Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Please help with possible infection


  • This topic is locked This topic is locked
14 replies to this topic

#1 CoastalData

CoastalData

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 29 April 2015 - 02:30 PM

Hello,

 

I found my computer was running very slow today; when I looked at task manager, I found that disk activity is pegged at 100%, and Chrome and iExplore instances continually restart themselves.

 

My computer is a Dell tower running Windows 8.1.

 

What logs should I post first?

 

Thanks in advance!

 

--Jon



BC AdBot (Login to Remove)

 


#2 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 30 April 2015 - 08:08 AM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-04-2015 01
Ran by Jon (administrator) on CODE8 on 30-04-2015 00:05:26
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER (Available profiles: Jon & Katie & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & MSSQLFDLauncher & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool & .NET v4.5 & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DHCP Proxy\DHCPProxyService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft CoreXT) C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Launcher.exe
(Microsoft CoreXT) C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Startup.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 11.0\Tools\TFSBuildServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\TFSJobAgent\TFSJobAgent.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(ThreatTrack Security, Inc.) C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
() C:\Program Files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Highresolution Enterprises) C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
(Google Inc.) C:\Users\Jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsComProviderSvr.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\upnpcont.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dvdupgrd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wiaacmgr.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [PocketCloud Location] => C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseBrowser.exe [935312 2012-11-05] (Wyse Technology Inc.)
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBRC.exe [202648 2013-05-28] (ThreatTrack Security, Inc.)
HKLM\...\Run: [CGWatcher] => C:\Users\Jon\Desktop\AntMiner\cgwatcher\CGWatcher.exe [4525056 2014-05-16] (Justin Milone)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-02] (Highresolution Enterprises)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-27] (Microsoft Corp.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [MSCRM] => C:\Program Files (x86)\Microsoft Dynamics CRM\Client\ConfigWizard\CrmForOutlookInstaller.exe [36008 2014-11-08] (Microsoft Corporation)
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [292352 2015-01-07] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [EADM] => "D:\Program Files (x86)\Electronic Arts\EADM\EADMUI\EADMUI.exe"
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [SkyDrive] => C:\Users\Jon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-06-04] (Microsoft Corporation)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Google Update] => C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-09-10] (Google Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [ViStart] => C:\Users\Jon\AppData\Roaming\ViStart\ViStart.exe [1306624 2013-10-27] (Lee-Soft.com)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Slick Savings] => "C:\Users\Jon\AppData\Roaming\Slick Savings\CouponsHelper.exe"
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Web CEO] => "C:\Users\Jon\AppData\Local\Web CEO\BIN\webceo.exe" /hidetotray
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [MusicManager] => C:\Users\Jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2015-03-31] (Google Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Logitech Vid] => C:\Program Files (x86)\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Yammer Notifier] => C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Corporation\Yammer\Yammer Notifier.appref-ms silent
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9726760 2014-12-23] (Visicom Media Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [X-Lite] => C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe [4816192 2015-04-10] (CounterPath)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [WinStat] => C:\Users\Jon\AppData\Local\Temp\31541734.exe <===== ATTENTION
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Ukmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jon\AppData\Local\AQworks\lrdludjd.dll
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"s8\..\mshtml,RunHTMLApplication ";eval("sbw7<odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 27910 more characters). <==== Poweliks!
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2015-03-31]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-03-31]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-11-19]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-11-19]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2013-11-19]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-11-19]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Star2Star Framework.lnk [2014-12-04]
ShortcutTarget: Star2Star Framework.lnk -> C:\Program Files (x86)\Star2Star Framework\Star2Star.exe ()
Startup: C:\Users\jjaques719\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk [2013-01-31]
ShortcutTarget: Bitcoin.lnk -> C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe ()
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-11-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NexDef Plug-in.lnk [2013-01-09]
ShortcutTarget: NexDef Plug-in.lnk -> C:\Users\Jon\AppData\Local\Autobahn\nexdef.exe ()
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Star2Star Application Framework.lnk [2015-01-07]
ShortcutTarget: Star2Star Application Framework.lnk -> C:\Program Files (x86)\Star2Star Framework\Star2Star.exe ()
ShellIconOverlayIdentifiers: [0TfsOverlayControlled] -> {EFF5DF4C-7662-4ed7-B533-837D3319D311} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [1TfsOverlayEdit] -> {FF529703-3398-4c98-B88D-13F784CB10A2} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z0TfsOverlayAdd] -> {D4DD7FC6-066F-442a-A200-DD21649CF378} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z1TfsOverlayRename] -> {F15E94B9-9522-42bd-8A73-569BCBE5A5EA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z2TfsOverlayLock] -> {EAB6FC01-3462-4dc9-8C94-75582E3DC3CA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://kellytours-public.sharepoint.com/
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-165406014-2875721840-1828221187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\DLLx64\SnagItBHO64.dll [2007-02-16] (TechSmith Corporation)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-31] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-31] (LastPass)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-31] (Oracle Corporation)
BHO-x32: SnagIt Toolbar Loader -> {00C6482D-C502-44C8-8409-FCE54AD9C208} -> C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItBHO.dll [2007-02-16] (TechSmith Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-15] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-31] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-02-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-15] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-31] (LastPass)
Toolbar: HKLM-x32 - SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\SnagIt 8\SnagItIEAddin.dll [2007-02-16] (TechSmith Corporation)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-31] (LastPass)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://dvr.kellytours.com:7000/DVRemoteAx.cab
DPF: HKLM-x32 {3FB84210-0311-49BA-AFF7-A2C50E2D20B6} http://98.244.151.79/web.cab
DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.4 192.168.1.10 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\cf7ixh97.default-1402684103182
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-31] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-31] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2013-03-05] ( Sanford L.P.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-31] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2014-10-30] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2014-09-15] ()
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/O1DPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-05] (Google Inc.)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\np-mswmp.dll [2009-09-25] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-04-17] (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Jon\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-04-17] (Google)
FF Extension: LastPass - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\cf7ixh97.default-1402684103182\Extensions\support@lastpass.com [2015-03-31]
FF Extension: Alphabetical Categorizer - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\cf7ixh97.default-1402684103182\Extensions\{3C207819-4ABE-2A65-65FA-429114E41DEA} [2015-04-29]
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-11-13]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Alphabetical Categorizer) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2015-04-29]
CHR Extension: (Access Panel Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjcmhfjliphkplbbfbplkcafafajmnm [2015-04-28]
CHR Extension: (Angry Birds) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-02-03]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2014-01-29]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-12-26]
CHR Extension: (Share this page) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apffpedghjjmgahbcedbamfnelmfbjao [2014-02-25]
CHR Extension: (Session Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-01-29]
CHR Extension: (Google Cast) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-01-03]
CHR Extension: (Chrome RDP) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbkkbcmdlboombapidmoeolnmdacpkch [2015-02-03]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-12-26]
CHR Extension: (Unfriend Finder for Facebook) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecolodplncpedbpiicabmflhfemjnool [2013-01-06]
CHR Extension: (Session Buddy) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-06-13]
CHR Extension: (Google Calendar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2014-01-29]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2014-05-01]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2015-02-03]
CHR Extension: (BetaFish Adblocker) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-01-29]
CHR Extension: (Bookmark Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-22]
CHR Extension: (FlashBlock) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gofhjkjmkpinhpoiabjplobcaignabnl [2013-05-15]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-03-31]
CHR Extension: (Tamper Chrome (extension)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifhgpdkfodlpnlmlnmhchnkepplebkb [2014-07-31]
CHR Extension: (MonkeyPeanuts.com) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hpgmemjkkenkeiijealhpmdipjklimgb [2014-01-29]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2014-05-07]
CHR Extension: (Lord of Ultima) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced [2013-01-12]
CHR Extension: (Shelby.tv) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaiaomcjnpnglpdjmkedmmckhmgljoge [2014-01-29]
CHR Extension: (zoomWheel) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfgigbjonaniokmpfflpflkhahhbaej [2014-01-29]
CHR Extension: (RT News) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloiceblkijlknknaibcaieiicafajlo [2014-01-29]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-05]
CHR Extension: (AudioSauna) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2015-02-03]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2014-11-12]
CHR Extension: (ruul. Screen ruler) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlbnpnlmfngmlcmkhjpbfokdphfehhjj [2013-09-17]
CHR Extension: (Need for Speed World) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnnelgnkomjdakpkjpkfehdipjifjmbk [2015-02-03]
CHR Extension: (Hangouts) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2013-09-09]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (My Chrome Theme) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic [2015-02-03]
CHR Extension: (Instagram for Chrome) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-03-28]
CHR Extension: (Outlook.com) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2014-01-29]
CHR Extension: (Google Reader) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-12-26]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-12-26]
CHR Extension: (1-Up for Google+) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkmbgbnldenjnbgbigpkjokfdfgmmclo [2014-01-29]
CHR Extension: (WordPress.com Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbfhcegldppmibabepjfjloachnmjb [2013-01-29]
CHR Extension: (Canvas Rider) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-02-03]
CHR Extension: (Microsoft Tools Launcher) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\poofkhaglkpjdillbmdechlaepdcdhch [2013-09-09]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (LastPass) - C:\Users\Jon\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2014-05-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8418816 2015-03-10] (Remote Monitoring) [File not signed]
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) [File not signed]
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-27] (Microsoft Corp.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2013-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-02-10] (Microsoft Corporation)
R2 DHCPProxyService; C:\Program Files (x86)\DHCP Proxy\DHCPProxyService.exe [307314 2005-08-02] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [49752 2012-02-11] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
S4 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.) [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation)
U2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
R2 SerresEndpointAgent; C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Launcher.exe [22256 2015-02-23] (Microsoft CoreXT)
S3 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [46912 2013-06-03] (Spiceworks, Inc.)
S3 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 TFSBuildServiceHost.2012; C:\Program Files\Microsoft Team Foundation Server 11.0\Tools\TFSBuildServiceHost.exe [363024 2012-11-06] (Microsoft Corporation)
R2 TFSJobAgent; C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [41432 2012-11-06] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [13368832 2013-09-14] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-28] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-28] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2013-10-28] (Microsoft Corporation)
S3 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
S3 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-29] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-29] (Emsisoft GmbH)
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-10-28] (Microsoft Corporation)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2014-05-16] (http://libusb-win32.sourceforge.net)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-10-28] (Microsoft Corporation)
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49312 2014-11-10] (Visicom Media Inc.)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-03] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-10-28] (Microsoft Corporation)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [28256 2009-12-04] (TeraByte, Inc.)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-10-28] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SerresWfp; C:\Windows\System32\Drivers\SerresWfp.sys [56464 2015-02-23] (Microsoft Corporation)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx.sys [114424 2014-03-18] (Sierra Wireless Inc.)
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [19456 2013-10-28] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [686080 2013-10-08] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 wmbclass; C:\Windows\system32\DRIVERS\wmbclass.sys [266752 2013-08-22] (Microsoft Corporation)
S2 SCWFPFilter; \SystemRoot\system32\DRIVERS\WFPFilter.sys [X]
S2 vstor2-mntapi10-shared; \??\C:\Program Files\Backup Manager\vddk\AMD64\vstor2-mntapi10-shared.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-30 00:05 - 2015-04-30 00:08 - 00048608 _____ () C:\Users\Jon\Desktop\FRST.txt
2015-04-30 00:04 - 2015-04-30 00:06 - 00000000 ____D () C:\FRST
2015-04-29 23:40 - 2013-05-28 11:57 - 00048536 _____ (ThreatTrack Security, Inc.) C:\Windows\system32\sbbd.exe
2015-04-29 23:01 - 2015-04-29 23:01 - 00003280 ____N () C:\bootsqm.dat
2015-04-29 17:41 - 2015-04-29 17:41 - 02101248 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-04-29 17:24 - 2015-04-29 17:25 - 00000000 ____D () C:\Users\Jon\Desktop\Tweaking.com - Windows Repair
2015-04-29 17:12 - 2015-04-29 17:12 - 10661980 _____ () C:\Users\Jon\Desktop\tweaking.com_windows_repair_aio.zip
2015-04-29 16:41 - 2015-04-29 16:41 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Monitoring Agent.lnk
2015-04-29 16:41 - 2015-04-29 16:08 - 06617099 _____ () C:\Users\Jon\Desktop\AGENT_COASTAL_DATA_ENTERPISES__INC._OFFICE_V9_8_7_RW.ZIP
2015-04-29 15:54 - 2015-04-30 00:01 - 00167939 _____ () C:\Windows\WindowsUpdate.log
2015-04-29 15:52 - 2015-04-29 23:33 - 00001302 _____ () C:\Windows\PFRO.log
2015-04-29 15:12 - 2015-04-29 15:12 - 00000000 ____D () C:\TDSSKiller_Quarantine
2015-04-29 15:10 - 2015-04-29 18:45 - 00000000 ____D () C:\EEK
2015-04-29 15:10 - 2015-04-29 15:10 - 00000759 _____ () C:\Users\Jon\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-29 15:09 - 2015-04-29 15:09 - 155390640 _____ () C:\Users\Jon\Downloads\EmsisoftEmergencyKit.exe
2015-04-29 15:02 - 2015-04-29 15:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller (1).exe
2015-04-29 14:53 - 2015-04-29 15:02 - 00002384 _____ () C:\Users\Jon\Desktop\Rkill.txt
2015-04-29 14:53 - 2015-04-29 14:53 - 05619691 _____ (Swearware) C:\Users\Jon\Downloads\ComboFix.exe
2015-04-29 14:53 - 2015-04-29 14:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe
2015-04-29 14:53 - 2015-04-29 14:53 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore64.exe
2015-04-29 14:20 - 2015-04-29 14:26 - 02001540 _____ () C:\Users\Jon\Downloads\pc-decrapifier-3.0.0.exe
2015-04-29 12:32 - 2015-04-29 12:32 - 00000273 _____ () C:\Users\Jon\AppData\Roaming\j8hab1u1gank1k1
2015-04-29 03:15 - 2015-04-29 15:52 - 00000000 ____D () C:\Users\Jon\AppData\Local\AQworks
2015-04-28 19:11 - 2015-04-28 19:11 - 00000375 _____ () C:\Users\Jon\AppData\Roaming\g2tqhjhewq211sg
2015-04-28 12:49 - 2015-04-28 12:50 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Windows Azure Powershell
2015-04-28 12:48 - 2015-04-28 12:48 - 00000000 ____D () C:\WindowsAzure
2015-04-28 12:47 - 2015-04-28 12:47 - 00350936 _____ (Microsoft Corporation) C:\Users\Jon\Downloads\SDP.0b2320b237373835333833343833b0.Run.exe
2015-04-28 12:06 - 2015-04-28 12:06 - 00004415 _____ () C:\Users\Jon\Downloads\REMOTE-PC (1).rdp
2015-04-28 11:52 - 2015-04-28 11:52 - 00000074 _____ () C:\Users\Jon\Downloads\KTCLOUD.rdp
2015-04-27 16:19 - 2015-04-27 16:19 - 00012923 _____ () C:\Users\Jon\Downloads\CoastalDataEnterpisesInc_2015_03_.csv
2015-04-27 16:18 - 2015-04-27 16:18 - 00012928 _____ () C:\Users\Jon\Downloads\CoastalDataEnterpises,Inc._2015_02_ (1).csv
2015-04-27 14:54 - 2015-04-27 14:54 - 00004415 _____ () C:\Users\Jon\Downloads\REMOTE-PC.rdp
2015-04-27 14:43 - 2015-04-29 14:10 - 00000000 __SHD () C:\Users\Jon\AppData\Roaming\UlRQVFxRUj5ZXQ
2015-04-24 21:10 - 2015-04-24 21:10 - 00000668 _____ () C:\Users\Jon\Downloads\gfi-servicedesk.qwc
2015-04-24 10:23 - 2015-04-24 10:23 - 00000000 ____D () C:\Users\Jon\AppData\Local\Xpert360
2015-04-24 10:16 - 2015-04-24 10:16 - 00276348 _____ () C:\Users\Jon\Downloads\X360AIDE-TRIAL.zip
2015-04-22 15:42 - 2015-04-22 15:42 - 00004314 _____ () C:\Users\Jon\Documents\Motor Coach Safety Video.mds
2015-04-22 15:41 - 2015-04-22 15:42 - 90798080 _____ () C:\Users\Jon\Documents\Motor Coach Safety Video.iso
2015-04-22 11:32 - 2015-04-22 11:32 - 04516188 _____ () C:\Users\Jon\Downloads\themeforest-5060723-tour-operator-wp-theme-with-reservation-system-wordpress_theme (2).zip
2015-04-22 10:49 - 2015-04-22 10:49 - 00000037 _____ () C:\Users\Jon\Downloads\htaccess (1)
2015-04-21 12:38 - 2015-04-21 12:38 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Jon\Downloads\FreemakeVideoConverterSetup (2).exe
2015-04-21 12:37 - 2015-04-21 12:37 - 00000000 ____D () C:\Users\Jon\AppData\Local\FreemakeVideoConverter
2015-04-21 12:32 - 2015-04-21 12:32 - 00001406 _____ () C:\Users\Public\Desktop\Free Disc Burner.lnk
2015-04-21 12:32 - 2015-04-21 12:32 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-21 12:30 - 2015-04-21 12:31 - 18393968 _____ (DVDVideoSoft Ltd. ) C:\Users\Jon\Downloads\FreeDiscBurner.exe
2015-04-21 12:28 - 2015-04-21 12:28 - 00012376 _____ () C:\Users\Jon\Downloads\FreeDiscBurner.torrent
2015-04-21 12:26 - 2015-04-21 12:27 - 21318680 _____ (Visicom Media Inc.) C:\Users\Jon\Downloads\ManyDownloader64.FREE.exe
2015-04-21 12:26 - 2015-04-21 12:27 - 21318680 _____ (Visicom Media Inc.) C:\Users\Jon\Downloads\ManyDownloader64.FREE (1).exe
2015-04-21 11:51 - 2015-04-21 11:51 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Visicom Media
2015-04-16 19:58 - 2015-04-16 19:58 - 03737670 _____ () C:\Users\Jon\Downloads\codecanyon-242431-visual-composer-page-builder-for-wordpress (2).zip
2015-04-16 11:20 - 2015-04-16 11:20 - 02646958 _____ () C:\Users\Jon\Downloads\sonshine_wrdp1_wp_20150416_656.sql.gz
2015-04-15 16:39 - 2015-04-15 16:39 - 00001129 _____ () C:\Users\Public\Desktop\X-Lite.lnk
2015-04-15 16:39 - 2015-04-15 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CounterPath X-Lite
2015-04-15 16:39 - 2015-04-15 16:39 - 00000000 ____D () C:\ProgramData\CounterPath Corporation
2015-04-15 16:38 - 2015-04-15 16:39 - 01101098 _____ () C:\Windows\system32\installer.log
2015-04-15 16:38 - 2015-04-15 16:39 - 00056818 _____ () C:\Windows\SysWOW64\installer.log
2015-04-15 16:34 - 2015-04-15 16:34 - 41308664 _____ (CounterPath Corporation ) C:\Users\Jon\Downloads\X-Lite_Win32_4.8.2_76122.exe
2015-04-13 12:05 - 2015-04-13 12:05 - 34755151 _____ () C:\Users\Jon\Downloads\MC7354_5.5.16.2_ATT.mdm
2015-04-13 12:00 - 2015-04-13 12:00 - 10529664 _____ () C:\Users\Jon\Downloads\u_ibr600_5_3_4_Release_2015_02_19.bin
2015-04-09 13:18 - 2015-04-09 13:18 - 04114176 _____ () C:\Users\Jon\Downloads\adimagin_wrdp1 - fixed.sql
2015-04-09 13:17 - 2015-04-09 13:17 - 04185688 _____ () C:\Users\Jon\Downloads\adimagin_wrdp1.sql
2015-04-09 13:03 - 2015-04-09 13:03 - 04114084 _____ () C:\Users\Jon\Downloads\ad imaging fixed localhost (2).sql
2015-04-09 12:57 - 2015-04-09 12:57 - 04185596 _____ () C:\Users\Jon\Downloads\localhost (2).sql
2015-04-09 11:12 - 2015-04-10 10:28 - 00409600 _____ () C:\Users\Jon\Documents\JSON Formatter.accdb
2015-04-09 11:08 - 2015-04-09 11:08 - 00649522 _____ () C:\Users\Jon\Downloads\gravityforms-export-2015-04-09.json
2015-04-08 16:54 - 2015-04-08 16:54 - 00000000 ____D () C:\Users\Jon\Documents\AED
2015-04-07 17:03 - 2015-04-07 17:03 - 06720088 _____ () C:\Users\Jon\Downloads\wordpress-4.1.1.zip
2015-04-07 15:22 - 2015-04-07 15:22 - 00001596 _____ () C:\Users\Jon\Downloads\Citrix_Licenses.zip
2015-04-07 15:22 - 2015-04-07 15:22 - 00000000 ____D () C:\Users\Jon\Downloads\Citrix
2015-04-07 11:48 - 2015-04-07 11:48 - 00001613 _____ () C:\Users\Jon\Downloads\FID__590bf1a9_14c229cf4c5_362a.lic
2015-04-07 11:48 - 2015-04-07 11:48 - 00001613 _____ () C:\Users\Jon\Downloads\FID__590bf1a9_14c229cf4c5_362a (1).lic
2015-04-01 12:46 - 2015-04-01 12:47 - 49484792 _____ (Visicom Media Inc.) C:\Users\Jon\Downloads\ManyCamSetup (1).exe
2015-04-01 12:24 - 2015-04-01 12:24 - 00010523 _____ () C:\Users\Jon\Documents\tblPayments.xlsx
2015-03-31 11:51 - 2015-03-31 11:51 - 00001192 _____ () C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-03-31 11:49 - 2015-03-31 11:50 - 14283832 _____ (LastPass) C:\Users\Jon\Downloads\lastpass_x64.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-30 00:09 - 2014-04-18 14:52 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps
2015-04-30 00:02 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-04-29 23:55 - 2013-01-25 15:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-29 23:46 - 2012-12-26 15:35 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-165406014-2875721840-1828221187-1001
2015-04-29 23:44 - 2014-04-19 16:39 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008UA.job
2015-04-29 23:44 - 2012-12-26 15:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 23:42 - 2015-01-10 05:11 - 00000000 __RDO () C:\Users\Jon\SkyDrive (2)
2015-04-29 23:42 - 2014-02-18 18:33 - 00003294 _____ () C:\Windows\System32\Tasks\WizMouse
2015-04-29 23:42 - 2013-09-12 17:15 - 00000000 ____D () C:\Users\Jon\AppData\Local\HTC MediaHub
2015-04-29 23:42 - 2013-09-10 14:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1001UA.job
2015-04-29 23:41 - 2012-12-26 15:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 23:38 - 2013-10-28 19:02 - 27590656 _____ () C:\Windows\system32\vmguest.iso
2015-04-29 23:35 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-29 23:18 - 2013-10-28 19:50 - 00000604 __RSH () C:\Users\Jon\ntuser.pol
2015-04-29 23:18 - 2013-10-28 18:03 - 00000000 ____D () C:\Users\Jon
2015-04-29 23:09 - 2013-03-09 20:09 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
2015-04-29 17:40 - 2014-11-10 13:21 - 00000000 ____D () C:\Users\Jon\Downloads\AntiMalwarePack
2015-04-29 17:03 - 2013-01-05 22:03 - 00000000 ____D () C:\temp
2015-04-29 16:44 - 2014-04-19 16:39 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008Core.job
2015-04-29 15:51 - 2013-08-22 09:25 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-04-29 15:49 - 2012-12-27 23:16 - 00000000 ____D () C:\Users\Jon\Documents\Outlook Files
2015-04-29 15:31 - 2014-10-27 17:42 - 00000000 ____D () C:\Users\Jon\Documents\Invoices
2015-04-29 15:29 - 2013-05-25 19:12 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Winamp
2015-04-29 15:28 - 2013-01-23 20:13 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Azureus
2015-04-29 15:28 - 2013-01-06 15:46 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Notepad++
2015-04-29 15:14 - 2014-01-26 12:08 - 00000000 ___DC () C:\Users\Jon\AppData\Local\MigWiz
2015-04-29 15:14 - 2013-10-28 21:52 - 00000000 ___DC () C:\Windows\Panther
2015-04-29 15:13 - 2013-12-12 08:41 - 00000000 ____D () C:\Windows\Minidump
2015-04-29 14:56 - 2013-04-25 23:59 - 00000000 ____D () C:\Users\Jon\Documents\SQL Server Management Studio
2015-04-29 14:11 - 2014-12-04 11:43 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Star2Star
2015-04-29 13:41 - 2013-06-05 11:51 - 00003612 _____ () C:\Windows\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-165406014-2875721840-1828221187-1001
2015-04-29 01:42 - 2013-09-10 14:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1001Core.job
2015-04-28 12:17 - 2013-06-04 11:59 - 00004404 _____ () C:\Users\Jon\Desktop\JOY-PC.rdp
2015-04-28 11:24 - 2014-05-02 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Dynamics CRM
2015-04-28 11:22 - 2013-10-28 17:59 - 01350614 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-28 10:48 - 2014-06-23 10:59 - 00003814 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401393866
2015-04-28 10:48 - 2014-05-29 16:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-28 10:47 - 2014-05-29 16:04 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-25 01:44 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-04-24 10:11 - 2012-12-26 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Team Foundation Local Workspaces
2015-04-24 10:07 - 2012-12-26 17:02 - 00000000 ____D () C:\Users\Jon\Documents\Visual Studio 2012
2015-04-24 09:59 - 2012-12-31 15:45 - 00002334 ____H () C:\Users\Jon\Documents\Default.rdp
2015-04-23 23:24 - 2014-11-14 17:44 - 00002286 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-23 23:24 - 2012-12-27 12:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-23 23:23 - 2014-11-04 14:21 - 00000987 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-23 23:23 - 2014-11-04 14:21 - 00000975 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-04-22 15:45 - 2013-01-05 20:31 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\vlc
2015-04-21 12:32 - 2013-10-29 17:37 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\DVDVideoSoft
2015-04-21 12:29 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-04-21 12:13 - 2013-11-07 11:23 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-04-20 17:22 - 2014-04-13 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-04-20 13:50 - 2014-07-24 09:08 - 00052939 _____ () C:\Users\Jon\Documents\qryTeachersByTours.xlsx
2015-04-17 13:44 - 2013-06-22 17:19 - 00000305 _____ () C:\Windows\ODBC.INI
2015-04-16 19:54 - 2014-08-27 14:46 - 00000000 ____D () C:\Users\Jon\Documents\Snagit
2015-04-16 12:06 - 2013-01-20 13:28 - 01863680 _____ () C:\Users\Jon\Documents\Desktop Call tracker.accdb
2015-04-14 16:46 - 2013-01-23 22:44 - 00000000 ____D () C:\ProgramData\TechSmith
2015-04-14 16:45 - 2014-04-13 14:51 - 00000000 ____D () C:\ProgramData\regid.1995-08.com.techsmith
2015-04-14 12:55 - 2015-01-24 15:55 - 18178736 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-04-14 12:55 - 2013-01-25 15:31 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-13 14:14 - 2013-09-30 00:04 - 01333520 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 15:43 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-01 12:48 - 2013-05-08 09:52 - 00000000 ____D () C:\Users\Jon\AppData\Local\ManyCam
2015-03-31 11:51 - 2012-12-26 15:32 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-31 11:51 - 2012-12-26 15:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-03-31 11:51 - 2012-12-26 15:32 - 00000000 ____D () C:\Program Files (x86)\LastPass
 
