Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I don't know what it is other than BAD


  • This topic is locked This topic is locked
50 replies to this topic

#1 catgeo

catgeo

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 16 September 2015 - 10:14 PM

Windows recently installed several automatic updates on my computer. On Monday afternoon, I kept getting a popup about activating some Microsoft file. In hindsight, I should have actually read what it said. I clicked 'no' 9-10 times, but during a rush moment I pressed 'yes' and it has been downhill ever since that time. It started slowly, but problems quickly mounted until I could no longer execute any programs nor restore from the boot disk. I have attached the Farbar  64 Scan File test:

can result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by SYSTEM on MININT-DGUNJC0 (16-09-2015 22:58:06)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [617120 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [DCHostUI] => C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe [366592 2011-03-31] (Atheros Communication)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [4775176 2010-12-10] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [830488 2015-09-14] (Webroot)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-08-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Cathy\...\Run: [WorkForce 435(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\Cathy\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-12-28] (Samsung Electronics Co., Ltd.)
HKU\Cathy\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-13] (Samsung)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File
AppInit_DLLs:  C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk [2015-03-14]
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros)
S3 DCDhcpService; C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [100352 2011-03-31] (Atheros Communication Inc.)
S2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
S2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-05-10] (FileZilla Project)
S2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-04-12] (Cloud Engines, Inc.)
S2 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [830488 2015-09-14] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [19968 2010-12-20] (Danish Wireless Design A/S)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-25] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-28] ()
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-01] (MediaMall Technologies, Inc.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2015-09-14] (Webroot)
S3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-04-12] (Cloud Engines, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-16 22:58 - 2015-09-16 22:58 - 00000000 ____D C:\FRST
2015-09-16 17:32 - 2015-09-16 18:38 - 00080836 _____ C:\Windows\WindowsUpdate.log
2015-09-16 17:29 - 2015-09-16 18:09 - 00000168 _____ C:\Windows\setupact.log
2015-09-16 17:29 - 2015-09-16 17:29 - 00000000 _____ C:\Windows\setuperr.log
2015-09-15 18:29 - 2015-09-15 18:29 - 00006382 _____ C:\Users\Cathy\Downloads\NikonUsbScanners64.zip
2015-09-15 18:27 - 2015-09-15 18:27 - 09482592 _____ (Hamrick Software) C:\Users\Cathy\Downloads\vuex6495.exe
2015-09-15 18:27 - 2015-09-15 18:27 - 00000981 _____ C:\Users\Public\Desktop\VueScan x64.lnk
2015-09-15 18:27 - 2015-09-15 18:27 - 00000000 ____D C:\Windows\twain_64
2015-09-15 18:27 - 2015-09-15 18:27 - 00000000 ____D C:\Program Files\VueScan
2015-09-15 18:10 - 2015-09-15 18:10 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-09-15 18:10 - 2015-09-15 18:10 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-09-15 17:20 - 2015-09-15 17:20 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D3A8DC3A-355B-4EDD-A078-487E2655F96B}
2015-09-14 13:39 - 2015-09-14 16:11 - 00000000 ____D C:\Users\Cathy\Desktop\yoshi mountain vid
2015-09-14 08:54 - 2015-09-14 12:46 - 00000000 ____D C:\Users\Cathy\Documents\ArcheoFair
2015-09-14 06:30 - 2015-09-14 09:10 - 00000000 ____D C:\Users\Cathy\AppData\Local\Mozilla Firefox
2015-09-14 06:04 - 2015-08-17 17:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-09-14 06:04 - 2015-08-17 17:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-14 06:04 - 2015-08-14 22:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-09-14 06:04 - 2015-08-14 22:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-09-14 06:04 - 2015-08-14 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-09-14 06:04 - 2015-08-14 22:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-09-14 06:04 - 2015-08-14 22:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-09-14 06:04 - 2015-08-14 22:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-09-14 06:04 - 2015-08-14 22:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-09-14 06:04 - 2015-08-14 22:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-09-14 06:04 - 2015-08-14 22:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-14 06:04 - 2015-08-14 22:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-09-14 06:04 - 2015-08-14 22:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-09-14 06:04 - 2015-08-14 22:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-09-14 06:04 - 2015-08-14 21:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-14 06:04 - 2015-08-14 21:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-14 06:04 - 2015-08-14 21:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-09-14 06:04 - 2015-08-14 21:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-14 06:04 - 2015-08-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-09-14 06:04 - 2015-08-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-09-14 06:04 - 2015-08-14 21:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-14 06:04 - 2015-08-14 21:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-14 06:04 - 2015-08-14 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-14 06:04 - 2015-08-14 21:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-09-14 06:04 - 2015-08-14 21:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-14 06:04 - 2015-08-14 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-14 06:04 - 2015-08-14 21:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-14 06:04 - 2015-08-14 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-14 06:04 - 2015-08-14 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-14 06:04 - 2015-08-14 21:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-14 06:04 - 2015-08-14 21:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-09-14 06:04 - 2015-08-14 21:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-09-14 06:04 - 2015-08-14 21:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-09-14 06:04 - 2015-08-14 21:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-09-14 06:04 - 2015-08-14 21:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-14 06:04 - 2015-08-14 21:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-09-14 06:04 - 2015-08-14 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-14 06:04 - 2015-08-14 21:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-14 06:04 - 2015-08-14 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-14 06:04 - 2015-08-14 21:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-14 06:04 - 2015-08-14 21:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-14 06:04 - 2015-08-14 21:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-09-14 06:04 - 2015-08-14 21:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-14 06:04 - 2015-08-14 21:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-14 06:04 - 2015-08-14 21:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-14 06:04 - 2015-08-14 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-14 06:04 - 2015-08-14 20:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-09-14 06:04 - 2015-08-14 20:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-14 06:04 - 2015-08-14 20:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-09-14 06:04 - 2015-08-14 20:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-14 06:04 - 2015-08-14 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-09-14 06:04 - 2015-08-05 09:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-14 06:04 - 2015-07-14 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-09-14 06:04 - 2015-07-14 18:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-14 06:04 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2015-09-14 06:04 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\dwmapi.dll
