exe:AGC
AlternateDataStreams: C:\Users\G\Desktop\FRST64.exe:BDU
AlternateDataStreams: C:\Users\G\Downloads\EmsisoftAntiMalwareSetup.exe:BDU
C :\ Windows \ system32 \ netcfg - * txt
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\VIPAppService
CMD: ipconfig /flushdns
CMD: netsh winsock reset all
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fabcmochhfpldjekobfaaggijgohadih" => Key deleted successfully.
C:\Users\G\Downloads\ChromeSetup(1).exe => Moved successfully.
C:\Users\G\Desktop\autoruns.exe => ":AGC" ADS removed successfully.
"C:\Users\G\Desktop\FRST64.exe" => ":BDU" ADS not found.
C:\Users\G\Downloads\EmsisoftAntiMalwareSetup.exe => ":BDU" ADS removed successfully.
C :\ Windows \ system32 \ netcfg - * txt => Error: No automatic fix found for this entry.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\VIPAppService => Error: No automatic fix found for this entry.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh winsock reset all =========
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv4 reset =========
 
Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
 
=========  netsh int ipv6 reset =========
 
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.
 
Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.
 
 
========= End of CMD: =========
 
EmptyTemp: => Removed 207.7 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:22:16 ====
==========================================================================
Step 2:
Malwarebytes Antimalware Log:
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 4/23/2015
Scan Time: 2:30:26 PM
Logfile: 
Administrator: Yes
 
Version: 2.01.4.1018
Malware Database: v2015.04.23.06
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 8
CPU: x64
File System: NTFS
User: G
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337197
Time Elapsed: 12 min, 41 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected) No Threats Found
 
 
(end)
===============================================================

Step 3:

ESET Online Scan Log

 

No Threats Found

===============================================================

 

I have also included some TCPVIEW screenshots of my connections PRIOR to running these steps.

 

 I just wanted an extra set of eyes on my connections to make sure everything was ok. 

 

Not connected to internet:

 

Notconnectedfinal2_zpswr95q0fb.png

 

 

Connected to internet: 

 

e6db7235-18e2-4fc3-8828-8ed286fa1bc3_zps

 

Sorry for the poor quality of the last shot. But does it appear as if everything is ok as far as my connections go?

I was a little concerned about the remote port/addresses..

 

Again I can't thank you enough for your help!!



#13 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 24 April 2015 - 05:18 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015

Ran by G at 2015-04-20 11:33:25
Running from C:\Users\G\Desktop
Boot Mode: Normal
==========================================================
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/15/2015 11:22:20 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (04/15/2015 10:05:41 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Explorer.EXE version 6.2.9200.16628 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 115c
Start Time: 01d077fdf900ec8d
Termination Time: 0
Application Path: C:\WINDOWS\Explorer.EXE
Report Id: 38a86c2d-e3f6-11e4-be7d-083e8eb430d8
Faulting package full name: 
Faulting package-relative application ID:

 

I do not fully understand, want to tell you. But I see many errors. Could this be a driver issue.

-----------------------------------------------

 

You could also face this issue due to corrupt or out dated drivers. I would suggest you to provide us the Event Viewer logs so that we can analyze the issue better.  Event Viewer is an advanced tool that displays detailed information about significant events on your computer. It can be helpful when troubleshooting problems and errors with Windows and other programs.

 

To get to event viewer in Windows 8:

  1. Go to the Start Screen. Type in Event Viewer.
  2. This will bring up the Event Viewer box. Click to open the event viewer.
  3. In the left pane, expand out Windows Logs.

 Click on Application log. Highlight the first event in the log and use your arrow keys to scroll down. Most of your event will be Information. You may see Yellow Warnings or Red Errors. If you see a red error, you can double click on it to bring it up and copy the contents to a document. Copy the complete error message and paste it, so we check the complete error message.

 

You need to go to the manufacturer’s website and install the latest drivers. Follow the steps given under the section “To repair a drive” of the given link.

Improve performance by optimizing your drive

 

http://windows.microsoft.com/en-ca/windows-8/improve-performance-optimizing-hard-drive

 

-------

Event Viewer Critical/Warning Information Windows 8/7/Vista

--------------------

  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type eventvwr.msc and press Enter
  • Click on the arrow to the left of Windows Logs to expand the category
  • Left click on System
  • On the right hand side of the screen click Filter Current Log...
  • Select Critical and Warning, then click OK
  • Select Save Filtered Log File As...
  • Under File Name: please type System then save it to your desktop
  • Left click on Application and repeat the above steps saving the file as Application
  • Zip the files and upload them here
  • I will be automatically notified when the file has been successfully uploaded

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it.

  • Uploaded Event Viewer files

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#14 sonicspro

sonicspro
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:09:51 PM

Posted 24 April 2015 - 05:46 PM

I have uploaded the zipped System and Application files. I am now working on updating all out of date drivers. 
 
Thank you again !

Edited by Oh My!, 24 April 2015 - 08:20 PM.


#15 olgun52

olgun52

  • Malware Response Team
  • 3,778 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:51 AM

Posted 24 April 2015 - 07:58 PM

Okay...Nice

Let me know when you have done this.


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users