==================== Files in the root of some directories =======
 
2014-03-21 11:38 - 2014-03-21 11:39 - 0041756 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2013-09-18 15:01 - 2014-04-24 11:44 - 0087522 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2012-12-26 15:32 - 2015-03-31 11:51 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-02 15:37 - 2008-10-06 22:49 - 0053248 _____ (Wyse Technology Inc.) C:\Program Files (x86)\Common Files\WyseImager.exe
2015-04-28 19:11 - 2015-04-28 19:11 - 0038912 _____ () C:\Users\Jon\AppData\Roaming\05 - Killed The Lord, Left For The New World.mp3
2015-04-29 12:32 - 2015-04-29 12:32 - 0231424 _____ () C:\Users\Jon\AppData\Roaming\05-kings_of_leon-temple.mp3
2015-04-28 13:16 - 2015-04-28 13:16 - 0231424 _____ () C:\Users\Jon\AppData\Roaming\08 Think I'll Go Inside.mp3
2013-01-06 15:46 - 2013-01-06 16:40 - 91267620 _____ () C:\Users\Jon\AppData\Roaming\D Drive01-06-2013.txt
2013-01-06 17:36 - 2013-03-24 21:38 - 39244370 _____ () C:\Users\Jon\AppData\Roaming\Default-1.txt
2013-01-06 15:43 - 2013-01-06 15:46 - 25992493 _____ () C:\Users\Jon\AppData\Roaming\Default01-06-2013.txt
2013-01-06 16:19 - 2013-01-06 16:35 - 6649594 _____ () C:\Users\Jon\AppData\Roaming\E Documents01-06-2013.txt
2013-01-06 16:35 - 2013-01-06 16:35 - 26382035 _____ () C:\Users\Jon\AppData\Roaming\E Drive01-06-2013.txt
2015-04-28 19:11 - 2015-04-28 19:11 - 0000375 _____ () C:\Users\Jon\AppData\Roaming\g2tqhjhewq211sg
2015-04-29 12:32 - 2015-04-29 12:32 - 0000273 _____ () C:\Users\Jon\AppData\Roaming\j8hab1u1gank1k1
2015-04-28 12:58 - 2015-04-28 12:58 - 0035840 _____ () C:\Users\Jon\AppData\Roaming\Think About It.mp3
2013-01-27 22:10 - 2014-05-04 22:56 - 0010752 _____ () C:\Users\Jon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-19 18:42 - 2009-12-08 04:23 - 0000000 _____ () C:\Users\Jon\AppData\Local\ifw.ini
2013-04-18 21:22 - 2013-04-18 21:22 - 0000600 _____ () C:\Users\Jon\AppData\Local\PUTTY.RND
2012-12-26 21:21 - 2015-02-18 11:20 - 0007635 _____ () C:\Users\Jon\AppData\Local\resmon.resmoncfg
2015-03-26 07:45 - 2015-03-26 07:45 - 0000057 _____ () C:\ProgramData\Ament.ini
 
Files to move or delete:
====================
C:\Users\Jon\All C files.bat
C:\Users\Jon\All D files.bat
 
 
Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\59961875.exe
C:\Users\Jon\AppData\Local\Temp\60542000.exe
C:\Users\Jon\AppData\Local\Temp\77941625.exe
C:\Users\Jon\AppData\Local\Temp\93602515.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-04-29 06:58
 
==================== End Of Log ============================


#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 03 May 2015 - 08:56 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

To me this is suspicious. If you know what it is fine otherwise add these lines in the Code box below before saving the Fixlist.txt file.
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Ukmedia] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jon\AppData\Local\AQworks\lrdludjd.dll
C:\Users\Jon\AppData\Local\AQworks



Google Reader has been discontinued.
http://www.google.com/reader/about/
If you wish to remove it Add these lines in the Code box below before saving the Fixlist.txt file.
CHR Extension: (Google Reader) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm [2012-12-26]
C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjjhlfkghdhmijklfnahfkpgmhcmfgcm


===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

(Microsoft Corporation) C:\Windows\SysWOW64\cmmon32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhst3g.exe
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Slick Savings] => "C:\Users\Jon\AppData\Roaming\Slick Savings\CouponsHelper.exe"
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [WinStat] => C:\Users\Jon\AppData\Local\Temp\31541734.exe <===== ATTENTION
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"s8\..\mshtml,RunHTMLApplication ";eval("sbw7<odv!@buhwdYNckdbu)#VRbshqu/Rid (the data entry has 27910 more characters). <==== Poweliks!
GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3263513310-3392720605-1798839546-683002060-3227631582] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-165406014-2875721840-1828221187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
S2 SCWFPFilter; \SystemRoot\system32\DRIVERS\WFPFilter.sys [X]
S2 vstor2-mntapi10-shared; \??\C:\Program Files\Backup Manager\vddk\AMD64\vstor2-mntapi10-shared.sys [X]
C:\Users\Jon\AppData\Local\Temp\31541734.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

How is the computer running now?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 08 May 2015 - 07:09 AM

Are you still with me?

#5 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 08 May 2015 - 09:19 AM

Hello, I got help from my A/V provider, Vipre, and the system seems to be running okay.

 

Just to be sure, however, would you mind reviewing a fresh frst log scan, to make sure it's clean?



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 08 May 2015 - 12:59 PM

No run the Farbar tool and post a fresh FRSt log for my review.

#7 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 08 May 2015 - 01:14 PM

From safe mode, or is normal okay?



#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 09 May 2015 - 05:57 AM

Normal mode.

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 15 May 2015 - 10:40 AM

Are you still with me?