2015-09-14 06:04 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-14 06:04 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-14 06:03 - 2015-07-22 16:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-09-14 06:03 - 2015-07-22 16:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-09-14 06:03 - 2015-07-22 16:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-09-14 06:03 - 2015-07-22 16:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-09-14 06:03 - 2015-07-22 16:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-09-14 06:03 - 2015-07-22 16:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-09-14 06:03 - 2015-07-22 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-09-14 06:03 - 2015-07-22 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-09-14 06:03 - 2015-07-22 16:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-09-14 06:03 - 2015-07-22 15:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-09-14 06:03 - 2015-07-22 15:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-09-14 06:03 - 2015-07-22 09:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-14 06:03 - 2015-07-22 09:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-14 06:03 - 2015-07-22 09:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-14 06:03 - 2015-07-22 09:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-14 06:03 - 2015-07-22 09:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-14 06:03 - 2015-07-22 09:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-14 06:03 - 2015-07-22 09:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-09-14 06:03 - 2015-07-22 08:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-09-14 06:03 - 2015-07-22 08:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-09-14 06:03 - 2015-07-22 08:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-09-14 06:03 - 2015-07-22 08:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-14 06:03 - 2015-07-22 08:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-14 06:03 - 2015-07-22 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-14 06:03 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2015-09-14 06:03 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-09-14 06:03 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2015-09-14 06:03 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-14 06:02 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-09-14 06:02 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-09-14 06:02 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-09-14 06:02 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-09-14 06:02 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-14 06:02 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-14 06:02 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-14 06:02 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-14 06:02 - 2015-08-04 10:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-09-14 06:02 - 2015-08-04 10:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-09-14 06:02 - 2015-08-04 09:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-09-14 06:02 - 2015-08-04 09:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-09-14 06:02 - 2015-08-04 09:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-09-14 06:02 - 2015-08-04 09:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-09-14 06:02 - 2015-08-04 09:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-09-14 06:02 - 2015-08-04 09:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-14 06:02 - 2015-08-04 08:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-09-14 06:01 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-14 06:01 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-14 06:01 - 2015-09-01 17:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-09-14 06:01 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-09-14 06:01 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-09-14 06:01 - 2015-08-26 10:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-09-14 06:01 - 2015-08-26 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-09-14 06:01 - 2015-08-26 10:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-09-14 06:01 - 2015-08-26 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-14 06:01 - 2015-08-26 09:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-14 05:42 - 2015-09-14 05:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\{2F7D611B-7AE3-421C-85DF-9809036986E0}
2015-09-02 17:33 - 2015-09-02 17:33 - 00473979 _____ C:\Users\Cathy\Documents\Presentation1.pptx
2015-09-02 16:45 - 2015-09-02 16:45 - 00000000 ____D C:\Users\Cathy\AppData\Local\{45285D20-E445-43F9-A10C-F91AFAA13E67}
2015-09-02 14:47 - 2015-09-02 14:48 - 00000000 ___HD C:\$Windows.~BT
2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F599D21E-CA63-46DC-880F-9A7CC0FDCFDC}
2015-09-01 14:50 - 2015-09-01 15:02 - 883956638 _____ C:\Users\Cathy\Documents\clip0043.avi
2015-09-01 14:25 - 2015-09-01 14:25 - 00001863 _____ C:\Users\Public\Desktop\ooVoo.lnk
2015-09-01 14:25 - 2015-09-01 14:25 - 00000000 ____D C:\Users\Cathy\AppData\Roaming\ooVoo Details
2015-09-01 14:25 - 2015-09-01 14:25 - 00000000 ____D C:\Program Files (x86)\ooVoo
2015-09-01 14:24 - 2015-09-01 14:24 - 02388000 _____ (ooVoo LLC) C:\Users\Cathy\Downloads\ooVooSetup.exe
2015-09-01 14:08 - 2015-09-01 14:09 - 07416552 _____ C:\Users\Cathy\Downloads\OBS_0_652b_Installer.exe
2015-08-31 17:24 - 2015-08-31 17:24 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B0291150-956C-4250-A765-5FFC5043D607}
2015-08-30 13:04 - 2015-08-30 13:04 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1A34E318-439C-4194-AB11-D3455206A6B7}
2015-08-25 12:09 - 2015-08-25 12:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{924153D6-2D72-4C0F-88B8-B3396810E288}
2015-08-24 15:03 - 2015-08-24 15:03 - 00000000 ____D C:\Users\Cathy\AppData\Local\{111AF476-1F24-4B05-BC67-215F380BDEE1}
2015-08-22 13:54 - 2015-08-22 13:55 - 124080826 _____ C:\Users\Cathy\Documents\clip0042.avi
2015-08-22 10:19 - 2015-08-22 10:19 - 00000000 ____D C:\Users\Cathy\AppData\Local\{3CC49664-788E-4819-8560-582FB42BB0A0}
2015-08-20 13:50 - 2015-08-20 13:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9D1ADCDF-A3D2-484F-BFE1-A802C2EEE76C}
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-16 18:25 - 2009-07-13 20:45 - 00027936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-16 18:25 - 2009-07-13 20:45 - 00027936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-16 18:16 - 2009-07-13 21:13 - 00795858 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-16 18:14 - 2013-06-05 06:36 - 00000000 ____D C:\ProgramData\WRData
2015-09-16 18:14 - 2013-06-05 06:36 - 00000000 ____D C:\ProgramData\WRData
2015-09-16 18:10 - 2012-07-25 05:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-16 18:10 - 2012-07-06 11:37 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-16 18:10 - 2012-07-06 11:37 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-16 18:10 - 2012-07-06 11:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-09-16 18:10 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-16 14:02 - 2013-10-20 12:53 - 00000000 ____D C:\Windows\Minidump
2015-09-16 14:02 - 2012-07-25 05:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\CrashDumps
2015-09-16 13:53 - 2013-05-24 12:13 - 00000985 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-15 18:44 - 2014-08-04 12:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 17:54 - 2012-07-25 05:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 13:37 - 2009-07-13 20:45 - 00489784 _____ C:\Windows\System32\FNTCACHE.DAT
2015-09-15 13:35 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-15 13:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-14 20:38 - 2013-08-14 18:52 - 00000000 ____D C:\Windows\System32\MRT
2015-09-14 20:31 - 2012-07-24 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 20:31 - 2012-07-24 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 05:45 - 2015-04-02 14:26 - 00106944 _____ (Webroot) C:\Windows\System32\WRusr.dll
2015-09-14 05:45 - 2015-04-02 14:21 - 00168720 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-09-14 05:45 - 2015-04-02 14:21 - 00117792 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2015-09-02 17:33 - 2013-07-11 10:45 - 00000000 ___RD C:\Users\Cathy\Desktop\Pierson's desktop icons
2015-09-02 14:47 - 2012-02-27 09:09 - 00000000 ____D C:\Windows\Panther
2015-09-01 16:48 - 2015-07-29 14:30 - 00000000 ____D C:\Users\Cathy\AppData\Local\WMTools Downloaded Files
2015-09-01 16:10 - 2012-09-18 15:45 - 00063488 _____ C:\Users\Cathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-31 09:49 - 2012-07-25 05:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 09:49 - 2012-07-25 05:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 14:37 - 2012-07-24 16:16 - 134753440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 6049.09 MB
Available physical RAM: 5136.84 MB
Total Virtual: 6047.29 MB
Available Virtual: 5142.02 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:708.99 GB) NTFS
Drive e: (W7SP1_HOMEPREMIUM) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: (SWAGGORONI) (Removable) (Total:1.87 GB) (Free:1.75 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AE977300)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: EED6777A)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2015-07-02 09:22
 
==================== End of FRST.txt ============================
 
What's going on and how do I fix it?
Thanks in advance for your time.


BC AdBot (Login to Remove)

 


#2 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 18 September 2015 - 05:57 PM

Anybody have any ideas? To add, when I try to run malware bytes off USB from command prompt, I get the following message:
The subsystem needed to support the image type is not present

Thanks

#3 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 19 September 2015 - 11:58 AM

Hi catgeo :)
 
Welcome back to the malware removal forum. My name is polsakamcihna. I will be helping you with your malware problems. What follows are some ground rules for this forum I will send you a reply as soon as possible (typically within 24-48 hours). In turn, I ask that you please respond within 72 hours. If you know you will be away longer than that, please let me know. I am in California at GMT-7 hours (Pacific Standard Time). If I do not respond to you within 48 hours, feel free to send me a private message.

Some points for you to keep in mind:

  • Do NOT run any tools unless instructed to do so.
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Do not attach logs or use code boxes, just copy and paste the text.
  • I cannot see your computer. Periodically update me on the condition of your computer, and provide as much detail as you can in every post.
  • Once things seem to be working again, please do not abandon the thread. I will give an "all-clean" message at the very end.
  • NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planned. You can put them on a CD/DVD, external drive or a flash drive, anywhere except on the computer.
  • NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. Please remember to copy the entire post so you do not miss any instructions.

Regarding your FRST scan, do you remember seeing an second text log appear named addition.txt? It should have been saved to your external drive after your scan. It would be located in F:FRST\Logs\Addition with the date and time embedded in the file name. Please copy and paste this log into your next reply to me. If you cannot find it:

  • Rerun FRST.
  • When the window pops up waiting for your response, check the box that says, Addition.txt
  • Click on  Scan.
  • When the scan has completed, the FRST and addition logs will pop up. Please copy and paste the addition.txt log into your next reply to me.

Also, can you please tell me what you are able to do? Can you boot to normal mode? Or at least safe mode? Do you see your desktop icons?
 

Let me know if you have any questions about running the FRST scan.

 

polskamachina



#4 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 19 September 2015 - 05:31 PM

Hello polskamachina,
I can boot to normal and safe mode and see all program icons. If I try to execute anything (double click or through command box under start button) the graphics get altered, but nothing opens. I am not sure how to describe it, but images get moved with blacked out areas. Also, task manager has no applications running, but the processes are very active and in constant flux. If I end one thing, it seems like 5 more start and they are memory intensive. Also, I have noticed that if I do boot to normal mode, when I shut down, a few website pages will quickly flash up on the screen and disappear. I can't tell what internet program is being used because they just look like full page advertisements with no headers/toolbars.
I am having trouble with FRST. I am running the 64 bit version and the addition.txt option is not present. I tried re-downloading the 64 bit, but that option was not there and the 32 bit will not run (subsystem need to support the image type not present) like all other malware removal tools.
Please advise as to how to proceed.
Thanks!!!!


Edited by catgeo, 19 September 2015 - 05:48 PM.


#5 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 19 September 2015 - 05:39 PM