#10 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 15 May 2015 - 10:52 AM

Hello, yes, here is FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Jon (administrator) on CODE8 on 15-05-2015 11:47:25
Running from C:\Kerry-tts
Loaded Profiles: Jon & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & SQLSERVERAGENT & MSSQLSERVER (Available profiles: Jon & Katie & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 Pro (Update 1) (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Two Pilots) C:\Windows\VPDAgent_x64.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
() C:\Program Files (x86)\DHCP Proxy\DHCPProxyService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Nero AG) C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\LVPrS64H.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Microsoft Online Services\MSOIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe
(The Neat Company) C:\Program Files (x86)\Neat\exec\NeatStartupService.exe
() C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 11.0\Tools\TFSBuildServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\TFSJobAgent\TFSJobAgent.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft CoreXT) C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Launcher.exe
(Microsoft CoreXT) C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Startup.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(Microsoft Corporation) C:\Windows\System32\LogonUI.exe
(DisplayLink Corp.) C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsComProviderSvr.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intuit, Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBDBMgrN.exe
(Intuit Inc. All rights reserved.) C:\Users\Jon\AppData\Local\Intuit\SyncManager\Current\IntuitSyncManager.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Remote Monitoring) C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe
(Microsoft Corporation) C:\Windows\System32\rdpclip.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Intuit Inc.) C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\axlbridge.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SBRegRebootCleaner] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBRC.exe [202648 2013-05-28] (ThreatTrack Security, Inc.)
HKLM\...\Run: [XMouseButtonControl] => C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe [1091568 2015-03-02] (Highresolution Enterprises)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-02-27] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM-x32\...\Run: [AdvancedMonitoringSysTray] => C:\Program Files (x86)\Advanced Monitoring Agent\systray\Launcher.exe [291328 2014-04-16] ()
HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMTray.exe [3232152 2013-05-28] (Managed Antivirus)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [1823656 2013-12-11] (Valve Corporation)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [25700400 2015-04-28] (Google)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [ManyCam] => C:\Program Files (x86)\ManyCam\ManyCam.exe [9726760 2014-12-23] (Visicom Media Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [HP Officejet Pro 6830 (NET)] => C:\Program Files\HP\HP Officejet Pro 6830\Bin\ScanToPCActivationApp.exe [3493952 2014-07-18] (Hewlett-Packard Development Company, LP)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [X-Lite] => C:\Program Files (x86)\CounterPath\X-Lite\X-Lite.exe [4816192 2015-04-10] (CounterPath)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Run: [GoogleChromeAutoLaunch_1476D5075BFDEEA31B57A901BC660F86] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-27] (Google Inc.)
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\...\Policies\Explorer: [NoControlPanel] 0
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intuit Data Protect.lnk [2013-11-19]
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files (x86)\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk [2013-11-19]
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Web Connector.lnk [2013-11-19]
ShortcutTarget: QuickBooks Web Connector.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBWebConnector\QBWebConnector.exe (Intuit)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk [2013-11-19]
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBW32.EXE (Intuit Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Star2Star Framework.lnk [2014-12-04]
ShortcutTarget: Star2Star Framework.lnk -> C:\Program Files (x86)\Star2Star Framework\Star2Star.exe ()
Startup: C:\Users\jjaques719\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-09-02]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2013-11-20]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk [2013-01-01]
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Star2Star Application Framework.lnk [2015-01-07]
ShortcutTarget: Star2Star Application Framework.lnk -> C:\Program Files (x86)\Star2Star Framework\Star2Star.exe ()
ShellIconOverlayIdentifiers: [0TfsOverlayControlled] -> {EFF5DF4C-7662-4ed7-B533-837D3319D311} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [1TfsOverlayEdit] -> {FF529703-3398-4c98-B88D-13F784CB10A2} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z0TfsOverlayAdd] -> {D4DD7FC6-066F-442a-A200-DD21649CF378} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z1TfsOverlayRename] -> {F15E94B9-9522-42bd-8A73-569BCBE5A5EA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers: [z2TfsOverlayLock] -> {EAB6FC01-3462-4dc9-8C94-75582E3DC3CA} => C:\Program Files (x86)\Microsoft Team Foundation Server 2012 Power Tools\TfsShellExt.DLL [2013-05-07] ()
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.msn.com/
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-165406014-2875721840-1828221187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-31] (Oracle Corporation)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-31] (LastPass)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-31] (Oracle Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-15] (Oracle Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-31] (LastPass)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-03-10] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-15] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-03-31] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-03-31] (LastPass)
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} http://dvr.kellytours.com:7000/DVRemoteAx.cab
DPF: HKLM-x32 {3FB84210-0311-49BA-AFF7-A2C50E2D20B6} http://98.244.151.79/web.cab
DPF: HKLM-x32 {5C709EEC-DDE1-4738-8E57-7564E2637891} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom1_2009.cab
DPF: HKLM-x32 {788539E8-002D-4E59-9089-40B694A99C9A} https://merchantaccount.quickbooks.com/sync/QBMASSyncCom2_2008.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
Handler-x32: intu-help-qb7 - {5A03BD9D-766D-47A6-8E87-CD90F60BE245} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\HelpAsyncPluggableProtocol.dll [2014-12-10] (Intuit, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\SysWOW64\mscoree.dll [2013-08-21] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.4 192.168.1.10 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-14] ()
FF Plugin: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\system32\npDeployJava1.dll [2013-01-31] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.11.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-01-31] (Oracle Corporation)
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-31] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-14] ()
FF Plugin-x32: @dymo.com/DymoLabelFramework -> C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2013-03-05] ( Sanford L.P.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-06-06] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-10-15] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-10-15] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-03-31] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-06-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-02-04] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: JFGuide -> C:\Program Files (x86)\NetSurveillance\CMS\npGuide.dll [2014-10-30] ()
FF Plugin-x32: JFWeb -> C:\Program Files (x86)\NetSurveillance\CMS\npWebPlugin.dll [2014-09-15] ()
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jon\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-01-08] (Citrix Online)
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/O1DPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Jon\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2012-12-07] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-03-12] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012-06-28] (Nullsoft, Inc.)
FF HKLM-x32\...\Firefox\Extensions: [fiddlerhook@fiddler2.com] - C:\Program Files (x86)\Fiddler2\FiddlerHook
FF Extension: FiddlerHook - C:\Program Files (x86)\Fiddler2\FiddlerHook [2013-11-13]
 
Chrome: 
=======
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-05-04]
CHR Extension: (Angry Birds) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2015-05-04]
CHR Extension: (TooManyTabs for Chrome) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\amigcgbheognjmfkaieeeadojiibgbdp [2015-05-04]
CHR Extension: (Google Docs) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-04]
CHR Extension: (Google Drive) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-04]
CHR Extension: (Adblock Plus) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-05-04]
CHR Extension: (Google Search) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-04]
CHR Extension: (orion theme) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\denlnfkhnpeejofbcbpcbaphpnfncmhn [2015-05-04]
CHR Extension: (Google Calendar) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-05-04]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi [2015-05-04]
CHR Extension: (Google Sheets) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-05-04]
CHR Extension: (Bookmark Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-05-04]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-05-04]
CHR Extension: (Tamper Chrome (extension)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\hifhgpdkfodlpnlmlnmhchnkepplebkb [2015-05-04]
CHR Extension: (Google Play Music) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-05-04]
CHR Extension: (zoomWheel) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdfgigbjonaniokmpfflpflkhahhbaej [2015-05-04]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-05-04]
CHR Extension: (AudioSauna) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkgfemnodkdnenmfkblebnkjpckkjcae [2015-05-04]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-05-04]
CHR Extension: (Hangouts) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-05-04]
CHR Extension: (Google Wallet) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-05-04]
CHR Extension: (Instagram for Chrome) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\opnbmdkdflhjiclaoiiifmheknpccalb [2015-05-04]
CHR Extension: (Outlook.com) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge [2015-05-04]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-04]
CHR Extension: (WordPress.com Extension) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnbbfhcegldppmibabepjfjloachnmjb [2015-05-04]
CHR Extension: (Canvas Rider) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\poknhlcknimnnbfcombaooklofipaibk [2015-05-04]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR StartupUrls: "hxxp://coastaldata.maxdesk.us/admin/incidents/OPEN", "https://dashboard.systemmonitor.us/default.php"
OPR Extension: (LastPass) - C:\Users\Jon\AppData\Roaming\Opera Software\Opera Stable\Extensions\hnjalnkldgigidggphhmacmimbdlafdo [2014-05-29]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Advanced Monitoring Agent; C:\Program Files (x86)\Advanced Monitoring Agent\winagent.exe [8373760 2014-11-03] (Remote Monitoring) [File not signed]
R2 Agent; C:\Windows\VPDAgent_x64.exe [148480 2013-06-25] (Two Pilots) [File not signed]
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2013-10-28] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2719928 2015-04-22] (Microsoft Corporation)
R2 DHCPProxyService; C:\Program Files (x86)\DHCP Proxy\DHCPProxyService.exe [307314 2005-08-02] () [File not signed]
R2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9281840 2013-10-07] (DisplayLink Corp.)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2013-03-05] (Sanford, L.P.)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-11-13] (Freemake) [File not signed]
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [139776 2012-07-25] (Microsoft Corporation) [File not signed]
R2 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-04-12] (Nero AG)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 MsDtsServer110; C:\Program Files\Microsoft SQL Server\110\DTS\Binn\MsDtsSrvr.exe [218040 2012-06-12] (Microsoft Corporation)
R2 msoidsvc; C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2079520 2012-05-17] (Microsoft Corp.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [192000 2012-12-29] (Microsoft Corporation)
R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [190904 2012-06-12] (Microsoft Corporation)
R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS11.MSSQLSERVER\OLAP\bin\msmdsrv.exe [61538744 2012-06-12] (Microsoft Corporation)
S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation)
S3 NBService; C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe [774144 2006-11-10] (Nero AG) [File not signed]
R2 Neat Startup Service; C:\Program Files (x86)\Neat\exec\NeatStartupService.exe [6144 2014-08-06] (The Neat Company) [File not signed]
R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [45056 2014-12-10] (Intuit) [File not signed]
R3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [65536 2013-10-10] (Intuit Inc.) [File not signed]
R2 QBVSS; C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2013-08-19] (Intuit Inc.) [File not signed]
S4 QuickBooksDB24; C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 14.0\QBDBMgrN.exe [679936 2013-08-19] (Intuit, Inc.) [File not signed]
R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS11.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2348472 2012-06-12] (Microsoft Corporation)
S2 SBAMSvc; C:\Program Files (x86)\Advanced Monitoring Agent\managedav\SBAMSvc.exe [3681016 2013-05-28] (ThreatTrack Security, Inc.)
R2 SerresEndpointAgent; C:\Program Files\Microsoft Cloud App Discovery\Endpoint Agent\Microsoft.CloudAppDiscovery.EndpointAgent.Launcher.exe [22776 2015-05-03] (Microsoft CoreXT)
S3 spiceworks; C:\Program Files (x86)\Spiceworks\bin\spiceworks.exe [46912 2013-06-03] (Spiceworks, Inc.)
S3 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [612864 2012-12-29] (Microsoft Corporation)
R2 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [608696 2012-06-12] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [126976 2012-07-25] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448976 2015-04-17] (TeamViewer GmbH)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R2 TFSBuildServiceHost.2012; C:\Program Files\Microsoft Team Foundation Server 11.0\Tools\TFSBuildServiceHost.exe [363024 2012-11-06] (Microsoft Corporation)
R2 TFSJobAgent; C:\Program Files\Microsoft Team Foundation Server 11.0\Application Tier\TfsJobAgent\TfsJobAgent.exe [41432 2012-11-06] (Microsoft Corporation)
R2 vmms; C:\Windows\system32\vmms.exe [13392384 2014-03-04] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-28] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2013-10-28] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-30] (Microsoft Corporation)
R2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2013-10-28] (Microsoft Corporation)
S3 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\PocketCloudService.exe [191488 2012-11-05] () [File not signed]
S3 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud Windows Companion\WyseRemoteAccess.exe [1436160 2012-11-05] (Wyse Technology.) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DisplayLinkUsbIo_x64; C:\Windows\system32\DRIVERS\DisplayLinkUsbIo_x64_7.4.51572.0.sys [46384 2013-10-08] ()
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security)
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2014-05-01] (GFI Software)
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R1 hvservice; C:\Windows\System32\drivers\hvservice.sys [68960 2013-10-28] (Microsoft Corporation)
S3 libusbK; C:\Windows\System32\drivers\libusbK.sys [47200 2014-05-16] (http://libusb-win32.sourceforge.net)
S3 lunparser; C:\Windows\System32\drivers\lunparser.sys [19456 2013-10-28] (Microsoft Corporation)
R3 LVPr2M64; C:\Windows\system32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
R3 ManyCam; C:\Windows\system32\DRIVERS\mcvidrv.sys [49312 2014-11-10] (Visicom Media Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-02] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 mcaudrv_simple; C:\Windows\system32\drivers\mcaudrv_x64.sys [35232 2013-12-06] (Visicom Media Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2012-05-03] (CACE Technologies, Inc.)
S3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [22016 2013-10-28] (Microsoft Corporation)
R0 phylock; C:\Windows\System32\drivers\phylock.sys [28256 2009-12-04] (TeraByte, Inc.)
S3 pvhdparser; C:\Windows\System32\drivers\pvhdparser.sys [27136 2013-10-28] (Microsoft Corporation)
S4 RsFx0200; C:\Windows\System32\DRIVERS\RsFx0200.sys [334936 2012-02-11] (Microsoft Corporation)
S4 RsFx0201; C:\Windows\System32\DRIVERS\RsFx0201.sys [336880 2012-10-20] (Microsoft Corporation)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
R3 SerresWfp; C:\Windows\System32\Drivers\SerresWfp.sys [56464 2015-04-30] (Microsoft Corporation)
S3 swiwdmbx; C:\Windows\System32\drivers\swiwdmbx.sys [114424 2014-03-18] (Sierra Wireless Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [37624 2015-05-04] ()
S3 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [18944 2014-01-27] (Microsoft Corporation)
R3 VMSMP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-03-04] (Microsoft Corporation)
S3 VMSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-03-04] (Microsoft Corporation)
S3 VMSVSF; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-03-04] (Microsoft Corporation)
S3 VMSVSP; C:\Windows\system32\DRIVERS\vmswitch.sys [691200 2014-03-04] (Microsoft Corporation)
S3 VSPerfDrv110; C:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [70264 2012-07-13] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-30] (Microsoft Corporation)
S3 wmbclass; C:\Windows\System32\drivers\wmbclass.sys [268288 2013-11-01] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 11:44 - 2015-05-15 11:47 - 00000000 ____D () C:\FRST
2015-05-15 10:53 - 2015-05-15 10:53 - 00831084 _____ () C:\Users\Jon\Desktop\JOY-PC.ZIP
2015-05-15 05:44 - 2015-05-15 05:44 - 00003644 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1d0402473c77ee7
2015-05-12 18:19 - 2015-05-12 18:20 - 00000000 ____D () C:\Users\Jon\Documents\WPA Files
2015-05-12 16:51 - 2015-05-12 16:52 - 00000000 ____D () C:\Users\Jon\Downloads\GHOST
2015-05-11 14:14 - 2015-05-11 14:14 - 00003845 _____ () C:\Users\Jon\Downloads\MSP Experts- Three Killer Procedures That Will Make You More Profitable Today.ics
2015-05-11 13:02 - 2015-05-11 13:38 - 00011499 _____ () C:\Users\Jon\Downloads\time_export.csv
2015-05-11 12:59 - 2015-05-11 12:59 - 00013559 _____ () C:\Users\Jon\Downloads\time_export (2).xlsx
2015-05-08 12:18 - 2015-05-08 12:19 - 20559548 _____ () C:\Users\Jon\Downloads\Phalanger 3.0.0.4072 (setup).zip
2015-05-07 19:26 - 2015-05-07 19:26 - 18735537 _____ () C:\Users\Jon\Downloads\Windows8.1-KB3049508-x64.msu
2015-05-07 18:40 - 2015-05-08 10:12 - 00000000 ____D () C:\Users\Jon\AppData\Local\Temporary Projects
2015-05-07 18:29 - 2015-05-07 18:29 - 04350748 _____ () C:\Users\Jon\Downloads\email.net_100.msi
2015-05-07 18:12 - 2015-05-11 17:43 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Star2Star
2015-05-07 16:51 - 2015-05-07 16:51 - 07183689 _____ () C:\Users\Jon\Downloads\osTicket-v1.9.7.zip
2015-05-07 13:30 - 2015-05-08 14:45 - 00014956 _____ () C:\Users\Jon\Documents\tblReceiptData.xlsx
2015-05-07 13:30 - 2015-05-07 13:30 - 00011169 _____ () C:\Users\Jon\Documents\Backup of tblReceiptData.xlk
2015-05-06 16:51 - 2015-05-08 10:58 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\Notepad++
2015-05-06 14:47 - 2015-05-09 20:55 - 00000892 _____ () C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-05-06 14:47 - 2015-05-06 14:47 - 00003846 _____ () C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-05-05 17:26 - 2015-05-05 17:26 - 00000422 _____ () C:\Users\Jon\Downloads\tvcontrol (4).tvc
2015-05-05 17:20 - 2015-05-05 17:20 - 00000422 _____ () C:\Users\Jon\Downloads\tvcontrol (3).tvc
2015-05-05 17:05 - 2015-05-05 17:05 - 00000422 _____ () C:\Users\Jon\Downloads\tvcontrol (2).tvc
2015-05-05 14:49 - 2015-05-05 14:49 - 00000619 _____ () C:\Users\Jon\Downloads\mandrill_activity.csv
2015-05-05 13:38 - 2015-05-05 13:38 - 00000422 _____ () C:\Users\Jon\Downloads\tvcontrol (1).tvc
2015-05-04 17:19 - 2015-05-04 17:19 - 00000000 __RHD () C:\MSOCache
2015-05-04 16:35 - 2015-05-04 16:35 - 00000000 __SHD () C:\Users\Jon\AppData\Local\EmieUserList
2015-05-04 16:35 - 2015-05-04 16:35 - 00000000 __SHD () C:\Users\Jon\AppData\Local\EmieSiteList
2015-05-04 15:54 - 2015-05-04 15:54 - 00008520 _____ () C:\Users\Jon\Downloads\time_export (1).xlsx
2015-05-04 15:49 - 2015-05-04 15:49 - 00011341 _____ () C:\Users\Jon\Downloads\time_export.xlsx
2015-05-04 13:52 - 2015-05-04 13:52 - 00000143 _____ () C:\Windows\setupact.log
2015-05-04 13:52 - 2015-05-04 13:52 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-04 13:43 - 2015-05-04 13:43 - 00000000 ____D () C:\Windows\pss
2015-05-04 13:14 - 2015-05-04 13:14 - 00000000 ____D () C:\tts
2015-05-04 11:21 - 2015-05-04 11:21 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-05-04 11:21 - 2015-05-04 11:21 - 00001047 _____ () C:\Users\Public\Desktop\TeamViewer 10.lnk
2015-05-04 11:19 - 2015-05-04 13:59 - 00000000 ____D () C:\Users\Jon\AppData\Local\Google
2015-05-04 10:56 - 2015-05-04 13:23 - 00000000 ____D () C:\AdwCleaner
2015-05-02 22:34 - 2015-05-04 11:32 - 05062296 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-02 22:34 - 2015-05-02 22:34 - 00000368 _____ () C:\Windows\PFRO.log
2015-05-02 22:23 - 2015-05-02 22:23 - 00052320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\90447678.sys
2015-05-02 22:09 - 2015-05-02 22:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 22:09 - 2015-05-02 22:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-02 22:09 - 2015-05-02 22:09 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-02 22:09 - 2015-05-02 22:09 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-02 22:09 - 2015-04-14 09:38 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-02 22:09 - 2015-04-14 09:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-02 22:09 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-02 18:56 - 2015-05-15 08:56 - 01522296 _____ () C:\Windows\WindowsUpdate.log
2015-05-02 16:19 - 2015-05-02 16:19 - 00000000 ____D () C:\Quarantine
2015-05-02 16:18 - 2015-05-02 16:20 - 00000000 ____D () C:\Program Files (x86)\stinger
2015-05-02 16:11 - 2015-05-03 23:08 - 00000000 ____D () C:\AntiMalware
2015-05-02 16:09 - 2015-05-02 16:11 - 556113319 _____ (Igor Pavlov) C:\Users\Jon\Downloads\Tron v6.3.3 (2015-04-28) (1).exe
2015-05-02 16:05 - 2015-05-02 16:05 - 00000408 _____ () C:\ProgramData\Coinstaller.log
2015-05-01 17:04 - 2015-05-01 17:04 - 06977864 _____ (TeamViewer GmbH) C:\Users\Katie.CODE8\Downloads\TeamViewer_Setup.exe
2015-05-01 13:37 - 2015-05-01 13:37 - 00000000 ____D () C:\Users\Default\Documents\Visual Studio 2013
2015-05-01 13:37 - 2015-05-01 13:37 - 00000000 ____D () C:\Users\Default User\Documents\Visual Studio 2013
2015-05-01 12:58 - 2014-02-22 11:53 - 03394384 _____ (Microsoft Corporation) C:\Windows\system32\WSService.dll
2015-05-01 12:58 - 2014-02-22 11:46 - 01927600 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2015-05-01 12:58 - 2014-02-22 11:44 - 00311640 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2015-05-01 12:58 - 2014-02-22 11:41 - 02142976 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-05-01 12:58 - 2014-02-22 10:04 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-05-01 12:58 - 2014-02-22 08:15 - 04192768 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-01 12:58 - 2014-02-22 08:08 - 00630784 _____ (Microsoft Corporation) C:\Windows\system32\OobeFldr.dll
2015-05-01 12:58 - 2014-02-22 07:44 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-01 12:58 - 2014-02-22 07:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-01 12:58 - 2014-02-22 07:17 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-01 12:58 - 2014-02-22 07:17 - 00630272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OobeFldr.dll
2015-05-01 12:58 - 2014-02-22 07:00 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-01 12:58 - 2014-02-22 06:44 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-01 12:58 - 2014-02-22 06:36 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-01 12:58 - 2014-02-22 06:36 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-01 12:58 - 2014-02-22 06:34 - 11742720 _____ (Microsoft Corporation) C:\Windows\system32\glcndFilter.dll
2015-05-01 12:58 - 2014-02-22 06:33 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-01 12:58 - 2014-02-22 06:02 - 08946688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\glcndFilter.dll
2015-05-01 12:58 - 2014-02-22 06:00 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-01 12:58 - 2014-02-22 05:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-01 12:58 - 2014-02-22 05:39 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-01 12:58 - 2014-02-22 05:33 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-01 12:58 - 2014-02-22 05:33 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-01 12:58 - 2014-02-22 05:11 - 02262016 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-01 12:58 - 2014-02-22 04:49 - 08874496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2015-05-01 12:58 - 2014-02-22 04:49 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-01 12:58 - 2014-02-22 04:32 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-01 12:58 - 2014-02-22 04:27 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-01 12:58 - 2014-02-07 21:08 - 00139600 _____ () C:\Windows\system32\systemsf.ebd
2015-05-01 12:57 - 2014-02-22 12:59 - 01519520 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 01290688 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 00526304 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 00461176 _____ (Microsoft Corporation) C:\Windows\system32\WerFault.exe
2015-05-01 12:57 - 2014-02-22 12:59 - 00407536 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 00289752 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 00209160 _____ (Microsoft Corporation) C:\Windows\system32\imm32.dll
2015-05-01 12:57 - 2014-02-22 12:59 - 00139464 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2015-05-01 12:57 - 2014-02-22 12:59 - 00123448 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-01 12:57 - 2014-02-22 12:15 - 01929608 _____ (Microsoft Corporation) C:\Windows\system32\setupapi.dll
2015-05-01 12:57 - 2014-02-22 12:15 - 01206000 _____ (Microsoft Corporation) C:\Windows\system32\Taskmgr.exe
2015-05-01 12:57 - 2014-02-22 12:15 - 00531128 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-01 12:57 - 2014-02-22 12:15 - 00275312 _____ (Microsoft Corporation) C:\Windows\system32\powrprof.dll
2015-05-01 12:57 - 2014-02-22 12:15 - 00188464 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2015-05-01 12:57 - 2014-02-22 12:02 - 00170952 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2015-05-01 12:57 - 2014-02-22 12:02 - 00083120 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-05-01 12:57 - 2014-02-22 12:02 - 00080048 _____ (Microsoft Corporation) C:\Windows\system32\taskhostex.exe
2015-05-01 12:57 - 2014-02-22 12:00 - 00590168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-05-01 12:57 - 2014-02-22 12:00 - 00249688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdyboost.sys
2015-05-01 12:57 - 2014-02-22 12:00 - 00236888 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-05-01 12:57 - 2014-02-22 12:00 - 00151384 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-05-01 12:57 - 2014-02-22 12:00 - 00079192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fileinfo.sys
2015-05-01 12:57 - 2014-02-22 11:59 - 00032088 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2015-05-01 12:57 - 2014-02-22 11:55 - 01435304 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-05-01 12:57 - 2014-02-22 11:55 - 00388408 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-05-01 12:57 - 2014-02-22 11:55 - 00244848 _____ (Microsoft Corporation) C:\Windows\system32\sppwinob.dll
2015-05-01 12:57 - 2014-02-22 11:55 - 00152848 _____ (Microsoft Corporation) C:\Windows\system32\bcrypt.dll
2015-05-01 12:57 - 2014-02-22 11:55 - 00105864 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2015-05-01 12:57 - 2014-02-22 11:50 - 02588168 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2015-05-01 12:57 - 2014-02-22 11:50 - 00761792 _____ (Microsoft Corporation) C:\Windows\system32\iuilp.dll
2015-05-01 12:57 - 2014-02-22 11:50 - 00645104 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-05-01 12:57 - 2014-02-22 11:50 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-05-01 12:57 - 2014-02-22 11:50 - 00258784 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-05-01 12:57 - 2014-02-22 11:50 - 00043408 _____ (Microsoft Corporation) C:\Windows\system32\CloudNotifications.exe
2015-05-01 12:57 - 2014-02-22 11:49 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2015-05-01 12:57 - 2014-02-22 11:49 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-05-01 12:57 - 2014-02-22 11:49 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-05-01 12:57 - 2014-02-22 11:49 - 00280920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2015-05-01 12:57 - 2014-02-22 11:49 - 00148824 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-05-01 12:57 - 2014-02-22 11:49 - 00146776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2015-05-01 12:57 - 2014-02-22 11:48 - 02574240 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-05-01 12:57 - 2014-02-22 11:48 - 01791752 ____C (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2015-05-01 12:57 - 2014-02-22 11:48 - 00210736 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2015-05-01 12:57 - 2014-02-22 11:46 - 01445616 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2015-05-01 12:57 - 2014-02-22 11:46 - 01000424 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2015-05-01 12:57 - 2014-02-22 11:46 - 00669896 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-01 12:57 - 2014-02-22 11:44 - 00924504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\refs.sys
2015-05-01 12:57 - 2014-02-22 11:44 - 00539992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2015-05-01 12:57 - 2014-02-22 11:44 - 00424280 _____ (Microsoft Corporation) C:\Windows\system32\hal.dll
2015-05-01 12:57 - 2014-02-22 11:44 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2015-05-01 12:57 - 2014-02-22 11:43 - 01727760 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-01 12:57 - 2014-02-22 11:43 - 01659056 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-01 12:57 - 2014-02-22 11:43 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-01 12:57 - 2014-02-22 11:43 - 01487520 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-01 12:57 - 2014-02-22 11:43 - 01356360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-01 12:57 - 2014-02-22 11:43 - 00142576 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-01 12:57 - 2014-02-22 11:41 - 01399176 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 01374384 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 01215832 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00800552 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00609456 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00391008 _____ (Microsoft Corporation) C:\Windows\system32\MMDevAPI.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00372360 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2015-05-01 12:57 - 2014-02-22 11:41 - 00324896 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2015-05-01 12:57 - 2014-02-22 11:40 - 01118552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-05-01 12:57 - 2014-02-22 10:52 - 01767440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupapi.dll
2015-05-01 12:57 - 2014-02-22 10:51 - 01063976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Taskmgr.exe
2015-05-01 12:57 - 2014-02-22 10:51 - 00140456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2015-05-01 12:57 - 2014-02-22 10:42 - 01017936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-01 12:57 - 2014-02-22 10:42 - 00422968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-05-01 12:57 - 2014-02-22 10:42 - 00410568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
2015-05-01 12:57 - 2014-02-22 10:42 - 00369288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-05-01 12:57 - 2014-02-22 10:42 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2015-05-01 12:57 - 2014-02-22 10:42 - 00098072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-01 12:57 - 2014-02-22 10:38 - 01374384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2015-05-01 12:57 - 2014-02-22 10:38 - 01077944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2015-05-01 12:57 - 2014-02-22 10:38 - 00506120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2015-05-01 12:57 - 2014-02-22 10:38 - 00336232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-05-01 12:57 - 2014-02-22 10:38 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2015-05-01 12:57 - 2014-02-22 10:25 - 02410496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-05-01 12:57 - 2014-02-22 10:25 - 00180240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2015-05-01 12:57 - 2014-02-22 10:18 - 00477744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-05-01 12:57 - 2014-02-22 10:18 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-05-01 12:57 - 2014-02-22 10:18 - 00041320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudNotifications.exe
2015-05-01 12:57 - 2014-02-22 10:11 - 00490136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-01 12:57 - 2014-02-22 10:08 - 01474104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 01206000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 01011280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00650736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00518552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00317584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00296448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MMDevAPI.dll
2015-05-01 12:57 - 2014-02-22 10:04 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-05-01 12:57 - 2014-02-22 08:24 - 02825216 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-05-01 12:57 - 2014-02-22 08:22 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll
2015-05-01 12:57 - 2014-02-22 08:20 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2015-05-01 12:57 - 2014-02-22 08:14 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2015-05-01 12:57 - 2014-02-22 08:14 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\luafv.sys
2015-05-01 12:57 - 2014-02-22 08:14 - 00033280 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\BasicRender.sys
2015-05-01 12:57 - 2014-02-22 08:11 - 00272896 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-05-01 12:57 - 2014-02-22 08:09 - 00663040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-01 12:57 - 2014-02-22 08:07 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 12:57 - 2014-02-22 08:07 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\WofUtil.dll
2015-05-01 12:57 - 2014-02-22 08:07 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\clrhost.dll
2015-05-01 12:57 - 2014-02-22 08:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 12:57 - 2014-02-22 07:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\slc.dll
2015-05-01 12:57 - 2014-02-22 07:54 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\sppc.dll
2015-05-01 12:57 - 2014-02-22 07:50 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-05-01 12:57 - 2014-02-22 07:47 - 00236544 _____ (Microsoft Corporation) C:\Windows\system32\vdsbas.dll
2015-05-01 12:57 - 2014-02-22 07:46 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-01 12:57 - 2014-02-22 07:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-05-01 12:57 - 2014-02-22 07:41 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\PkgMgr.exe
2015-05-01 12:57 - 2014-02-22 07:34 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\dmdskmgr.dll
2015-05-01 12:57 - 2014-02-22 07:28 - 02428928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-05-01 12:57 - 2014-02-22 07:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\recimg.exe
2015-05-01 12:57 - 2014-02-22 07:25 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\DWWIN.EXE