I have attached the most recent FRST.txt file with all available options checked. I think the problem is that I am not able to execute the program from Normal or Safe Mode. I am getting to the command prompt through the Windows Repair Disk.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:15-09-2015
Ran by SYSTEM on MININT-DI2NKJM (19-09-2015 18:18:27)
Running from F:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery
Default: ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7214696 2011-05-25] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [617120 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [379552 2011-03-31] (Atheros Commnucations)
HKLM\...\Run: [DCHostUI] => C:\Program Files (x86)\Atheros Direct Connect\P2PUIMain.exe [366592 2011-03-31] (Atheros Communication)
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [4775176 2010-12-10] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-28] (Adobe Systems Incorporated)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [RoxWatchTray] => C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [Desktop Disc Tool] => C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [DELLOSD] => C:\Program Files (x86)\DELL\DELLOSD\FastUserSwitching.exe [49152 2010-12-06] ()
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [NPSStartup] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310064 2014-06-13] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [830488 2015-09-14] (Webroot)
HKLM-x32\...\Run: [Intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [3775800 2014-08-18] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087264 2014-09-11] (Wondershare)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\Cathy\...\Run: [WorkForce 435(Network)] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHRA.EXE [232448 2011-01-20] (SEIKO EPSON CORPORATION)
HKU\Cathy\...\Run: [AutoStartNPSAgent] => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe [95576 2010-12-28] (Samsung Electronics Co., Ltd.)
HKU\Cathy\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1563440 2014-06-13] (Samsung)
AppInit_DLLs: C:\PROGRA~2\Linkey\IEEXTE~1\iedll64.dll => No File
AppInit_DLLs:  C:\PROGRA~2\SETTIN~1\systemk\x64\syskldr.dll => No File
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk [2015-03-14]
ShortcutTarget: Uninstall Webroot RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 Apache2.4; C:\xampp\apache\bin\httpd.exe [22016 2012-08-18] (Apache Software Foundation)
S2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe [135168 2011-02-16] (Atheros)
S3 DCDhcpService; C:\Program Files (x86)\Atheros Direct Connect\DCDhcpService.exe [100352 2011-03-31] (Atheros Communication Inc.)
S2 Dell WMI Service; C:\Program Files (x86)\DELL\DELLOSD\DellOSDService.exe [98304 2011-05-27] ()
S2 FileZillaServer; C:\xampp\filezillaftp\filezillaserver.exe [632320 2012-05-10] (FileZilla Project)
S2 HBAdmin; C:\Program Files (x86)\PogoplugPC\HBADMIN.EXE [903456 2013-04-12] (Cloud Engines, Inc.)
S2 mysql; C:\xampp\mysql\bin\mysqld.exe [8186368 2012-07-20] ()
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 WRSVC; C:\Program Files\Webroot\WRSA.exe [830488 2015-09-14] (Webroot)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
S3 FlashUSB; C:\Windows\System32\DRIVERS\FlashUSB_x64.sys [19968 2010-12-20] (Danish Wireless Design A/S)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [39504 2013-04-11] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-05-25] (GFI Software)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-05-28] ()
S3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2012-11-01] (MediaMall Technologies, Inc.)
S0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117792 2015-09-14] (Webroot)
S3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39712 2013-04-12] (Cloud Engines, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S0 SR; no ImagePath
S2 srservice; no ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\Drivers\ssadadb.sys 4DE0D5D747A73797C95A97DCCE5018B5
C:\Windows\system32\drivers\appid.sys A0711D119BA4B48A1470C768D301013E
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\btath_flt.sys CBE61B4494165F458BD87E37181EE934
C:\Windows\System32\DRIVERS\athrx.sys 80D6820DDB5427363A9D3F2137441C83
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\drivers\btath_a2dp.sys FE70889A85C57A9268101B2DB0474509
C:\Windows\System32\DRIVERS\btath_bus.sys A83A91D07D1FE6BBE7A9DB46CA00434B
C:\Windows\System32\DRIVERS\btath_hcrp.sys C864FF85EE16D61C2BDD5EF76824625F
C:\Windows\System32\DRIVERS\btath_lwflt.sys 0DEA505EFB5D771826D177EF8B8A208F
C:\Windows\System32\DRIVERS\btath_rcp.sys 724C8088C96EFE7A3E63FEC21D4681C0
C:\Windows\System32\DRIVERS\btfilter.sys 6A3F70DC8789278BAF1165E3DA4D2C8E
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys 404B7DF9CA4D1CB675045AF220FF3285
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 27667A788130A7F7A5858DE27572E6D7
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 1E0F456A03E204F92D24437CD907A512
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlashUSB_x64.sys 9BE8AAEA071CB5666A1FE297E5588E71
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\gfiark.sys 9F5E8645FECD68C0ECC374F5A4AE068A
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\hitmanpro37.sys 6B415E7AE774B9118360F559F627468E
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys F61634BEC53F73702A10DE69F6DCAF57
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys D7921D5A870B11CC1ADAB198A519D50A
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys 371D7F91C0D2314EB984A4A6CBEABC92
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 230836EEFCE6D6DE9947384FC5B3FAC0
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\itecir.sys 8D990A44B4F2B68E2C56A3724EC3EB84
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys A405647429DE231CD954D93F792CFBA2
C:\Windows\System32\Drivers\ksecpkg.sys E4DC0909B5EACB5BF50F6252095BCFF2
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys 67050452C0118BAF2883928E6FCCFE47
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys AE3334958D8F631FF14A0AEB3D7EFB3A
C:\Windows\System32\DRIVERS\mrxsmb.sys 43E1F4B0EFDC244D2A83995CCD7846F7
C:\Windows\System32\DRIVERS\mrxsmb10.sys 62CEA59FF56B66154E08BD51D87392C2
C:\Windows\System32\DRIVERS\mrxsmb20.sys 7D65B5E9573A26C204AA547457DBF544
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\System32\drivers\povrtdev.sys C83829C280F0207677B7AAA151EF9C4D
C:\Windows\System32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\system32\drivers\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\System32\DRIVERS\nvlddmkm.sys 75E1C886976F75D2280BF918C0A5FED1
C:\Windows\System32\DRIVERS\nvpciflt.sys 0E2F2E6CB74D9E6016FE081B78C3B360
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ED6E75158D28D33A2E2A020AC5B2B59D
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys CE0A1D8A59410E698140821E4E69DA0D
C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\silabenm.sys 7799106FEE728B907A86D9C9751E02D5
C:\Windows\System32\DRIVERS\silabser.sys 300ACF1ABD7A8E6D5FA553CA462226EE
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ssadbus.sys 8F8324ED1DE63FFC7B1A02CD2D963C72
C:\Windows\System32\DRIVERS\ssadmdfl.sys 58221EFCB74167B73667F0024C661CE0
C:\Windows\System32\DRIVERS\ssadmdm.sys 4DA7C71BFAC5AD71255B7E4CAB980163
C:\Windows\System32\DRIVERS\ssudmdm.sys F38232291F05CE25BA1C47FB51EB64CB
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys 70988118145F5F10EF24720B97F35F65
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\TFsExDisk.sys 48D9D00C2E0E72C3D4F52772C80355F6
C:\Windows\SysWOW64\Drivers\TFsExDisk.sys 48D9D00C2E0E72C3D4F52772C80355F6
C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\DRIVERS\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\System32\drivers\WRkrn.sys 5AD4D56AD0E2A1E00FC589D6C439BF8B