2015-05-01 12:57 - 2014-02-22 07:22 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-01 12:57 - 2014-02-22 07:20 - 00598528 _____ (Microsoft Corporation) C:\Windows\system32\dcdiag.exe
2015-05-01 12:57 - 2014-02-22 07:16 - 00617472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-01 12:57 - 2014-02-22 07:16 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\zipfldr.dll
2015-05-01 12:57 - 2014-02-22 07:16 - 00012288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clrhost.dll
2015-05-01 12:57 - 2014-02-22 07:15 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imm32.dll
2015-05-01 12:57 - 2014-02-22 07:06 - 00148992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slc.dll
2015-05-01 12:57 - 2014-02-22 07:05 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\RASMM.dll
2015-05-01 12:57 - 2014-02-22 07:05 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sppc.dll
2015-05-01 12:57 - 2014-02-22 07:01 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-05-01 12:57 - 2014-02-22 07:01 - 00112640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-05-01 12:57 - 2014-02-22 07:00 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-01 12:57 - 2014-02-22 06:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-01 12:57 - 2014-02-22 06:58 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-01 12:57 - 2014-02-22 06:57 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-05-01 12:57 - 2014-02-22 06:56 - 02862592 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2015-05-01 12:57 - 2014-02-22 06:56 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\srchadmin.dll
2015-05-01 12:57 - 2014-02-22 06:54 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-01 12:57 - 2014-02-22 06:52 - 02288640 _____ (Microsoft Corporation) C:\Windows\system32\SyncCenter.dll
2015-05-01 12:57 - 2014-02-22 06:52 - 00331264 _____ (Microsoft Corporation) C:\Windows\system32\newdev.dll
2015-05-01 12:57 - 2014-02-22 06:50 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\cscui.dll
2015-05-01 12:57 - 2014-02-22 06:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\dfp.exe
2015-05-01 12:57 - 2014-02-22 06:46 - 01704960 _____ (Microsoft Corporation) C:\Windows\system32\dnsmgr.dll
2015-05-01 12:57 - 2014-02-22 06:41 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2015-05-01 12:57 - 2014-02-22 06:41 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-05-01 12:57 - 2014-02-22 06:41 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\netid.dll
2015-05-01 12:57 - 2014-02-22 06:40 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWWIN.EXE
2015-05-01 12:57 - 2014-02-22 06:39 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-05-01 12:57 - 2014-02-22 06:38 - 00390656 _____ (Microsoft Corporation) C:\Windows\system32\DfpCommon.dll
2015-05-01 12:57 - 2014-02-22 06:37 - 00912384 _____ (Microsoft Corporation) C:\Windows\system32\nettrace.dll
2015-05-01 12:57 - 2014-02-22 06:36 - 00441344 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-05-01 12:57 - 2014-02-22 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-01 12:57 - 2014-02-22 06:29 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\dnscmd.exe
2015-05-01 12:57 - 2014-02-22 06:27 - 00397824 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2015-05-01 12:57 - 2014-02-22 06:25 - 01428480 _____ (Microsoft Corporation) C:\Windows\system32\RecoveryDrive.exe
2015-05-01 12:57 - 2014-02-22 06:22 - 00606208 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-05-01 12:57 - 2014-02-22 06:18 - 01305600 _____ (Microsoft Corporation) C:\Windows\system32\dcpromocmd.dll
2015-05-01 12:57 - 2014-02-22 06:18 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-05-01 12:57 - 2014-02-22 06:18 - 00722432 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2015-05-01 12:57 - 2014-02-22 06:18 - 00488448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-05-01 12:57 - 2014-02-22 06:17 - 00693248 _____ (Microsoft Corporation) C:\Windows\system32\fhcfg.dll
2015-05-01 12:57 - 2014-02-22 06:16 - 01660416 _____ (Microsoft Corporation) C:\Windows\system32\dcpromoui.dll
2015-05-01 12:57 - 2014-02-22 06:15 - 01543680 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2015-05-01 12:57 - 2014-02-22 06:14 - 02811392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2015-05-01 12:57 - 2014-02-22 06:14 - 02165760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncCenter.dll
2015-05-01 12:57 - 2014-02-22 06:14 - 00376320 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2015-05-01 12:57 - 2014-02-22 06:13 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\sdclt.exe
2015-05-01 12:57 - 2014-02-22 06:12 - 00797696 _____ (Microsoft Corporation) C:\Windows\system32\PurchaseWindowsLicense.dll
2015-05-01 12:57 - 2014-02-22 06:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-05-01 12:57 - 2014-02-22 06:09 - 01224192 _____ (Microsoft Corporation) C:\Windows\system32\werconcpl.dll
2015-05-01 12:57 - 2014-02-22 06:09 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-01 12:57 - 2014-02-22 06:08 - 00997888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2015-05-01 12:57 - 2014-02-22 06:06 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-05-01 12:57 - 2014-02-22 06:05 - 01757184 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2015-05-01 12:57 - 2014-02-22 06:04 - 00935424 _____ (Microsoft Corporation) C:\Windows\system32\rasgcw.dll
2015-05-01 12:57 - 2014-02-22 06:04 - 00483840 _____ (Microsoft Corporation) C:\Windows\system32\WLanConn.dll
2015-05-01 12:57 - 2014-02-22 06:03 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-05-01 12:57 - 2014-02-22 06:02 - 00258560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-05-01 12:57 - 2014-02-22 06:01 - 02648064 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2015-05-01 12:57 - 2014-02-22 06:01 - 01227776 _____ (Microsoft Corporation) C:\Windows\system32\usercpl.dll
2015-05-01 12:57 - 2014-02-22 06:01 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2015-05-01 12:57 - 2014-02-22 06:01 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-05-01 12:57 - 2014-02-22 06:00 - 00217600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-05-01 12:57 - 2014-02-22 05:59 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2015-05-01 12:57 - 2014-02-22 05:57 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\lsm.dll
2015-05-01 12:57 - 2014-02-22 05:55 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-01 12:57 - 2014-02-22 05:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-05-01 12:57 - 2014-02-22 05:53 - 00825344 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2015-05-01 12:57 - 2014-02-22 05:52 - 01132032 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-05-01 12:57 - 2014-02-22 05:48 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-01 12:57 - 2014-02-22 05:48 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-05-01 12:57 - 2014-02-22 05:47 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2015-05-01 12:57 - 2014-02-22 05:46 - 00528896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-05-01 12:57 - 2014-02-22 05:45 - 00562176 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-05-01 12:57 - 2014-02-22 05:45 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wimserv.exe
2015-05-01 12:57 - 2014-02-22 05:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-01 12:57 - 2014-02-22 05:45 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2015-05-01 12:57 - 2014-02-22 05:44 - 00675328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-05-01 12:57 - 2014-02-22 05:44 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-01 12:57 - 2014-02-22 05:43 - 00107008 _____ (Microsoft Corporation) C:\Windows\system32\wersvc.dll
2015-05-01 12:57 - 2014-02-22 05:40 - 02537472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-05-01 12:57 - 2014-02-22 05:40 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-01 12:57 - 2014-02-22 05:38 - 00753664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2015-05-01 12:57 - 2014-02-22 05:37 - 02220032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-05-01 12:57 - 2014-02-22 05:36 - 01392640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2015-05-01 12:57 - 2014-02-22 05:36 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\Dism.exe
2015-05-01 12:57 - 2014-02-22 05:35 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-01 12:57 - 2014-02-22 05:35 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WofTasks.dll
2015-05-01 12:57 - 2014-02-22 05:34 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\energy.dll
2015-05-01 12:57 - 2014-02-22 05:34 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\dwmredir.dll
2015-05-01 12:57 - 2014-02-22 05:33 - 00653312 _____ (Microsoft Corporation) C:\Windows\system32\DismApi.dll
2015-05-01 12:57 - 2014-02-22 05:32 - 01162752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usercpl.dll
2015-05-01 12:57 - 2014-02-22 05:31 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-05-01 12:57 - 2014-02-22 05:28 - 02643456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-05-01 12:57 - 2014-02-22 05:28 - 00176128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-05-01 12:57 - 2014-02-22 05:26 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-05-01 12:57 - 2014-02-22 05:26 - 00366080 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 00449024 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 00399872 _____ (Microsoft Corporation) C:\Windows\system32\das.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 00269824 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.HumanInterfaceDevice.dll
2015-05-01 12:57 - 2014-02-22 05:25 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\wscinterop.dll
2015-05-01 12:57 - 2014-02-22 05:24 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\wimgapi.dll
2015-05-01 12:57 - 2014-02-22 05:23 - 03494912 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-05-01 12:57 - 2014-02-22 05:23 - 02843136 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-05-01 12:57 - 2014-02-22 05:23 - 01576960 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-05-01 12:57 - 2014-02-22 05:23 - 00628224 _____ (Microsoft Corporation) C:\Windows\system32\msTextPrediction.dll
2015-05-01 12:57 - 2014-02-22 05:23 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-01 12:57 - 2014-02-22 05:21 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2015-05-01 12:57 - 2014-02-22 05:18 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\UserLanguagesCpl.dll
2015-05-01 12:57 - 2014-02-22 05:16 - 11776000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-01 12:57 - 2014-02-22 05:15 - 00211968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Dism.exe
2015-05-01 12:57 - 2014-02-22 05:14 - 00752640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-01 12:57 - 2014-02-22 05:14 - 00584704 _____ (Microsoft Corporation) C:\Windows\system32\StructuredQuery.dll
2015-05-01 12:57 - 2014-02-22 05:13 - 01728000 _____ (Microsoft Corporation) C:\Windows\system32\dui70.dll
2015-05-01 12:57 - 2014-02-22 05:12 - 00459776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DismApi.dll
2015-05-01 12:57 - 2014-02-22 05:11 - 02395136 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2015-05-01 12:57 - 2014-02-22 05:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.OnlineId.dll
2015-05-01 12:57 - 2014-02-22 05:10 - 00747008 _____ (Microsoft Corporation) C:\Windows\system32\wlidcli.dll
2015-05-01 12:57 - 2014-02-22 05:10 - 00569856 _____ (Microsoft Corporation) C:\Windows\system32\wpncore.dll
2015-05-01 12:57 - 2014-02-22 05:09 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\dwm.exe
2015-05-01 12:57 - 2014-02-22 05:08 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.HumanInterfaceDevice.dll
2015-05-01 12:57 - 2014-02-22 05:07 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2015-05-01 12:57 - 2014-02-22 05:07 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wimgapi.dll
2015-05-01 12:57 - 2014-02-22 05:06 - 01035264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-05-01 12:57 - 2014-02-22 05:04 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-05-01 12:57 - 2014-02-22 05:04 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2015-05-01 12:57 - 2014-02-22 05:02 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\PlayToManager.dll
2015-05-01 12:57 - 2014-02-22 05:01 - 13933568 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-01 12:57 - 2014-02-22 05:00 - 01341440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dui70.dll
2015-05-01 12:57 - 2014-02-22 05:00 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StructuredQuery.dll
2015-05-01 12:57 - 2014-02-22 04:59 - 01621504 _____ (Microsoft Corporation) C:\Windows\system32\RacEngn.dll
2015-05-01 12:57 - 2014-02-22 04:59 - 01403392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2015-05-01 12:57 - 2014-02-22 04:59 - 00791552 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2015-05-01 12:57 - 2014-02-22 04:59 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2015-05-01 12:57 - 2014-02-22 04:55 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2015-05-01 12:57 - 2014-02-22 04:54 - 00647168 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2015-05-01 12:57 - 2014-02-22 04:54 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2015-05-01 12:57 - 2014-02-22 04:54 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\wlidcredprov.dll
2015-05-01 12:57 - 2014-02-22 04:54 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-05-01 12:57 - 2014-02-22 04:53 - 12027904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2015-05-01 12:57 - 2014-02-22 04:53 - 00876544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll
2015-05-01 12:57 - 2014-02-22 04:52 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\WSClient.dll
2015-05-01 12:57 - 2014-02-22 04:52 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2015-05-01 12:57 - 2014-02-22 04:51 - 01258496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RacEngn.dll
2015-05-01 12:57 - 2014-02-22 04:51 - 00716288 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-05-01 12:57 - 2014-02-22 04:51 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2015-05-01 12:57 - 2014-02-22 04:50 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2015-05-01 12:57 - 2014-02-22 04:49 - 00755200 _____ (Microsoft Corporation) C:\Windows\system32\msctfuimanager.dll
2015-05-01 12:57 - 2014-02-22 04:48 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-05-01 12:57 - 2014-02-22 04:48 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\BioCredProv.dll
2015-05-01 12:57 - 2014-02-22 04:47 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\WlanMM.dll
2015-05-01 12:57 - 2014-02-22 04:47 - 00517120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2015-05-01 12:57 - 2014-02-22 04:47 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2015-05-01 12:57 - 2014-02-22 04:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\AltTab.dll
2015-05-01 12:57 - 2014-02-22 04:46 - 00824832 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-01 12:57 - 2014-02-22 04:45 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-05-01 12:57 - 2014-02-22 04:45 - 00169472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSClient.dll
2015-05-01 12:57 - 2014-02-22 04:44 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2015-05-01 12:57 - 2014-02-22 04:44 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-05-01 12:57 - 2014-02-22 04:44 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2015-05-01 12:57 - 2014-02-22 04:43 - 00644608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-05-01 12:57 - 2014-02-22 04:43 - 00469504 _____ (Microsoft Corporation) C:\Windows\system32\taskeng.exe
2015-05-01 12:57 - 2014-02-22 04:43 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveShell.dll
2015-05-01 12:57 - 2014-02-22 04:43 - 00117760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2015-05-01 12:57 - 2014-02-22 04:42 - 03408384 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-01 12:57 - 2014-02-22 04:42 - 00943104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WlanMM.dll
2015-05-01 12:57 - 2014-02-22 04:42 - 00709120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctfuimanager.dll
2015-05-01 12:57 - 2014-02-22 04:42 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2015-05-01 12:57 - 2014-02-22 04:41 - 00662528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-01 12:57 - 2014-02-22 04:40 - 02368512 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-05-01 12:57 - 2014-02-22 04:40 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\fhcpl.dll
2015-05-01 12:57 - 2014-02-22 04:40 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2015-05-01 12:57 - 2014-02-22 04:39 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.dll
2015-05-01 12:57 - 2014-02-22 04:38 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-01 12:57 - 2014-02-22 04:38 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SkyDriveShell.dll
2015-05-01 12:57 - 2014-02-22 04:37 - 01716736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-05-01 12:57 - 2014-02-22 04:37 - 00658432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-05-01 12:57 - 2014-02-22 04:36 - 00232448 _____ (Microsoft Corporation) C:\Windows\system32\InputSwitch.dll
2015-05-01 12:57 - 2014-02-22 04:35 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-01 12:57 - 2014-02-22 04:34 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-05-01 12:57 - 2014-02-22 04:34 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2015-05-01 12:57 - 2014-02-22 04:33 - 00609792 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-05-01 12:57 - 2014-02-22 04:31 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-05-01 12:57 - 2014-02-22 04:29 - 00191488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputSwitch.dll
2015-05-01 12:57 - 2014-02-22 04:24 - 02760704 _____ (Microsoft Corporation) C:\Windows\system32\wpccpl.dll
2015-05-01 12:57 - 2014-02-22 04:24 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\MrmIndexer.dll
2015-05-01 12:57 - 2014-02-22 04:22 - 00777728 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2015-05-01 12:57 - 2014-02-22 04:22 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-01 12:57 - 2014-02-22 04:21 - 00854528 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-05-01 12:57 - 2014-02-22 04:21 - 00600576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2015-05-01 12:57 - 2014-02-22 04:21 - 00518144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmIndexer.dll
2015-05-01 12:57 - 2014-02-22 04:19 - 00698880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-05-01 12:57 - 2014-02-22 04:18 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2015-05-01 12:57 - 2014-02-22 04:17 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2015-05-01 12:57 - 2014-02-22 04:06 - 01640960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2015-05-01 12:57 - 2014-02-22 04:04 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2015-05-01 12:57 - 2014-02-22 04:03 - 01496576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2015-05-01 12:57 - 2014-02-22 04:01 - 00978944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2015-05-01 12:57 - 2014-02-22 04:01 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\WWAHost.exe
2015-05-01 12:57 - 2014-02-22 04:00 - 00514560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
2015-05-01 12:57 - 2014-02-22 00:33 - 00262335 _____ () C:\Windows\system32\dfpinc.dat
2015-05-01 12:57 - 2014-02-02 10:48 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-01 12:57 - 2014-02-02 09:33 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-01 12:57 - 2014-01-31 05:55 - 03596800 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-05-01 12:57 - 2014-01-31 05:35 - 03085824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-05-01 12:57 - 2014-01-31 05:15 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-05-01 12:57 - 2014-01-31 05:10 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Connectivity.dll
2015-05-01 12:57 - 2014-01-31 05:04 - 00409600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Connectivity.dll
2015-05-01 12:57 - 2014-01-31 04:18 - 01185280 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2015-05-01 12:57 - 2014-01-29 04:53 - 01653352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-01 12:57 - 2014-01-29 04:52 - 00551256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-05-01 12:57 - 2014-01-29 03:44 - 01369736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-01 12:57 - 2014-01-28 20:36 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\rascustom.dll
2015-05-01 12:57 - 2014-01-28 20:17 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Vpn.dll
2015-05-01 12:57 - 2014-01-27 13:04 - 01311744 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2015-05-01 12:57 - 2014-01-27 13:01 - 00315904 _____ (Microsoft Corporation) C:\Windows\system32\synthstor.dll
2015-05-01 12:57 - 2014-01-27 11:38 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-05-01 12:57 - 2014-01-17 13:24 - 00388096 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-05-01 12:57 - 2014-01-17 13:04 - 00292864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-05-01 12:57 - 2014-01-07 21:30 - 00745328 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-01 12:57 - 2014-01-07 20:33 - 00552632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-01 12:57 - 2013-12-10 03:35 - 00530944 _____ (Microsoft Corporation) C:\Windows\system32\AppReadiness.dll
2015-05-01 12:57 - 2013-12-04 11:54 - 00660480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-05-01 12:57 - 2013-12-04 11:16 - 00546304 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2015-05-01 12:57 - 2013-12-04 09:53 - 00473600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2015-05-01 12:57 - 2013-11-10 19:41 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\vmrdvcore.dll
2015-05-01 12:56 - 2014-02-22 12:58 - 00036200 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-05-01 12:56 - 2014-02-22 12:15 - 00071888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpfve.sys
2015-05-01 12:56 - 2014-02-22 11:59 - 00027480 _____ (Microsoft Corporation) C:\Windows\system32\SysResetErr.exe
2015-05-01 12:56 - 2014-02-22 11:55 - 00162176 _____ (Microsoft Corporation) C:\Windows\system32\AuthHost.exe
2015-05-01 12:56 - 2014-02-22 11:55 - 00131168 _____ (Microsoft Corporation) C:\Windows\system32\easinvoker.exe
2015-05-01 12:56 - 2014-02-22 11:53 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-01 12:56 - 2014-02-22 11:50 - 00101216 _____ (Microsoft Corporation) C:\Windows\system32\RestoreOptIn.exe
2015-05-01 12:56 - 2014-02-22 11:50 - 00054816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wpcfltr.sys
2015-05-01 12:56 - 2014-02-22 11:50 - 00032544 _____ (Microsoft Corporation) C:\Windows\system32\UserAccountBroker.exe
2015-05-01 12:56 - 2014-02-22 11:49 - 00189784 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\UCX01000.SYS
2015-05-01 12:56 - 2014-02-22 11:49 - 00079192 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdstor.sys
2015-05-01 12:56 - 2014-02-22 11:43 - 00094560 _____ (Microsoft Corporation) C:\Windows\system32\bcd.dll
2015-05-01 12:56 - 2014-02-22 11:41 - 00028416 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-01 12:56 - 2014-02-22 10:52 - 00251504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powrprof.dll
2015-05-01 12:56 - 2014-02-22 10:42 - 00137344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2015-05-01 12:56 - 2014-02-22 10:41 - 00033056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-05-01 12:56 - 2014-02-22 10:18 - 00089848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RestoreOptIn.exe
2015-05-01 12:56 - 2014-02-22 10:18 - 00029912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserAccountBroker.exe
2015-05-01 12:56 - 2014-02-22 10:08 - 00079496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcd.dll
2015-05-01 12:56 - 2014-02-22 08:20 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-kernel-power-events.dll
2015-05-01 12:56 - 2014-02-22 08:17 - 00902144 _____ (Microsoft Corporation) C:\Windows\system32\autoconv.exe
2015-05-01 12:56 - 2014-02-22 08:17 - 00890880 _____ (Microsoft Corporation) C:\Windows\system32\autochk.exe
2015-05-01 12:56 - 2014-02-22 08:17 - 00874496 _____ (Microsoft Corporation) C:\Windows\system32\autofmt.exe
2015-05-01 12:56 - 2014-02-22 08:17 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\f3ahvoas.dll
2015-05-01 12:56 - 2014-02-22 08:17 - 00008192 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-1.dll
2015-05-01 12:56 - 2014-02-22 08:17 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-session-winsta-l1-1-0.dll
2015-05-01 12:56 - 2014-02-22 08:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll
2015-05-01 12:56 - 2014-02-22 08:17 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\ext-ms-win-kernel32-package-l1-1-1.dll
2015-05-01 12:56 - 2014-02-22 08:14 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\watchdog.sys
2015-05-01 12:56 - 2014-02-22 08:08 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\syncui.dll
2015-05-01 12:56 - 2014-02-22 08:08 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\mf3216.dll
2015-05-01 12:56 - 2014-02-22 08:08 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 12:56 - 2014-02-22 08:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-01 12:56 - 2014-02-22 08:08 - 00006144 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-01 12:56 - 2014-02-22 08:07 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-01 12:56 - 2014-02-22 08:06 - 00109568 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-01 12:56 - 2014-02-22 08:04 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\offreg.dll
2015-05-01 12:56 - 2014-02-22 08:03 - 00349696 _____ (Microsoft Corporation) C:\Windows\system32\bcdedit.exe
2015-05-01 12:56 - 2014-02-22 08:03 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\spbcd.dll
2015-05-01 12:56 - 2014-02-22 08:01 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\spcompat.dll
2015-05-01 12:56 - 2014-02-22 08:00 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-01 12:56 - 2014-02-22 08:00 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\ReAgentc.exe
2015-05-01 12:56 - 2014-02-22 08:00 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\lpksetupproxyserv.dll
2015-05-01 12:56 - 2014-02-22 07:59 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgrade.exe
2015-05-01 12:56 - 2014-02-22 07:57 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2015-05-01 12:56 - 2014-02-22 07:50 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\ActionQueue.dll
2015-05-01 12:56 - 2014-02-22 07:48 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\ocsetapi.dll
2015-05-01 12:56 - 2014-02-22 07:47 - 00589312 _____ (Microsoft Corporation) C:\Windows\system32\vdsdyn.dll
2015-05-01 12:56 - 2014-02-22 07:47 - 00165376 _____ (Microsoft Corporation) C:\Windows\system32\bcdboot.exe
2015-05-01 12:56 - 2014-02-22 07:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\scrobj.dll
2015-05-01 12:56 - 2014-02-22 07:45 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\fhevents.dll
2015-05-01 12:56 - 2014-02-22 07:42 - 00038680 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-05-01 12:56 - 2014-02-22 07:39 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\fhsvcctl.dll
2015-05-01 12:56 - 2014-02-22 07:37 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\diskpart.exe
2015-05-01 12:56 - 2014-02-22 07:32 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\vdsutil.dll
2015-05-01 12:56 - 2014-02-22 07:29 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\RelPost.exe
2015-05-01 12:56 - 2014-02-22 07:27 - 00141824 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-05-01 12:56 - 2014-02-22 07:25 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2015-05-01 12:56 - 2014-02-22 07:25 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\sppnp.dll
2015-05-01 12:56 - 2014-02-22 07:25 - 00028160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\f3ahvoas.dll
2015-05-01 12:56 - 2014-02-22 07:25 - 00008192 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-1.dll
2015-05-01 12:56 - 2014-02-22 07:25 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-ntuser-private-l1-1-0.dll
2015-05-01 12:56 - 2014-02-22 07:24 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autoconv.exe