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xcetap0.sys 115159B0776680C39D4721D378DA4E11
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Three Months Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-16 22:58 - 2015-09-19 18:18 - 00000000 ____D C:\FRST
2015-09-16 17:32 - 2015-09-16 18:38 - 00081625 _____ C:\Windows\WindowsUpdate.log
2015-09-16 17:29 - 2015-09-19 06:03 - 00000280 _____ C:\Windows\setupact.log
2015-09-16 17:29 - 2015-09-16 17:29 - 00000000 _____ C:\Windows\setuperr.log
2015-09-15 18:29 - 2015-09-15 18:29 - 00006382 _____ C:\Users\Cathy\Downloads\NikonUsbScanners64.zip
2015-09-15 18:27 - 2015-09-15 18:27 - 09482592 _____ (Hamrick Software) C:\Users\Cathy\Downloads\vuex6495.exe
2015-09-15 18:27 - 2015-09-15 18:27 - 00000981 _____ C:\Users\Public\Desktop\VueScan x64.lnk
2015-09-15 18:27 - 2015-09-15 18:27 - 00000000 ____D C:\Windows\twain_64
2015-09-15 18:27 - 2015-09-15 18:27 - 00000000 ____D C:\Program Files\VueScan
2015-09-15 18:10 - 2015-09-15 18:10 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-09-15 18:10 - 2015-09-15 18:10 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-09-15 17:20 - 2015-09-15 17:20 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D3A8DC3A-355B-4EDD-A078-487E2655F96B}
2015-09-14 13:39 - 2015-09-14 16:11 - 00000000 ____D C:\Users\Cathy\Desktop\yoshi mountain vid
2015-09-14 08:54 - 2015-09-14 12:46 - 00000000 ____D C:\Users\Cathy\Documents\ArcheoFair
2015-09-14 06:30 - 2015-09-14 09:10 - 00000000 ____D C:\Users\Cathy\AppData\Local\Mozilla Firefox
2015-09-14 06:04 - 2015-08-17 17:42 - 00393304 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2015-09-14 06:04 - 2015-08-17 17:14 - 00344168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-09-14 06:04 - 2015-08-14 22:48 - 25190400 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-09-14 06:04 - 2015-08-14 22:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-09-14 06:04 - 2015-08-14 22:33 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2015-09-14 06:04 - 2015-08-14 22:18 - 00066560 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2015-09-14 06:04 - 2015-08-14 22:18 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 02886144 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 00585216 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2015-09-14 06:04 - 2015-08-14 22:17 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-09-14 06:04 - 2015-08-14 22:17 - 00088064 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2015-09-14 06:04 - 2015-08-14 22:10 - 00054784 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-09-14 06:04 - 2015-08-14 22:09 - 00034304 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2015-09-14 06:04 - 2015-08-14 22:06 - 19856896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-09-14 06:04 - 2015-08-14 22:06 - 00615936 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2015-09-14 06:04 - 2015-08-14 22:04 - 00144384 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2015-09-14 06:04 - 2015-08-14 22:04 - 00114688 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2015-09-14 06:04 - 2015-08-14 22:00 - 05923328 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2015-09-14 06:04 - 2015-08-14 21:57 - 00968704 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2015-09-14 06:04 - 2015-08-14 21:53 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-09-14 06:04 - 2015-08-14 21:53 - 00490496 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-09-14 06:04 - 2015-08-14 21:46 - 00077824 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-09-14 06:04 - 2015-08-14 21:42 - 00199680 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2015-09-14 06:04 - 2015-08-14 21:41 - 00092160 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-09-14 06:04 - 2015-08-14 21:40 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-09-14 06:04 - 2015-08-14 21:40 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-09-14 06:04 - 2015-08-14 21:39 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-09-14 06:04 - 2015-08-14 21:39 - 00316928 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-09-14 06:04 - 2015-08-14 21:39 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-09-14 06:04 - 2015-08-14 21:38 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-09-14 06:04 - 2015-08-14 21:35 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-09-14 06:04 - 2015-08-14 21:33 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-09-14 06:04 - 2015-08-14 21:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-09-14 06:04 - 2015-08-14 21:30 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-09-14 06:04 - 2015-08-14 21:29 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-09-14 06:04 - 2015-08-14 21:24 - 00720384 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2015-09-14 06:04 - 2015-08-14 21:23 - 00801280 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-09-14 06:04 - 2015-08-14 21:22 - 02126336 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-09-14 06:04 - 2015-08-14 21:22 - 01359360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2015-09-14 06:04 - 2015-08-14 21:21 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-09-14 06:04 - 2015-08-14 21:16 - 14451712 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-09-14 06:04 - 2015-08-14 21:16 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-14 06:04 - 2015-08-14 21:14 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-09-14 06:04 - 2015-08-14 21:12 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-09-14 06:04 - 2015-08-14 21:11 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-09-14 06:04 - 2015-08-14 21:10 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-09-14 06:04 - 2015-08-14 21:07 - 02427392 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-09-14 06:04 - 2015-08-14 21:04 - 12857344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-09-14 06:04 - 2015-08-14 21:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-09-14 06:04 - 2015-08-14 21:01 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-09-14 06:04 - 2015-08-14 21:01 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-09-14 06:04 - 2015-08-14 20:55 - 01545728 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-09-14 06:04 - 2015-08-14 20:43 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-09-14 06:04 - 2015-08-14 20:43 - 00800768 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-09-14 06:04 - 2015-08-14 20:39 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-09-14 06:04 - 2015-08-14 20:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 01110016 _____ (Microsoft Corporation) C:\Windows\System32\schedsvc.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 00275456 _____ (Microsoft Corporation) C:\Windows\System32\InkEd.dll
2015-09-14 06:04 - 2015-08-05 09:56 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\jnwmon.dll
2015-09-14 06:04 - 2015-08-05 09:40 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-09-14 06:04 - 2015-07-14 19:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2015-09-14 06:04 - 2015-07-14 18:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-09-14 06:04 - 2015-07-09 09:58 - 01632256 _____ (Microsoft Corporation) C:\Windows\System32\dwmcore.dll
2015-09-14 06:04 - 2015-07-09 09:58 - 00082944 _____ (Microsoft Corporation) C:\Windows\System32\dwmapi.dll
2015-09-14 06:04 - 2015-07-09 09:42 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-09-14 06:04 - 2015-07-09 09:42 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-09-14 06:03 - 2015-07-22 16:06 - 05568960 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2015-09-14 06:03 - 2015-07-22 16:06 - 00155584 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2015-09-14 06:03 - 2015-07-22 16:06 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-09-14 06:03 - 2015-07-22 16:03 - 01730496 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00362496 _____ (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00243712 _____ (Microsoft Corporation) C:\Windows\System32\wow64.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00215040 _____ (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2015-09-14 06:03 - 2015-07-22 16:03 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01390592 _____ (Microsoft Corporation) C:\Windows\System32\diagtrack.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01216512 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\tdh.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\System32\advapi32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00342016 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00309760 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe
2015-09-14 06:03 - 2015-07-22 16:02 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2015-09-14 06:03 - 2015-07-22 16:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\cryptbase.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00043520 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2015-09-14 06:03 - 2015-07-22 16:02 - 00016384 _____ (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2015-09-14 06:03 - 2015-07-22 16:01 - 00338432 _____ (Microsoft Corporation) C:\Windows\System32\conhost.exe
2015-09-14 06:03 - 2015-07-22 16:01 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe
2015-09-14 06:03 - 2015-07-22 16:01 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2015-09-14 06:03 - 2015-07-22 15:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll
2015-09-14 06:03 - 2015-07-22 15:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00006656 _____ (Microsoft Corporation) C:\Windows\System32\apisetschema.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00006144 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00005120 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004608 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:52 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 15:51 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll
2015-09-14 06:03 - 2015-07-22 09:57 - 03989952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-09-14 06:03 - 2015-07-22 09:57 - 03934656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-09-14 06:03 - 2015-07-22 09:54 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-09-14 06:03 - 2015-07-22 09:53 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-09-14 06:03 - 2015-07-22 09:52 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-09-14 06:03 - 2015-07-22 09:52 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-09-14 06:03 - 2015-07-22 09:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-09-14 06:03 - 2015-07-22 09:47 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-09-14 06:03 - 2015-07-22 09:46 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 09:42 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\UtcResources.dll
2015-09-14 06:03 - 2015-07-22 08:45 - 00159232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb.sys
2015-09-14 06:03 - 2015-07-22 08:44 - 00290816 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb10.sys
2015-09-14 06:03 - 2015-07-22 08:44 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mrxsmb20.sys
2015-09-14 06:03 - 2015-07-22 08:34 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-09-14 06:03 - 2015-07-22 08:34 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-09-14 06:03 - 2015-07-22 08:31 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-14 06:03 - 2015-07-22 08:31 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-14 06:03 - 2015-06-25 02:06 - 00115136 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2015-09-14 06:03 - 2015-06-25 02:01 - 01941504 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2015-09-14 06:03 - 2015-06-25 02:01 - 00070656 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2015-09-14 06:03 - 2015-06-25 01:44 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-09-14 06:02 - 2015-08-27 10:18 - 02004480 _____ (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2015-09-14 06:02 - 2015-08-27 10:18 - 01887232 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2015-09-14 06:02 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml6r.dll
2015-09-14 06:02 - 2015-08-27 10:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2015-09-14 06:02 - 2015-08-27 09:58 - 01391104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-09-14 06:02 - 2015-08-27 09:58 - 01241088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-09-14 06:02 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-09-14 06:02 - 2015-08-27 09:51 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-09-14 06:02 - 2015-08-04 10:03 - 00692672 _____ (Microsoft Corporation) C:\Windows\System32\winload.efi
2015-09-14 06:02 - 2015-08-04 10:00 - 00616360 _____ (Microsoft Corporation) C:\Windows\System32\winresume.efi
2015-09-14 06:02 - 2015-08-04 09:56 - 00063488 _____ (Microsoft Corporation) C:\Windows\System32\setbcdlocale.dll
2015-09-14 06:02 - 2015-08-04 09:56 - 00059392 _____ (Microsoft Corporation) C:\Windows\System32\appidapi.dll
2015-09-14 06:02 - 2015-08-04 09:56 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\appidsvc.dll
2015-09-14 06:02 - 2015-08-04 09:55 - 00147456 _____ (Microsoft Corporation) C:\Windows\System32\appidpolicyconverter.exe
2015-09-14 06:02 - 2015-08-04 09:55 - 00017920 _____ (Microsoft Corporation) C:\Windows\System32\appidcertstorecheck.exe
2015-09-14 06:02 - 2015-08-04 09:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-09-14 06:02 - 2015-08-04 08:58 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\appid.sys
2015-09-14 06:01 - 2015-09-01 19:04 - 00100864 _____ (Microsoft Corporation) C:\Windows\System32\fontsub.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00046080 _____ (Adobe Systems) C:\Windows\System32\atmlib.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\lpk.dll
2015-09-14 06:01 - 2015-09-01 19:04 - 00014336 _____ (Microsoft Corporation) C:\Windows\System32\dciman32.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-09-14 06:01 - 2015-09-01 18:48 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-09-14 06:01 - 2015-09-01 18:47 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-09-14 06:01 - 2015-09-01 17:51 - 03209216 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-09-14 06:01 - 2015-09-01 17:47 - 00372736 _____ (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2015-09-14 06:01 - 2015-09-01 17:33 - 00299520 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 03165696 _____ (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 02606080 _____ (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00192000 _____ (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00098304 _____ (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\wups2.dll
2015-09-14 06:01 - 2015-08-26 10:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\System32\wups.dll
2015-09-14 06:01 - 2015-08-26 10:06 - 00139776 _____ (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2015-09-14 06:01 - 2015-08-26 10:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\System32\WinSetupUI.dll
2015-09-14 06:01 - 2015-08-26 10:06 - 00037376 _____ (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2015-09-14 06:01 - 2015-08-26 10:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\System32\wu.upgrade.ps.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-09-14 06:01 - 2015-08-26 09:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-09-14 06:01 - 2015-08-26 09:55 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-09-14 05:42 - 2015-09-14 05:43 - 00000000 ____D C:\Users\Cathy\AppData\Local\{2F7D611B-7AE3-421C-85DF-9809036986E0}