2015-05-01 12:56 - 2014-02-22 07:24 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autochk.exe
2015-05-01 12:56 - 2014-02-22 07:24 - 00780288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\autofmt.exe
2015-05-01 12:56 - 2014-02-22 07:24 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SSShim.dll
2015-05-01 12:56 - 2014-02-22 07:24 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-session-winsta-l1-1-0.dll
2015-05-01 12:56 - 2014-02-22 07:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-networking-wcmapi-l1-1-0.dll
2015-05-01 12:56 - 2014-02-22 07:24 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\ext-ms-win-kernel32-package-l1-1-1.dll
2015-05-01 12:56 - 2014-02-22 07:22 - 00177664 _____ (Microsoft Corporation) C:\Windows\system32\easwrt.dll
2015-05-01 12:56 - 2014-02-22 07:17 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-05-01 12:56 - 2014-02-22 07:17 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\BulkOperationHost.exe
2015-05-01 12:56 - 2014-02-22 07:16 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-01 12:56 - 2014-02-22 07:16 - 00148992 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-05-01 12:56 - 2014-02-22 07:16 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-05-01 12:56 - 2014-02-22 07:14 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\cleanmgr.exe
2015-05-01 12:56 - 2014-02-22 07:13 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll
2015-05-01 12:56 - 2014-02-22 07:11 - 00068096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spbcd.dll
2015-05-01 12:56 - 2014-02-22 07:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-01 12:56 - 2014-02-22 07:09 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgentc.exe
2015-05-01 12:56 - 2014-02-22 07:08 - 00113152 _____ (Microsoft Corporation) C:\Windows\system32\shsetup.dll
2015-05-01 12:56 - 2014-02-22 07:08 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\wercplsupport.dll
2015-05-01 12:56 - 2014-02-22 07:07 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-05-01 12:56 - 2014-02-22 07:07 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-05-01 12:56 - 2014-02-22 07:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2015-05-01 12:56 - 2014-02-22 07:05 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\pnpclean.dll
2015-05-01 12:56 - 2014-02-22 07:05 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentHost.dll
2015-05-01 12:56 - 2014-02-22 07:04 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\dfrgui.exe
2015-05-01 12:56 - 2014-02-22 07:03 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-01 12:56 - 2014-02-22 07:02 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContent.dll
2015-05-01 12:56 - 2014-02-22 07:02 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\acppage.dll
2015-05-01 12:56 - 2014-02-22 06:59 - 01283584 _____ (Microsoft Corporation) C:\Windows\system32\vds.exe
2015-05-01 12:56 - 2014-02-22 06:59 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2015-05-01 12:56 - 2014-02-22 06:59 - 00163328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ocsetapi.dll
2015-05-01 12:56 - 2014-02-22 06:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\sud.dll
2015-05-01 12:56 - 2014-02-22 06:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\DAConn.dll
2015-05-01 12:56 - 2014-02-22 06:57 - 00165376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrobj.dll
2015-05-01 12:56 - 2014-02-22 06:56 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-01 12:56 - 2014-02-22 06:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\dmvdsitf.dll
2015-05-01 12:56 - 2014-02-22 06:55 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\srrstr.dll
2015-05-01 12:56 - 2014-02-22 06:55 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\SrTasks.exe
2015-05-01 12:56 - 2014-02-22 06:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PkgMgr.exe
2015-05-01 12:56 - 2014-02-22 06:51 - 00444416 _____ (Microsoft Corporation) C:\Windows\system32\spwizeng.dll
2015-05-01 12:56 - 2014-02-22 06:50 - 00136192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskpart.exe
2015-05-01 12:56 - 2014-02-22 06:47 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmdskmgr.dll
2015-05-01 12:56 - 2014-02-22 06:47 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\migisol.dll
2015-05-01 12:56 - 2014-02-22 06:47 - 00106496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setupugc.exe
2015-05-01 12:56 - 2014-02-22 06:47 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-01 12:56 - 2014-02-22 06:46 - 00283136 _____ (Microsoft Corporation) C:\Windows\system32\wbadmin.exe
2015-05-01 12:56 - 2014-02-22 06:41 - 02566656 _____ (Microsoft Corporation) C:\Windows\system32\themecpl.dll
2015-05-01 12:56 - 2014-02-22 06:40 - 00304640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2015-05-01 12:56 - 2014-02-22 06:38 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\easwrt.dll
2015-05-01 12:56 - 2014-02-22 06:37 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcdiag.exe
2015-05-01 12:56 - 2014-02-22 06:36 - 00385024 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-01 12:56 - 2014-02-22 06:35 - 00504832 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-05-01 12:56 - 2014-02-22 06:35 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\aitagent.exe
2015-05-01 12:56 - 2014-02-22 06:34 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeResults.exe
2015-05-01 12:56 - 2014-02-22 06:33 - 00402944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\zipfldr.dll
2015-05-01 12:56 - 2014-02-22 06:32 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-05-01 12:56 - 2014-02-22 06:30 - 00213504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cleanmgr.exe
2015-05-01 12:56 - 2014-02-22 06:29 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-01 12:56 - 2014-02-22 06:28 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-01 12:56 - 2014-02-22 06:27 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-01 12:56 - 2014-02-22 06:25 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-05-01 12:56 - 2014-02-22 06:21 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfrgui.exe
2015-05-01 12:56 - 2014-02-22 06:21 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-01 12:56 - 2014-02-22 06:21 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\acppage.dll
2015-05-01 12:56 - 2014-02-22 06:20 - 01152512 _____ (Microsoft Corporation) C:\Windows\system32\wscui.cpl
2015-05-01 12:56 - 2014-02-22 06:17 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-01 12:56 - 2014-02-22 06:17 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2015-05-01 12:56 - 2014-02-22 06:16 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sud.dll
2015-05-01 12:56 - 2014-02-22 06:16 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srchadmin.dll
2015-05-01 12:56 - 2014-02-22 06:16 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dmvdsitf.dll
2015-05-01 12:56 - 2014-02-22 06:13 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2015-05-01 12:56 - 2014-02-22 06:13 - 00307200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\newdev.dll
2015-05-01 12:56 - 2014-02-22 06:12 - 00352768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwizeng.dll
2015-05-01 12:56 - 2014-02-22 06:09 - 00097280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\migisol.dll
2015-05-01 12:56 - 2014-02-22 06:09 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-01 12:56 - 2014-02-22 06:04 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netid.dll
2015-05-01 12:56 - 2014-02-22 06:03 - 02544128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themecpl.dll
2015-05-01 12:56 - 2014-02-22 05:59 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\wmpdxm.dll
2015-05-01 12:56 - 2014-02-22 05:56 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2015-05-01 12:56 - 2014-02-22 05:54 - 00323584 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll
2015-05-01 12:56 - 2014-02-22 05:54 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-01 12:56 - 2014-02-22 05:54 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\deviceassociation.dll
2015-05-01 12:56 - 2014-02-22 05:53 - 00545280 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-05-01 12:56 - 2014-02-22 05:53 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-01 12:56 - 2014-02-22 05:52 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.exe
2015-05-01 12:56 - 2014-02-22 05:51 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\fveskybackup.dll
2015-05-01 12:56 - 2014-02-22 05:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\winbrand.dll
2015-05-01 12:56 - 2014-02-22 05:49 - 00155648 _____ (Microsoft Corporation) C:\Windows\system32\MicrosoftAccountTokenProvider.dll
2015-05-01 12:56 - 2014-02-22 05:48 - 01136128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscui.cpl
2015-05-01 12:56 - 2014-02-22 05:48 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\wincorlib.dll
2015-05-01 12:56 - 2014-02-22 05:46 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\winsku.dll
2015-05-01 12:56 - 2014-02-22 05:45 - 00453632 _____ (Microsoft Corporation) C:\Windows\system32\wbiosrvc.dll
2015-05-01 12:56 - 2014-02-22 05:44 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\korwbrkr.dll
2015-05-01 12:56 - 2014-02-22 05:43 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.Sockets.PushEnabledApplication.dll
2015-05-01 12:56 - 2014-02-22 05:41 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2015-05-01 12:56 - 2014-02-22 05:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dasHost.exe
2015-05-01 12:56 - 2014-02-22 05:37 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2015-05-01 12:56 - 2014-02-22 05:36 - 00835584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasgcw.dll
2015-05-01 12:56 - 2014-02-22 05:36 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WLanConn.dll
2015-05-01 12:56 - 2014-02-22 05:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcrypt.dll
2015-05-01 12:56 - 2014-02-22 05:29 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2015-05-01 12:56 - 2014-02-22 05:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2015-05-01 12:56 - 2014-02-22 05:28 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceassociation.dll
2015-05-01 12:56 - 2014-02-22 05:27 - 00484864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-05-01 12:56 - 2014-02-22 05:27 - 00202240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll
2015-05-01 12:56 - 2014-02-22 05:26 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-05-01 12:56 - 2014-02-22 05:26 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.exe
2015-05-01 12:56 - 2014-02-22 05:25 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winbrand.dll
2015-05-01 12:56 - 2014-02-22 05:23 - 00256000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincorlib.dll
2015-05-01 12:56 - 2014-02-22 05:23 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MicrosoftAccountTokenProvider.dll
2015-05-01 12:56 - 2014-02-22 05:22 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2015-05-01 12:56 - 2014-02-22 05:22 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsku.dll
2015-05-01 12:56 - 2014-02-22 05:19 - 00146944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\korwbrkr.dll
2015-05-01 12:56 - 2014-02-22 05:19 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-05-01 12:56 - 2014-02-22 05:19 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.Sockets.PushEnabledApplication.dll
2015-05-01 12:56 - 2014-02-22 05:16 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxshared.dll
2015-05-01 12:56 - 2014-02-22 05:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-05-01 12:56 - 2014-02-22 05:07 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscinterop.dll
2015-05-01 12:56 - 2014-02-22 05:06 - 00251904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2015-05-01 12:56 - 2014-02-22 05:04 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\slpts.dll
2015-05-01 12:56 - 2014-02-22 05:02 - 00559104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserLanguagesCpl.dll
2015-05-01 12:56 - 2014-02-22 05:02 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2015-05-01 12:56 - 2014-02-22 04:59 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-05-01 12:56 - 2014-02-22 04:58 - 00544768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcli.dll
2015-05-01 12:56 - 2014-02-22 04:57 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\winbici.dll
2015-05-01 12:56 - 2014-02-22 04:57 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-01 12:56 - 2014-02-22 04:55 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\ConfigureExpandedStorage.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\dataclen.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\energytask.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00014848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\slpts.dll
2015-05-01 12:56 - 2014-02-22 04:55 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\msshooks.dll
2015-05-01 12:56 - 2014-02-22 04:54 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToManager.dll
2015-05-01 12:56 - 2014-02-22 04:54 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\AepRoam.dll
2015-05-01 12:56 - 2014-02-22 04:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\netplwiz.dll
2015-05-01 12:56 - 2014-02-22 04:49 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-05-01 12:56 - 2014-02-22 04:49 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-01 12:56 - 2014-02-22 04:49 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-01 12:56 - 2014-02-22 04:48 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-05-01 12:56 - 2014-02-22 04:48 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-01 12:56 - 2014-02-22 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ConfigureExpandedStorage.dll
2015-05-01 12:56 - 2014-02-22 04:48 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssprxy.dll
2015-05-01 12:56 - 2014-02-22 04:48 - 00034304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dataclen.dll
2015-05-01 12:56 - 2014-02-22 04:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msshooks.dll
2015-05-01 12:56 - 2014-02-22 04:47 - 00185856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidcredprov.dll
2015-05-01 12:56 - 2014-02-22 04:46 - 03312128 _____ (Microsoft Corporation) C:\Windows\system32\bootux.dll
2015-05-01 12:56 - 2014-02-22 04:45 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\PlayToDevice.dll
2015-05-01 12:56 - 2014-02-22 04:45 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-05-01 12:56 - 2014-02-22 04:44 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\provsvc.dll
2015-05-01 12:56 - 2014-02-22 04:44 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netplwiz.dll
2015-05-01 12:56 - 2014-02-22 04:43 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BioCredProv.dll
2015-05-01 12:56 - 2014-02-22 04:43 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-01 12:56 - 2014-02-22 04:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Renewal.dll
2015-05-01 12:56 - 2014-02-22 04:40 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PlayToDevice.dll
2015-05-01 12:56 - 2014-02-22 04:39 - 00356352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskeng.exe
2015-05-01 12:56 - 2014-02-22 04:39 - 00321536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\provsvc.dll
2015-05-01 12:56 - 2014-02-22 04:39 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bthprops.cpl
2015-05-01 12:56 - 2014-02-22 04:38 - 00470016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-05-01 12:56 - 2014-02-22 04:35 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\SettingMonitor.dll
2015-05-01 12:56 - 2014-02-22 04:33 - 00130560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingMonitor.dll
2015-05-01 12:56 - 2014-02-22 04:31 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\IdCtrls.dll
2015-05-01 12:56 - 2014-02-22 04:30 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\wpnprv.dll
2015-05-01 12:56 - 2014-02-22 04:24 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IdCtrls.dll
2015-05-01 12:56 - 2014-02-22 04:22 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncPolicy.dll
2015-05-01 12:56 - 2014-02-22 04:20 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\AuthBroker.dll
2015-05-01 12:56 - 2014-02-22 04:20 - 00027648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncPolicy.dll
2015-05-01 12:56 - 2014-02-22 04:19 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AuthBroker.dll
2015-05-01 12:56 - 2014-02-22 04:17 - 00128512 _____ (Microsoft Corporation) C:\Windows\system32\CloudStorageWizard.exe
2015-05-01 12:56 - 2014-02-22 04:17 - 00109568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CloudStorageWizard.exe
2015-05-01 12:56 - 2014-02-22 03:54 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVolSSO.dll
2015-05-01 12:56 - 2014-02-22 00:43 - 00002440 ___RS () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk
2015-05-01 12:56 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-01 12:56 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-01 12:56 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-05-01 12:56 - 2014-02-22 00:37 - 00000369 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-05-01 12:56 - 2014-02-07 21:08 - 00100197 _____ () C:\Windows\SysWOW64\RacRules.xml
2015-05-01 12:56 - 2014-02-07 21:08 - 00100197 _____ () C:\Windows\system32\RacRules.xml
2015-05-01 12:56 - 2014-02-01 02:00 - 00011109 _____ () C:\Windows\SysWOW64\connectedsearch-results.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00011109 _____ () C:\Windows\system32\connectedsearch-results.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00007762 _____ () C:\Windows\SysWOW64\connectedsearch-suggestions.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00007762 _____ () C:\Windows\system32\connectedsearch-suggestions.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00007130 _____ () C:\Windows\SysWOW64\connectedsearch-zeroinput.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00007130 _____ () C:\Windows\system32\connectedsearch-zeroinput.searchconnector-ms
2015-05-01 12:56 - 2014-02-01 02:00 - 00002255 _____ () C:\Windows\SysWOW64\WimBootCompress.ini
2015-05-01 12:56 - 2014-02-01 02:00 - 00002255 _____ () C:\Windows\system32\WimBootCompress.ini
2015-05-01 12:56 - 2014-01-31 07:59 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-05-01 12:56 - 2014-01-31 07:11 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-05-01 12:56 - 2014-01-31 05:19 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\dafBth.dll
2015-05-01 12:56 - 2014-01-31 05:08 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-05-01 12:56 - 2014-01-31 04:24 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2015-05-01 12:56 - 2014-01-29 04:40 - 00994136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-01 12:56 - 2014-01-28 20:18 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2015-05-01 12:56 - 2014-01-27 15:53 - 00413184 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-01 12:56 - 2014-01-27 15:51 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdparser.sys
2015-05-01 12:56 - 2014-01-27 13:54 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2015-05-01 12:56 - 2014-01-27 07:45 - 00050053 _____ () C:\Windows\system32\srms.dat
2015-05-01 12:56 - 2014-01-22 02:21 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2015-05-01 12:56 - 2014-01-22 01:50 - 00147968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2015-05-01 12:56 - 2013-12-04 10:19 - 00439808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-05-01 12:56 - 2013-11-27 05:47 - 00015360 _____ (Microsoft Corporation) C:\Windows\system32\finger.exe
2015-05-01 12:56 - 2013-11-27 05:20 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\finger.exe
2015-05-01 12:56 - 2013-11-27 05:10 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\netiohlp.dll
2015-05-01 12:56 - 2013-11-27 04:56 - 00167936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netiohlp.dll
2015-05-01 12:56 - 2013-11-08 00:04 - 00488960 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2015-05-01 12:56 - 2013-11-07 23:47 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2015-05-01 12:56 - 2013-11-01 05:06 - 00268288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\wmbclass.sys
2015-05-01 12:48 - 2014-03-20 00:19 - 01291200 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-01 12:48 - 2014-03-19 23:48 - 21232792 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-01 12:48 - 2014-03-19 23:41 - 02013016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-05-01 12:48 - 2014-03-19 23:41 - 00376152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\clfs.sys
2015-05-01 12:48 - 2014-03-19 23:40 - 01112536 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-01 12:48 - 2014-03-19 21:20 - 18679216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-01 12:48 - 2014-03-19 19:55 - 01036288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-01 12:48 - 2014-03-19 03:13 - 00836096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-01 12:48 - 2014-03-11 09:21 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-05-01 12:48 - 2014-03-11 09:02 - 00629760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-05-01 12:48 - 2014-03-06 08:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-01 12:48 - 2014-03-06 05:19 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Shell.Search.UriHandler.dll
2015-05-01 12:48 - 2014-03-06 03:22 - 16875520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-05-01 12:48 - 2014-03-06 02:59 - 12732416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-05-01 12:48 - 2014-03-06 02:33 - 13286400 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2015-05-01 12:48 - 2014-03-06 01:28 - 08653824 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2015-05-01 12:48 - 2014-03-04 02:25 - 13392384 _____ (Microsoft Corporation) C:\Windows\system32\vmms.exe
2015-05-01 12:48 - 2014-03-02 06:20 - 23549952 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-01 12:48 - 2014-03-02 05:33 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-01 12:48 - 2014-02-26 02:29 - 02678784 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-05-01 12:47 - 2014-03-19 21:29 - 04268544 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-05-01 12:47 - 2014-03-19 20:53 - 00950784 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2015-05-01 12:47 - 2014-03-19 20:48 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\ReInfo.dll
2015-05-01 12:47 - 2014-03-19 19:39 - 00800256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2015-05-01 12:47 - 2014-03-19 19:36 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2015-05-01 12:47 - 2014-03-19 01:57 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-05-01 12:47 - 2014-03-19 01:50 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\w32tm.exe
2015-05-01 12:47 - 2014-03-19 01:31 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-05-01 12:47 - 2014-03-19 01:20 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\w32tm.exe
2015-05-01 12:47 - 2014-03-19 01:08 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-05-01 12:47 - 2014-03-19 00:41 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-05-01 12:47 - 2014-03-19 00:17 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-05-01 12:47 - 2014-03-15 00:56 - 00381952 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-05-01 12:47 - 2014-03-15 00:44 - 01705984 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-01 12:47 - 2014-03-13 08:35 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wof.sys
2015-05-01 12:47 - 2014-03-12 09:45 - 00387210 _____ () C:\Windows\system32\ApnDatabase.xml
2015-05-01 12:47 - 2014-03-11 12:04 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-05-01 12:47 - 2014-03-11 11:45 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfgLib.dll
2015-05-01 12:47 - 2014-03-11 11:18 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2015-05-01 12:47 - 2014-03-11 11:02 - 00794112 _____ (Microsoft Corporation) C:\Windows\system32\fvewiz.dll
2015-05-01 12:47 - 2014-03-11 10:28 - 00887296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2015-05-01 12:47 - 2014-03-11 10:25 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2015-05-01 12:47 - 2014-03-11 10:05 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2015-05-01 12:47 - 2014-03-11 10:03 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2015-05-01 12:47 - 2014-03-11 10:00 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-05-01 12:47 - 2014-03-11 08:42 - 02641920 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-01 12:47 - 2014-03-11 08:35 - 02317824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-05-01 12:47 - 2014-03-10 02:42 - 06172160 _____ (Microsoft Corporation) C:\Windows\system32\vmwp.exe
2015-05-01 12:47 - 2014-03-09 23:39 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\synthnic.dll
2015-05-01 12:47 - 2014-03-09 23:18 - 00350720 _____ (Microsoft Corporation) C:\Windows\system32\EmulatedNic.dll
2015-05-01 12:47 - 2014-03-08 16:47 - 00565536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-01 12:47 - 2014-03-08 16:47 - 00180056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-01 12:47 - 2014-03-08 16:40 - 00136024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-05-01 12:47 - 2014-03-08 16:38 - 01542768 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-05-01 12:47 - 2014-03-08 16:35 - 00467800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-05-01 12:47 - 2014-03-08 16:35 - 00337752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2015-05-01 12:47 - 2014-03-08 11:29 - 01339240 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-01 12:47 - 2014-03-08 11:29 - 00356848 _____ (Microsoft Corporation) C:\Windows\system32\dcomp.dll
2015-05-01 12:47 - 2014-03-08 07:34 - 01095488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-05-01 12:47 - 2014-03-08 05:34 - 00731648 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-01 12:47 - 2014-03-08 05:02 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\sxproxy.dll
2015-05-01 12:47 - 2014-03-08 04:44 - 00731648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-01 12:47 - 2014-03-08 04:33 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\spp.dll
2015-05-01 12:47 - 2014-03-08 04:25 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\SetNetworkLocation.dll
2015-05-01 12:47 - 2014-03-08 04:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sxproxy.dll
2015-05-01 12:47 - 2014-03-08 03:53 - 01843712 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2015-05-01 12:47 - 2014-03-08 03:51 - 00334848 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2015-05-01 12:47 - 2014-03-08 03:47 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spp.dll
2015-05-01 12:47 - 2014-03-08 03:12 - 01816576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2015-05-01 12:47 - 2014-03-08 03:09 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-01 12:47 - 2014-03-08 03:04 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-05-01 12:47 - 2014-03-08 03:03 - 00939520 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-01 12:47 - 2014-03-08 03:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-05-01 12:47 - 2014-03-08 02:50 - 01066496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-01 12:47 - 2014-03-08 02:48 - 00252928 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2015-05-01 12:47 - 2014-03-08 02:46 - 01063424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-01 12:47 - 2014-03-08 02:41 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-01 12:47 - 2014-03-08 02:40 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-05-01 12:47 - 2014-03-08 02:37 - 00755712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-01 12:47 - 2014-03-08 02:31 - 00222720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dcomp.dll
2015-05-01 12:47 - 2014-03-08 02:30 - 00197632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-05-01 12:47 - 2014-03-08 02:25 - 00264192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-01 12:47 - 2014-03-08 02:09 - 00958464 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-05-01 12:47 - 2014-03-08 02:04 - 00717312 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-01 12:47 - 2014-03-08 02:02 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-05-01 12:47 - 2014-03-08 01:58 - 00567296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-01 12:47 - 2014-03-08 01:41 - 01306624 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-05-01 12:47 - 2014-03-08 01:11 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-05-01 12:47 - 2014-03-06 10:35 - 01466864 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2015-05-01 12:47 - 2014-03-06 10:34 - 02331000 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-05-01 12:47 - 2014-03-06 10:34 - 00113648 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-05-01 12:47 - 2014-03-06 08:53 - 02141912 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-05-01 12:47 - 2014-03-06 08:53 - 00518552 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-05-01 12:47 - 2014-03-06 08:51 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-05-01 12:47 - 2014-03-06 08:51 - 00488280 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2015-05-01 12:47 - 2014-03-06 08:51 - 00379224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-05-01 12:47 - 2014-03-06 08:40 - 00492256 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-05-01 12:47 - 2014-03-06 08:40 - 00467504 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-01 12:47 - 2014-03-06 08:40 - 00463264 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-01 12:47 - 2014-03-06 08:40 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-01 12:47 - 2014-03-06 08:40 - 00244888 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-01 12:47 - 2014-03-06 08:39 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-05-01 12:47 - 2014-03-06 07:20 - 01200296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2015-05-01 12:47 - 2014-03-06 07:19 - 00390488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2015-05-01 12:47 - 2014-03-06 07:19 - 00094016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-05-01 12:47 - 2014-03-06 07:13 - 01779800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-05-01 12:47 - 2014-03-06 07:13 - 00406912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-05-01 12:47 - 2014-03-06 06:46 - 01679128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-05-01 12:47 - 2014-03-06 06:35 - 00406512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-01 12:47 - 2014-03-06 06:35 - 00388408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-05-01 12:47 - 2014-03-06 06:35 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-01 12:47 - 2014-03-06 06:35 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-01 12:47 - 2014-03-06 05:29 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2015-05-01 12:47 - 2014-03-06 05:24 - 00111616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-05-01 12:47 - 2014-03-06 05:24 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2015-05-01 12:47 - 2014-03-06 05:24 - 00033280 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidusb.sys
2015-05-01 12:47 - 2014-03-06 05:22 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-05-01 12:47 - 2014-03-06 05:22 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-01 12:47 - 2014-03-06 05:22 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys
2015-05-01 12:47 - 2014-03-06 05:20 - 00443392 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2015-05-01 12:47 - 2014-03-06 05:20 - 00402944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-05-01 12:47 - 2014-03-06 05:20 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-05-01 12:47 - 2014-03-06 05:19 - 00283648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-05-01 12:47 - 2014-03-06 05:19 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-05-01 12:47 - 2014-03-06 05:19 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\drvcfg.exe
2015-05-01 12:47 - 2014-03-06 05:19 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-05-01 12:47 - 2014-03-06 05:08 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\drvinst.exe
2015-05-01 12:47 - 2014-03-06 05:08 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\l2gpstore.dll
2015-05-01 12:47 - 2014-03-06 04:41 - 00115200 _____ (Microsoft Corporation) C:\Windows\system32\DevPropMgr.dll
2015-05-01 12:47 - 2014-03-06 04:38 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-05-01 12:47 - 2014-03-06 04:37 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-05-01 12:47 - 2014-03-06 04:28 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2015-05-01 12:47 - 2014-03-06 04:20 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Shell.Search.UriHandler.dll
2015-05-01 12:47 - 2014-03-06 04:10 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\l2gpstore.dll
2015-05-01 12:47 - 2014-03-06 04:09 - 00098816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-05-01 12:47 - 2014-03-06 04:00 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2015-05-01 12:47 - 2014-03-06 03:47 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-05-01 12:47 - 2014-03-06 03:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-05-01 12:47 - 2014-03-06 03:45 - 00981504 _____ (Microsoft Corporation) C:\Windows\system32\adprop.dll
2015-05-01 12:47 - 2014-03-06 03:44 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-05-01 12:47 - 2014-03-06 03:16 - 00171008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-05-01 12:47 - 2014-03-06 03:15 - 00667136 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2015-05-01 12:47 - 2014-03-06 03:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-05-01 12:47 - 2014-03-06 03:02 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2015-05-01 12:47 - 2014-03-06 02:57 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2015-05-01 12:47 - 2014-03-06 02:51 - 02900992 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-05-01 12:47 - 2014-03-06 02:42 - 00589824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2015-05-01 12:47 - 2014-03-06 02:39 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-01 12:47 - 2014-03-06 02:34 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-05-01 12:47 - 2014-03-06 02:32 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2015-05-01 12:47 - 2014-03-06 02:31 - 02479616 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-01 12:47 - 2014-03-06 02:29 - 11791360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2015-05-01 12:47 - 2014-03-06 02:29 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2015-05-01 12:47 - 2014-03-06 02:27 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-01 12:47 - 2014-03-06 02:24 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\wlangpui.dll
2015-05-01 12:47 - 2014-03-06 02:23 - 02270208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-05-01 12:47 - 2014-03-06 02:23 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\dafWfdProvider.dll
2015-05-01 12:47 - 2014-03-06 02:21 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2015-05-01 12:47 - 2014-03-06 02:21 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Sensors.dll
2015-05-01 12:47 - 2014-03-06 02:16 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-05-01 12:47 - 2014-03-06 02:16 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-01 12:47 - 2014-03-06 02:13 - 00298496 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-05-01 12:47 - 2014-03-06 02:13 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2015-05-01 12:47 - 2014-03-06 02:11 - 02030080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-05-01 12:47 - 2014-03-06 02:09 - 01764864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-01 12:47 - 2014-03-06 02:06 - 00386560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlangpui.dll
2015-05-01 12:47 - 2014-03-06 02:05 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-05-01 12:47 - 2014-03-06 02:04 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2015-05-01 12:47 - 2014-03-06 02:04 - 00226304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Sensors.dll
2015-05-01 12:47 - 2014-03-06 02:01 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Scanners.dll
2015-05-01 12:47 - 2014-03-06 01:54 - 01023488 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-05-01 12:47 - 2014-03-06 01:54 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-05-01 12:47 - 2014-03-06 01:51 - 00151040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Scanners.dll
2015-05-01 12:47 - 2014-03-06 01:47 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\SessEnv.dll
2015-05-01 12:47 - 2014-03-06 01:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2015-05-01 12:47 - 2014-03-06 01:42 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SessEnv.dll
2015-05-01 12:47 - 2014-03-06 01:35 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2015-05-01 12:47 - 2014-03-06 01:33 - 00839168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2015-05-01 12:47 - 2014-03-06 01:32 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2015-05-01 12:47 - 2014-03-06 01:27 - 05833728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2015-05-01 12:47 - 2014-03-06 01:21 - 05770752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-01 12:47 - 2014-03-06 01:20 - 06641152 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-01 12:47 - 2014-03-04 08:26 - 01429336 _____ (Microsoft Corporation) C:\Windows\system32\hvix64.exe
2015-05-01 12:47 - 2014-03-04 08:26 - 01390936 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.efi
2015-05-01 12:47 - 2014-03-04 08:26 - 01378648 _____ (Microsoft Corporation) C:\Windows\system32\hvax64.exe
2015-05-01 12:47 - 2014-03-04 08:26 - 01263960 _____ (Microsoft Corporation) C:\Windows\system32\hvloader.exe
2015-05-01 12:47 - 2014-03-04 08:25 - 02373784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-05-01 12:47 - 2014-03-04 08:15 - 02519384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-01 12:47 - 2014-03-04 08:15 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-01 12:47 - 2014-03-04 08:14 - 00360512 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2015-05-01 12:47 - 2014-03-04 07:16 - 02088160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-05-01 12:47 - 2014-03-04 07:10 - 00355832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2015-05-01 12:47 - 2014-03-04 05:27 - 00706048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wnv.sys
2015-05-01 12:47 - 2014-03-04 05:27 - 00691200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vmswitch.sys
2015-05-01 12:47 - 2014-03-04 04:11 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\AdmTmpl.dll
2015-05-01 12:47 - 2014-03-04 03:36 - 02001408 _____ (Microsoft Corporation) C:\Windows\system32\gpmgmt.dll
2015-05-01 12:47 - 2014-03-04 03:26 - 00444928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AdmTmpl.dll
2015-05-01 12:47 - 2014-03-04 03:16 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-05-01 12:47 - 2014-03-04 03:13 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-05-01 12:47 - 2014-03-04 03:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\pdh.dll
2015-05-01 12:47 - 2014-03-04 03:00 - 00512000 _____ (Microsoft Corporation) C:\Windows\system32\wlidprov.dll
2015-05-01 12:47 - 2014-03-04 02:59 - 01678336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpmgmt.dll
2015-05-01 12:47 - 2014-03-04 02:56 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RMapi.dll
2015-05-01 12:47 - 2014-03-04 02:50 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-01 12:47 - 2014-03-04 02:42 - 00494592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-05-01 12:47 - 2014-03-04 02:39 - 00254976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pdh.dll
2015-05-01 12:47 - 2014-03-04 02:32 - 00356864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlidprov.dll
2015-05-01 12:47 - 2014-03-04 02:15 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Graphics.Printing.dll
2015-05-01 12:47 - 2014-03-04 02:05 - 00402432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Graphics.Printing.dll
2015-05-01 12:47 - 2014-03-04 02:03 - 00669696 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-05-01 12:47 - 2014-03-04 02:03 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\CredentialMigrationHandler.dll
2015-05-01 12:47 - 2014-03-04 01:54 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredentialMigrationHandler.dll
2015-05-01 12:47 - 2014-03-04 01:52 - 00605184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-05-01 12:47 - 2014-02-06 18:59 - 00425984 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2015-05-01 12:47 - 2014-02-06 17:26 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2015-05-01 12:47 - 2013-12-23 19:28 - 00262656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LocationApi.dll
2015-05-01 12:47 - 2013-12-23 19:26 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\LocationApi.dll
2015-05-01 00:19 - 2015-05-04 10:56 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-01 00:19 - 2015-05-01 00:19 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-04-30 23:28 - 2015-04-30 23:28 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Local\Apps\2.0
2015-04-30 17:16 - 2015-05-15 11:47 - 00000000 ____D () C:\Kerry-tts
2015-04-30 16:50 - 2015-04-30 16:50 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Roaming\Mozilla
2015-04-30 16:47 - 2015-04-30 16:47 - 03983752 _____ (TeamViewer) C:\Users\Katie.CODE8\Desktop\ttrs.exe
2015-04-30 16:47 - 2015-04-30 16:47 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Roaming\TeamViewer
2015-04-30 16:42 - 2015-04-30 16:42 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Roaming\Highresolution Enterprises
2015-04-30 16:23 - 2014-05-01 10:06 - 00014456 _____ (GFI Software) C:\Windows\system32\Drivers\gfibto.sys
2015-04-30 12:49 - 2015-04-30 12:49 - 00003892 _____ () C:\Users\Jon\Downloads\MAX ServiceDesk Demo (1).ics
2015-04-30 11:55 - 2015-04-30 11:55 - 00003892 _____ () C:\Users\Jon\Downloads\MAX ServiceDesk Demo.ics
2015-04-30 09:09 - 2015-04-28 14:38 - 00000000 ____D () C:\Users\Jon\Downloads\integrity_verification
2015-04-30 09:09 - 2015-04-28 14:10 - 00000000 ____D () C:\Users\Jon\Downloads\tron
2015-04-30 00:54 - 2015-04-30 02:26 - 00000840 _____ () C:\Windows\SysWOW64\AgentSettings.xml
2015-04-30 00:14 - 2015-04-30 00:23 - 00155983 _____ () C:\Users\Jon\Desktop\Addition.txt
2015-04-30 00:05 - 2015-04-30 00:23 - 00067234 _____ () C:\Users\Jon\Desktop\FRST.txt
2015-04-29 23:40 - 2013-05-28 11:57 - 00048536 _____ (ThreatTrack Security, Inc.) C:\Windows\system32\sbbd.exe
2015-04-29 17:41 - 2015-04-29 17:41 - 02101248 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2015-04-29 17:24 - 2015-04-29 17:25 - 00000000 ____D () C:\Users\Jon\Desktop\Tweaking.com - Windows Repair
2015-04-29 17:12 - 2015-04-29 17:12 - 10661980 _____ () C:\Users\Jon\Desktop\tweaking.com_windows_repair_aio.zip
2015-04-29 16:41 - 2015-05-04 14:11 - 00001294 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Monitoring Agent.lnk
2015-04-29 16:41 - 2015-04-29 16:08 - 06617099 _____ () C:\Users\Jon\Desktop\AGENT_COASTAL_DATA_ENTERPISES__INC._OFFICE_V9_8_7_RW.ZIP
2015-04-29 15:10 - 2015-04-29 15:10 - 00000759 _____ () C:\Users\Jon\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-29 15:09 - 2015-04-29 15:09 - 155390640 _____ () C:\Users\Jon\Downloads\EmsisoftEmergencyKit.exe
2015-04-29 15:02 - 2015-04-29 15:03 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Jon\Downloads\tdsskiller (1).exe
2015-04-29 14:53 - 2015-04-29 15:02 - 00002384 _____ () C:\Users\Jon\Desktop\Rkill.txt
2015-04-29 14:53 - 2015-04-29 14:53 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore.exe
2015-04-29 14:53 - 2015-04-29 14:53 - 01063160 _____ (Bleeping Computer, LLC) C:\Users\Jon\Downloads\iExplore64.exe
2015-04-29 14:20 - 2015-04-29 14:26 - 02001540 _____ () C:\Users\Jon\Downloads\pc-decrapifier-3.0.0.exe
2015-04-28 12:48 - 2015-04-28 12:48 - 00000000 ____D () C:\WindowsAzure
2015-04-28 12:47 - 2015-04-28 12:47 - 00350936 _____ (Microsoft Corporation) C:\Users\Jon\Downloads\SDP.0b2320b237373835333833343833b0.Run.exe
2015-04-28 12:06 - 2015-04-28 12:06 - 00004415 _____ () C:\Users\Jon\Downloads\REMOTE-PC (1).rdp
2015-04-28 11:52 - 2015-04-28 11:52 - 00000074 _____ () C:\Users\Jon\Downloads\KTCLOUD.rdp
2015-04-27 16:19 - 2015-04-27 16:19 - 00012923 _____ () C:\Users\Jon\Downloads\CoastalDataEnterpisesInc_2015_03_.csv
2015-04-27 16:18 - 2015-04-27 16:18 - 00012928 _____ () C:\Users\Jon\Downloads\CoastalDataEnterpises,Inc._2015_02_ (1).csv
2015-04-27 14:54 - 2015-04-27 14:54 - 00004415 _____ () C:\Users\Jon\Downloads\REMOTE-PC.rdp
2015-04-24 21:10 - 2015-04-24 21:10 - 00000668 _____ () C:\Users\Jon\Downloads\gfi-servicedesk.qwc
2015-04-24 10:16 - 2015-04-24 10:16 - 00276348 _____ () C:\Users\Jon\Downloads\X360AIDE-TRIAL.zip
2015-04-22 15:42 - 2015-04-22 15:42 - 00004314 _____ () C:\Users\Jon\Documents\Motor Coach Safety Video.mds
2015-04-22 15:41 - 2015-04-22 15:42 - 90798080 _____ () C:\Users\Jon\Documents\Motor Coach Safety Video.iso
2015-04-22 11:32 - 2015-04-22 11:32 - 04516188 _____ () C:\Users\Jon\Downloads\themeforest-5060723-tour-operator-wp-theme-with-reservation-system-wordpress_theme (2).zip
2015-04-22 10:49 - 2015-04-22 10:49 - 00000037 _____ () C:\Users\Jon\Downloads\htaccess (1)
2015-04-21 12:38 - 2015-04-21 12:38 - 01270552 _____ (Ellora Assets Corporation ) C:\Users\Jon\Downloads\FreemakeVideoConverterSetup (2).exe
2015-04-21 12:37 - 2015-04-21 12:37 - 00000000 ____D () C:\Users\Jon\AppData\Local\FreemakeVideoConverter
2015-04-21 12:32 - 2015-04-21 12:32 - 00001406 _____ () C:\Users\Public\Desktop\Free Disc Burner.lnk
2015-04-21 12:32 - 2015-04-21 12:32 - 00001261 _____ () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-04-21 12:32 - 2015-04-21 12:32 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2015-04-21 12:30 - 2015-04-21 12:31 - 18393968 _____ (DVDVideoSoft Ltd. ) C:\Users\Jon\Downloads\FreeDiscBurner.exe
2015-04-21 12:28 - 2015-04-21 12:28 - 00012376 _____ () C:\Users\Jon\Downloads\FreeDiscBurner.torrent
2015-04-21 12:26 - 2015-04-21 12:27 - 21318680 _____ (Visicom Media Inc.) C:\Users\Jon\Downloads\ManyDownloader64.FREE.exe
2015-04-21 12:26 - 2015-04-21 12:27 - 21318680 _____ (Visicom Media Inc.) C:\Users\Jon\Downloads\ManyDownloader64.FREE (1).exe
2015-04-16 19:58 - 2015-04-16 19:58 - 03737670 _____ () C:\Users\Jon\Downloads\codecanyon-242431-visual-composer-page-builder-for-wordpress (2).zip
2015-04-16 11:20 - 2015-04-16 11:20 - 02646958 _____ () C:\Users\Jon\Downloads\sonshine_wrdp1_wp_20150416_656.sql.gz
2015-04-15 16:39 - 2015-04-15 16:39 - 00001129 _____ () C:\Users\Public\Desktop\X-Lite.lnk
2015-04-15 16:39 - 2015-04-15 16:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CounterPath X-Lite
2015-04-15 16:39 - 2015-04-15 16:39 - 00000000 ____D () C:\ProgramData\CounterPath Corporation
2015-04-15 16:38 - 2015-04-15 16:39 - 01101098 _____ () C:\Windows\system32\installer.log
2015-04-15 16:38 - 2015-04-15 16:39 - 00056818 _____ () C:\Windows\SysWOW64\installer.log
2015-04-15 16:34 - 2015-04-15 16:34 - 41308664 _____ (CounterPath Corporation ) C:\Users\Jon\Downloads\X-Lite_Win32_4.8.2_76122.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 11:49 - 2012-12-26 15:34 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-15 11:47 - 2012-12-31 15:45 - 00002328 ____H () C:\Users\Jon\Documents\Default.rdp
2015-05-15 11:42 - 2013-09-10 14:50 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1001UA.job
2015-05-15 11:37 - 2012-12-27 23:16 - 00000000 ____D () C:\Users\Jon\Documents\Outlook Files
2015-05-15 11:18 - 2013-06-05 11:51 - 00003612 _____ () C:\Windows\System32\Tasks\Optimize Push Notification Data File-S-1-5-21-165406014-2875721840-1828221187-1001
2015-05-15 11:02 - 2013-03-09 20:09 - 00000000 ____D () C:\Program Files (x86)\Advanced Monitoring Agent
2015-05-15 10:55 - 2013-01-25 15:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 10:03 - 2012-12-26 15:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-165406014-2875721840-1828221187-1001
2015-05-15 05:52 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-05-15 05:49 - 2015-02-03 22:44 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d0402473c77ee7.job
2015-05-15 05:44 - 2012-12-26 15:34 - 00003880 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-15 01:42 - 2013-09-10 14:50 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1001Core.job
2015-05-14 18:44 - 2012-12-26 15:34 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-14 16:49 - 2014-04-19 16:39 - 00000880 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008Core.job
2015-05-12 04:01 - 2015-01-10 05:11 - 00000000 __RDO () C:\Users\Jon\SkyDrive (2)
2015-05-11 14:09 - 2013-10-28 18:03 - 00000000 ____D () C:\Users\Jon
2015-05-11 14:08 - 2013-01-23 22:44 - 00000000 ____D () C:\ProgramData\TechSmith
2015-05-11 14:08 - 2013-01-23 22:44 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2015-05-11 14:07 - 2012-12-26 16:03 - 00000000 ____D () C:\ProgramData\Package Cache
2015-05-11 14:06 - 2014-04-13 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith
2015-05-08 16:14 - 2012-12-27 22:19 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-08 16:09 - 2014-04-18 14:52 - 00000000 ____D () C:\Users\Jon\AppData\Local\CrashDumps
2015-05-08 13:41 - 2014-01-22 17:46 - 00000000 ____D () C:\ProgramData\boost_interprocess
2015-05-08 05:37 - 2014-06-17 20:47 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-05-07 20:08 - 2013-02-21 11:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-05-06 14:47 - 2013-02-20 21:29 - 00000000 ____D () C:\Users\Jon\AppData\Local\Adobe
2015-05-06 14:47 - 2013-01-25 15:31 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-06 11:50 - 2013-06-22 17:19 - 00000402 _____ () C:\Windows\ODBC.INI
2015-05-04 15:37 - 2013-04-25 23:59 - 00000000 ____D () C:\Users\Jon\Documents\SQL Server Management Studio
2015-05-04 15:02 - 2012-12-27 13:29 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\TeamViewer
2015-05-04 13:59 - 2013-10-28 19:02 - 27590656 _____ () C:\Windows\system32\vmguest.iso
2015-05-04 13:59 - 2012-12-26 15:34 - 00002279 _____ () C:\Users\Jon\Desktop\Google Chrome.lnk
2015-05-04 13:57 - 2014-02-18 18:33 - 00003594 _____ () C:\Windows\System32\Tasks\WizMouse
2015-05-04 13:57 - 2013-10-28 19:50 - 00000604 __RSH () C:\Users\Jon\ntuser.pol
2015-05-04 13:56 - 2013-09-30 00:04 - 01337672 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-04 13:46 - 2013-09-12 17:15 - 00000000 ____D () C:\Users\Jon\AppData\Local\HTC MediaHub
2015-05-04 13:44 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-04 11:21 - 2012-12-27 12:08 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-05-04 10:55 - 2013-11-04 14:38 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\ViStart
2015-05-02 16:05 - 2013-08-22 09:25 - 00786432 ___SH () C:\Windows\system32\config\BBI
2015-05-02 16:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-05-02 00:11 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-05-01 16:41 - 2014-04-12 13:09 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Local\HTC MediaHub
2015-05-01 14:42 - 2014-01-22 15:57 - 00000000 ____D () C:\Windows\Cluster
2015-05-01 14:42 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-05-01 14:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-05-01 14:42 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\uk-UA
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\th-TH
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\SystemResetPlatform
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sl-SI
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sk-SK
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ro-RO
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\migwiz
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lv-LV
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\lt-LT
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\hr-HR
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\he-IL
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\et-EE
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\en-GB
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\bg-BG
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\ar-SA
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\MediaViewer
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-05-01 14:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Sysprep
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-01 14:41 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\servicing
2015-05-01 14:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\FileManager
2015-05-01 14:40 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\Camera
2015-05-01 14:29 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2015-05-01 14:28 - 2014-01-22 15:58 - 05412352 _____ (Microsoft Corporation) C:\Windows\system32\gppref.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 05024256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gppref.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\propshts.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 02411008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propshts.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 00577024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefbr.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\gpregistrybrowser.dll
2015-05-01 14:28 - 2014-01-22 15:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcn.dll
2015-05-01 14:06 - 2013-07-15 18:37 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-01 13:41 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-05-01 13:39 - 2012-12-26 16:03 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-05-01 13:39 - 2012-12-26 16:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-05-01 13:18 - 2012-07-26 01:26 - 00000167 _____ () C:\Windows\win.ini
2015-05-01 13:17 - 2014-03-11 15:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-05-01 11:24 - 2013-10-16 12:06 - 00000658 _____ () C:\Windows\SysWOW64\CountScans.XML
2015-05-01 00:13 - 2014-04-13 14:56 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Roaming\Skype
2015-04-30 23:28 - 2014-04-14 20:30 - 00000000 ____D () C:\Users\Katie.CODE8\AppData\Local\CrashDumps
2015-04-30 23:14 - 2014-04-12 13:13 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-165406014-2875721840-1828221187-1008
2015-04-30 16:44 - 2014-04-19 16:39 - 00003878 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008UA
2015-04-30 16:44 - 2014-04-19 16:39 - 00003498 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008Core
2015-04-30 16:44 - 2014-04-19 16:39 - 00000932 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-165406014-2875721840-1828221187-1008UA.job
2015-04-30 13:32 - 2014-12-17 11:15 - 00056464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\SerresWfp.sys
2015-04-29 17:40 - 2014-11-10 13:21 - 00000000 ____D () C:\Users\Jon\Downloads\AntiMalwarePack
2015-04-29 15:31 - 2014-10-27 17:42 - 00000000 ____D () C:\Users\Jon\Documents\Invoices
2015-04-29 15:14 - 2014-01-26 12:08 - 00000000 ___DC () C:\Users\Jon\AppData\Local\MigWiz
2015-04-29 15:14 - 2013-10-28 21:52 - 00000000 ___DC () C:\Windows\Panther
2015-04-29 15:13 - 2013-12-12 08:41 - 00000000 ____D () C:\Windows\Minidump
2015-04-28 12:17 - 2013-06-04 11:59 - 00004404 _____ () C:\Users\Jon\Desktop\JOY-PC.rdp
2015-04-28 11:24 - 2014-05-02 13:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Dynamics CRM
2015-04-28 11:22 - 2013-10-28 17:59 - 01350614 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-28 10:48 - 2014-06-23 10:59 - 00003814 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1401393866
2015-04-28 10:48 - 2014-05-29 16:04 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-04-28 10:47 - 2014-05-29 16:04 - 00001067 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-04-24 10:11 - 2012-12-26 19:51 - 00000000 ____D () C:\ProgramData\Microsoft Team Foundation Local Workspaces
2015-04-24 10:07 - 2012-12-26 17:02 - 00000000 ____D () C:\Users\Jon\Documents\Visual Studio 2012
2015-04-23 23:24 - 2014-11-14 17:44 - 00002286 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-21 12:32 - 2013-10-29 17:37 - 00000000 ____D () C:\Users\Jon\AppData\Roaming\DVDVideoSoft
2015-04-21 12:13 - 2013-11-07 11:23 - 00000000 ____D () C:\Program Files\DisplayLink Core Software
2015-04-20 13:50 - 2014-07-24 09:08 - 00052939 _____ () C:\Users\Jon\Documents\qryTeachersByTours.xlsx
2015-04-16 19:54 - 2014-08-27 14:46 - 00000000 ____D () C:\Users\Jon\Documents\Snagit
2015-04-16 12:06 - 2013-01-20 13:28 - 01863680 _____ () C:\Users\Jon\Documents\Desktop Call tracker.accdb
 