2015-09-02 17:33 - 2015-09-02 17:33 - 00473979 _____ C:\Users\Cathy\Documents\Presentation1.pptx
2015-09-02 16:45 - 2015-09-02 16:45 - 00000000 ____D C:\Users\Cathy\AppData\Local\{45285D20-E445-43F9-A10C-F91AFAA13E67}
2015-09-02 14:47 - 2015-09-02 14:48 - 00000000 ___HD C:\$Windows.~BT
2015-09-01 17:55 - 2015-09-01 17:55 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F599D21E-CA63-46DC-880F-9A7CC0FDCFDC}
2015-09-01 14:50 - 2015-09-01 15:02 - 883956638 _____ C:\Users\Cathy\Documents\clip0043.avi
2015-09-01 14:25 - 2015-09-01 14:25 - 00001863 _____ C:\Users\Public\Desktop\ooVoo.lnk
2015-09-01 14:25 - 2015-09-01 14:25 - 00000000 ____D C:\Users\Cathy\AppData\Roaming\ooVoo Details
2015-09-01 14:25 - 2015-09-01 14:25 - 00000000 ____D C:\Program Files (x86)\ooVoo
2015-09-01 14:24 - 2015-09-01 14:24 - 02388000 _____ (ooVoo LLC) C:\Users\Cathy\Downloads\ooVooSetup.exe
2015-09-01 14:08 - 2015-09-01 14:09 - 07416552 _____ C:\Users\Cathy\Downloads\OBS_0_652b_Installer.exe
2015-08-31 17:24 - 2015-08-31 17:24 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B0291150-956C-4250-A765-5FFC5043D607}
2015-08-30 13:04 - 2015-08-30 13:04 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1A34E318-439C-4194-AB11-D3455206A6B7}
2015-08-25 12:09 - 2015-08-25 12:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{924153D6-2D72-4C0F-88B8-B3396810E288}
2015-08-24 15:03 - 2015-08-24 15:03 - 00000000 ____D C:\Users\Cathy\AppData\Local\{111AF476-1F24-4B05-BC67-215F380BDEE1}
2015-08-22 13:54 - 2015-08-22 13:55 - 124080826 _____ C:\Users\Cathy\Documents\clip0042.avi
2015-08-22 10:19 - 2015-08-22 10:19 - 00000000 ____D C:\Users\Cathy\AppData\Local\{3CC49664-788E-4819-8560-582FB42BB0A0}
2015-08-20 13:50 - 2015-08-20 13:50 - 00000000 ____D C:\Users\Cathy\AppData\Local\{9D1ADCDF-A3D2-484F-BFE1-A802C2EEE76C}
2015-08-11 22:53 - 2015-07-30 05:13 - 00124624 _____ (Microsoft Corporation) C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 22:53 - 2015-07-30 05:13 - 00103120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-11 12:59 - 2015-07-28 12:09 - 00017344 _____ (Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
2015-08-11 12:59 - 2015-07-28 12:05 - 01116672 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2015-08-11 12:59 - 2015-07-28 12:05 - 00774656 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2015-08-11 12:59 - 2015-07-28 12:05 - 00743424 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2015-08-11 12:59 - 2015-07-28 12:05 - 00437760 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2015-08-11 12:59 - 2015-07-28 12:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2015-08-11 12:59 - 2015-07-28 12:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\acmigration.dll
2015-08-11 12:59 - 2015-07-28 11:55 - 01148416 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2015-08-11 12:59 - 2015-07-15 10:10 - 01743360 _____ (Microsoft Corporation) C:\Windows\System32\sysmain.dll
2015-08-11 12:58 - 2015-07-15 10:15 - 00094656 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\mountmgr.sys
2015-08-11 12:58 - 2015-07-15 10:10 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msmmsp.dll
2015-08-11 12:58 - 2015-07-14 19:19 - 00052736 _____ (Microsoft Corporation) C:\Windows\System32\basesrv.dll
2015-08-11 12:58 - 2015-07-10 09:51 - 03722752 _____ (Microsoft Corporation) C:\Windows\System32\mstscax.dll
2015-08-11 12:58 - 2015-07-10 09:51 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\aaclient.dll
2015-08-11 12:58 - 2015-07-10 09:51 - 00044032 _____ (Microsoft Corporation) C:\Windows\System32\tsgqec.dll
2015-08-11 12:58 - 2015-07-10 09:34 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-11 12:58 - 2015-07-10 09:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-11 12:58 - 2015-07-10 09:33 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-08-11 12:57 - 2015-07-01 12:49 - 00260096 _____ (Microsoft Corporation) C:\Windows\System32\WebClnt.dll
2015-08-11 12:57 - 2015-07-01 12:48 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\davclnt.dll
2015-08-11 12:57 - 2015-07-01 12:30 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-08-11 12:57 - 2015-07-01 12:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-08-11 12:52 - 2015-07-30 10:06 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2015-08-11 12:52 - 2015-07-30 10:06 - 01648128 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2015-08-11 12:52 - 2015-07-30 10:06 - 01180160 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2015-08-11 12:52 - 2015-07-30 09:57 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-08-11 12:52 - 2015-07-30 09:57 - 01251328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-11 12:52 - 2015-07-10 09:51 - 14177280 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2015-08-11 12:52 - 2015-07-10 09:34 - 12875776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-11 12:52 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\System32\notepad.exe
2015-08-11 12:52 - 2015-07-09 09:57 - 00193536 _____ (Microsoft Corporation) C:\Windows\notepad.exe
2015-08-11 12:52 - 2015-07-09 09:42 - 00179712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
2015-08-11 12:52 - 2015-05-09 10:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-08-09 12:36 - 2015-08-09 12:40 - 1304425262 _____ C:\Users\Cathy\Documents\clip0041.avi
2015-08-09 12:29 - 2015-08-09 12:29 - 92686324 _____ C:\Users\Cathy\Documents\clip0040.avi
2015-08-09 12:28 - 2015-08-09 12:28 - 02710862 _____ C:\Users\Cathy\Documents\clip0039.avi
2015-08-09 12:27 - 2015-08-09 12:27 - 04388032 _____ C:\Users\Cathy\Documents\clip0038.avi
2015-08-09 12:25 - 2015-08-09 12:26 - 173413750 _____ C:\Users\Cathy\Documents\clip0037.avi
2015-08-09 12:21 - 2015-08-09 12:21 - 26501124 _____ C:\Users\Cathy\Documents\clip0036.avi
2015-08-09 12:19 - 2015-08-09 12:19 - 164935168 _____ C:\Users\Cathy\Documents\clip0035.avi
2015-08-09 12:16 - 2015-08-09 12:16 - 108536442 _____ C:\Users\Cathy\Documents\clip0034.avi
2015-08-09 12:15 - 2015-08-09 12:15 - 24431432 _____ C:\Users\Cathy\Documents\clip0033.avi
2015-08-09 12:03 - 2015-08-09 12:03 - 22352810 _____ C:\Users\Cathy\Documents\clip0032.avi
2015-08-09 12:01 - 2015-08-09 12:01 - 22605300 _____ C:\Users\Cathy\Documents\clip0031.avi
2015-08-09 11:57 - 2015-08-09 11:57 - 34283690 _____ C:\Users\Cathy\Documents\clip0030.avi
2015-08-09 11:52 - 2015-08-09 11:52 - 16585478 _____ C:\Users\Cathy\Documents\clip0029.avi
2015-08-09 11:52 - 2015-08-09 11:52 - 08971070 _____ C:\Users\Cathy\Documents\clip0028.avi
2015-08-09 11:50 - 2015-08-09 11:50 - 87581034 _____ C:\Users\Cathy\Documents\clip0027.avi
2015-08-09 11:47 - 2015-08-09 11:47 - 29240336 _____ C:\Users\Cathy\Documents\clip0026.avi
2015-08-09 11:41 - 2015-08-09 11:41 - 17884642 _____ C:\Users\Cathy\Documents\clip0025.avi
2015-08-09 11:38 - 2015-08-09 11:38 - 45263570 _____ C:\Users\Cathy\Documents\clip0024.avi
2015-08-09 11:33 - 2015-08-09 11:33 - 28062486 _____ C:\Users\Cathy\Documents\clip0023.avi
2015-08-09 11:30 - 2015-08-09 11:30 - 28074526 _____ C:\Users\Cathy\Documents\clip0022.avi
2015-08-09 11:22 - 2015-08-09 11:22 - 08593296 _____ C:\Users\Cathy\Documents\clip0021.avi
2015-08-09 11:21 - 2015-08-09 11:21 - 00251074 _____ C:\Users\Cathy\Documents\clip0020.avi
2015-08-09 11:20 - 2015-08-09 11:20 - 06988906 _____ C:\Users\Cathy\Documents\clip0019.avi
2015-08-09 11:05 - 2015-08-09 11:05 - 00079190 _____ C:\Users\Cathy\Downloads\abba-dancing_queen.mid
2015-08-07 14:24 - 2015-08-09 16:31 - 00000000 ____D C:\Users\Cathy\Desktop\miiverse
2015-08-05 16:40 - 2015-08-05 16:40 - 00000000 ____D C:\Users\Cathy\AppData\Local\{2ECA0F1F-C87A-48D6-916D-DFAF5ACF9A3B}
2015-08-03 14:21 - 2015-08-03 14:21 - 00017360 _____ C:\Users\Cathy\Downloads\worklist201507.xlsx