==================== Files in the root of some directories =======
 
2014-03-21 11:38 - 2014-03-21 11:39 - 0041756 _____ () C:\Program Files (x86)\CMS Setup Log.txt
2013-09-18 15:01 - 2014-04-24 11:44 - 0087522 __RSH () C:\Program Files (x86)\DLS8Uninstall.log
2012-12-26 15:32 - 2015-03-31 11:51 - 14283832 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-02 15:37 - 2008-10-06 22:49 - 0053248 _____ (Wyse Technology Inc.) C:\Program Files (x86)\Common Files\WyseImager.exe
2013-10-19 18:42 - 2009-12-08 04:23 - 0000000 _____ () C:\Users\Jon\AppData\Local\ifw.ini
2012-12-26 21:21 - 2015-02-18 11:20 - 0007635 _____ () C:\Users\Jon\AppData\Local\resmon.resmoncfg
2015-03-26 07:45 - 2015-03-26 07:45 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-05-02 16:05 - 2015-05-02 16:05 - 0000408 _____ () C:\ProgramData\Coinstaller.log
 
Files to move or delete:
====================
C:\Users\Jon\All C files.bat
C:\Users\Jon\All D files.bat
 
 
Some content of TEMP:
====================
C:\Users\Jon\AppData\Local\Temp\Quarantine.exe
C:\Users\Jon\AppData\Local\Temp\sqlite3.dll
C:\Users\Katie.CODE8\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Katie.CODE8\AppData\Local\Temp\Quarantine.exe
C:\Users\Katie.CODE8\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-15 05:51
 
==================== End Of Log ============================


#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 16 May 2015 - 07:10 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-165406014-2875721840-1828221187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/O1DPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#12 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 16 May 2015 - 07:34 PM

Computer seems to be running pretty well, now, but I haven't had the chance to put it through the paces yet.

 

Thanks much for your help!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-05-2015 02
Ran by Jon at 2015-05-16 14:00:17 Run:1
Running from C:\Kerry-tts
Loaded Profiles: Jon & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & SQLSERVERAGENT & MSSQLSERVER (Available profiles: Jon & Katie & MsDtsServer110 & MSSQLServerOLAPService & ReportServer & SQLSERVERAGENT & MSSQLSERVER & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User: Group Policy restriction detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
URLSearchHook: [S-1-5-80-1770670200-1234090253-3451813168-4041049723-2370973757] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2872255330-672591203-888807865-2791174282-1554802921] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-2885764129-887777008-271615777-1616004480-2722851051] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-344959196-2060754871-2302487193-2804545603-1466107430] ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: [S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKU\S-1-5-21-165406014-2875721840-1828221187-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @talk.google.com/O1DPlugin -> C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin HKU\S-1-5-21-165406014-2875721840-1828221187-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Windows\system32\GroupPolicyUsers\S-1-5-21-165406014-2875721840-1828221187-1001\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
Error setting Default URLSearchHook.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => Key deleted successfully.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin" => Key deleted successfully.
C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll not found.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\MozillaPlugins\@talk.google.com/O1DPlugin" => Key deleted successfully.
C:\Users\Jon\AppData\Roaming\Mozilla\plugins\npo1d.dll not found.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=3" => Key deleted successfully.
C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\Software\MozillaPlugins\@tools.google.com/Google Update;version=9" => Key deleted successfully.
C:\Users\Jon\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll not found.
"HKLM\SOFTWARE\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => Key deleted successfully.
"HKU\S-1-5-21-165406014-2875721840-1828221187-1001\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hdokiejnpimakedhajhdlcegeplioahd" => Key deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 14:21:50 ====


#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 17 May 2015 - 07:24 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#14 CoastalData

CoastalData
  • Topic Starter

  • Members
  • 79 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 19 May 2015 - 12:10 PM

Thanks for your help, system is great!

 

--Jon



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,902 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:14 AM

Posted 19 May 2015 - 12:33 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users