2015-08-02 14:30 - 2015-08-02 14:31 - 00000000 ____D C:\Users\Cathy\AppData\Local\{64BF4BEA-CED1-43A8-85E9-E158C2D65BD3}
2015-07-31 13:40 - 2015-07-31 13:40 - 00871337 _____ C:\Users\Cathy\Downloads\reverse-rev.wmv
2015-07-31 13:38 - 2015-07-31 13:38 - 00718670 _____ C:\Users\Cathy\Downloads\reverse-rev.mov
2015-07-31 13:37 - 2015-07-31 13:37 - 01932465 _____ C:\Users\Cathy\Desktop\reverse.wmv
2015-07-31 13:32 - 2015-07-31 13:32 - 00000000 ____D C:\Users\Cathy\AppData\Local\{5088F556-A319-4976-99EF-09B9F408618B}
2015-07-30 14:18 - 2015-07-30 14:18 - 59444280 _____ C:\Users\Cathy\Documents\clip0017.avi
2015-07-30 14:18 - 2015-07-30 14:18 - 22118752 _____ C:\Users\Cathy\Documents\clip0018.avi
2015-07-30 14:16 - 2015-07-30 14:16 - 23120326 _____ C:\Users\Cathy\Documents\clip0016.avi
2015-07-30 14:06 - 2015-07-30 14:06 - 00458209 _____ C:\Users\Cathy\Downloads\clip0015-rev.wmv
2015-07-30 14:01 - 2015-07-30 14:01 - 00494595 _____ C:\Users\Cathy\Downloads\clip0015-rev (1).mp4
2015-07-30 12:41 - 2015-07-30 12:42 - 00000000 ____D C:\Users\Cathy\AppData\Local\{DB5F395D-0C34-421F-9CFD-9241AF8DD51E}
2015-07-30 12:39 - 2015-07-30 12:39 - 00829987 _____ C:\Users\Cathy\Downloads\clip0015-rev.mp4
2015-07-30 12:31 - 2015-07-30 12:31 - 10260338 _____ C:\Users\Cathy\Documents\clip0015.avi
2015-07-29 14:30 - 2015-09-01 16:48 - 00000000 ____D C:\Users\Cathy\AppData\Local\WMTools Downloaded Files
2015-07-29 14:20 - 2015-07-29 14:20 - 07357440 _____ C:\Users\Cathy\Downloads\MM26_ENU.msi
2015-07-29 14:20 - 2015-07-29 14:20 - 00000000 ____D C:\Program Files (x86)\Movie Maker 2.6
2015-07-29 14:15 - 2015-07-29 14:15 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C74FDA2D-45CD-49AF-8DA9-F633F87584B0}
2015-07-29 12:14 - 2015-07-29 12:14 - 00024214 _____ C:\Users\Cathy\Downloads\mksc_title_screen.mid
2015-07-29 12:13 - 2015-07-29 12:13 - 00029289 _____ C:\Users\Cathy\Downloads\mkds_waluigi_pinball.mid
2015-07-29 12:13 - 2015-07-29 12:13 - 00019643 _____ C:\Users\Cathy\Downloads\mkds_WFC_searching.mid
2015-07-29 12:13 - 2015-07-29 12:13 - 00002269 _____ C:\Users\Cathy\Downloads\mkds_time_trial_complete-new_record.mid
2015-07-29 12:12 - 2015-07-29 12:12 - 00035934 _____ C:\Users\Cathy\Downloads\mkds_shroom_ridge.mid
2015-07-29 12:07 - 2015-07-29 12:07 - 00009842 _____ C:\Users\Cathy\Downloads\Yoshis_Island_-_Athletic_Theme_by_Gori_Fater.mid
2015-07-28 13:16 - 2015-07-28 13:16 - 00000000 ____D C:\Users\Cathy\AppData\Local\{C5B4A69B-36E7-4756-B6B2-4282829E0B10}
2015-07-25 16:22 - 2015-07-25 16:23 - 42761104 _____ C:\Users\Cathy\Desktop\5t5.wmv
2015-07-25 16:13 - 2015-07-25 16:13 - 00000000 ____D C:\Users\Cathy\AppData\Local\{F422D21A-798E-47FF-AE28-CB9AFAF95004}
2015-07-25 16:12 - 2015-07-25 16:12 - 11892400 _____ C:\Users\Cathy\Downloads\cool 0001.mp4
2015-07-23 18:21 - 2015-07-23 18:21 - 00000000 ____D C:\Users\Cathy\AppData\Local\{E020F132-604E-48A2-A56B-2E76A9CD5F16}
2015-07-23 13:29 - 2015-07-23 13:31 - 00000022 _____ C:\Users\Cathy\Downloads\YI_Sounds.zip
2015-07-23 13:28 - 2015-07-23 13:29 - 00000022 _____ C:\Users\Cathy\Downloads\GameCube - Super Smash Bros Melee - Yoshi.zip
2015-07-23 13:10 - 2015-07-23 13:10 - 00000000 ____D C:\Users\Cathy\Desktop\Waluigi
2015-07-23 13:09 - 2015-07-23 13:09 - 00817288 _____ C:\Users\Cathy\Downloads\GameCube - Mario Kart Double Dash - Waluigi.zip
2015-07-21 14:14 - 2015-07-21 14:14 - 00000000 ____D C:\Users\Cathy\AppData\Local\{CB4ED53B-8DD5-4833-A7A6-84E7E4B14A95}
2015-07-19 12:01 - 2015-07-19 12:02 - 00000000 ____D C:\Users\Cathy\AppData\Local\{5EE271BB-7FEF-410E-A624-11F4A9255157}
2015-07-19 12:00 - 2015-07-19 12:01 - 00000000 ____D C:\Users\Cathy\AppData\Local\{CDA7E2F5-7814-4370-8176-B32E7FF56A01}
2015-07-17 16:45 - 2015-07-17 16:45 - 00000000 ____D C:\Users\Cathy\AppData\Local\{22D04093-5990-4240-A24E-7F4C2E35E6CA}
2015-07-15 16:42 - 2015-07-15 16:42 - 00000000 ____D C:\Users\Cathy\AppData\Local\{B61F16EF-BD7A-498B-A62B-5D4B0EEE1778}
2015-07-14 13:29 - 2015-07-14 13:30 - 00000000 ____D C:\Users\Cathy\AppData\Local\{283A830E-883A-46C7-92AE-9E5AABAFB40E}
2015-07-14 12:05 - 2015-06-17 09:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2015-07-14 12:05 - 2015-06-17 09:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-14 12:05 - 2015-06-01 16:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\System32\cewmdm.dll
2015-07-14 12:05 - 2015-06-01 15:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-14 12:04 - 2015-07-04 10:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\System32\ole32.dll
2015-07-14 12:04 - 2015-07-04 09:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-14 12:04 - 2015-04-27 11:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2015-07-14 12:04 - 2015-04-27 11:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2015-07-14 12:04 - 2015-04-27 11:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2015-07-14 12:04 - 2015-04-27 11:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2015-07-14 12:04 - 2015-04-27 11:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-14 12:04 - 2015-04-27 11:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-14 12:04 - 2015-04-27 11:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-14 12:04 - 2015-04-27 11:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-14 12:03 - 2015-06-15 13:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\System32\msi.dll
2015-07-14 12:03 - 2015-06-15 13:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\System32\msihnd.dll
2015-07-14 12:03 - 2015-06-15 13:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\System32\msiexec.exe
2015-07-14 12:03 - 2015-06-15 13:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-14 12:03 - 2015-06-15 13:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-14 12:03 - 2015-06-15 13:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-14 12:03 - 2015-06-15 13:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\System32\msimsg.dll
2015-07-14 12:03 - 2015-06-15 13:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 12:49 - 2015-07-12 12:49 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1D82210E-631E-4BBC-A7A7-4CF003022291}
2015-07-12 07:31 - 2015-07-12 07:31 - 00000000 ____D C:\Users\Cathy\AppData\Local\{694350F0-2118-4DA6-AEDA-3AC0EAD1FBB1}
2015-07-11 13:54 - 2015-07-11 13:54 - 710558117 _____ C:\Users\Cathy\Downloads\CTGP-R v1.03.1006 All Inclusive.zip
2015-07-11 13:24 - 2015-07-11 13:24 - 00000000 ____D C:\Users\Cathy\Documents\DCIM
2015-07-11 13:19 - 2015-07-11 13:19 - 02284063 _____ C:\Users\Cathy\Downloads\LetterBomb.zip
2015-07-11 06:42 - 2015-07-11 06:42 - 00000000 ____D C:\Users\Cathy\AppData\Local\{509E8D4B-C91F-4367-9720-3B0438F16740}
2015-07-10 14:38 - 2015-07-10 14:38 - 00000000 ____D C:\Users\Cathy\AppData\Local\{37A43C5B-802A-43FF-BCCF-A0BE10878B9E}
2015-07-07 14:41 - 2015-07-07 14:41 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D028E38F-985F-4FC1-85F0-94FE11C9C77A}
2015-07-03 10:22 - 2015-07-03 10:23 - 00000000 ____D C:\Users\Cathy\Desktop\dp dentist
2015-07-01 12:47 - 2015-07-01 12:47 - 00000000 ____D C:\Users\Cathy\AppData\Local\{1661E827-20D2-49CB-81A1-2638E53092B6}
2015-06-30 13:30 - 2015-06-30 13:31 - 00000000 ____D C:\Users\Cathy\AppData\Local\{E3383414-D9BB-4AC1-9513-C91AF596A5F3}
2015-06-29 15:09 - 2015-06-29 15:09 - 00000000 ____D C:\Users\Cathy\AppData\Local\{10640490-F954-40DD-A016-0A0C2412E495}
2015-06-27 14:45 - 2015-06-27 14:46 - 00000000 ____D C:\Users\Cathy\AppData\Local\{D8F374E4-B694-402F-8B2A-FC1500BDEA14}
2015-06-25 11:51 - 2015-06-25 11:52 - 00000000 ____D C:\Users\Cathy\AppData\Local\{E4F2F85B-F898-4C97-93A0-C0B3A5120D88}
2015-06-23 15:17 - 2015-06-23 15:17 - 00000000 ____D C:\Users\Cathy\AppData\Local\{E1349A11-3303-426E-8306-50B7F7E2538C}
 
==================== Three Months Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-19 06:05 - 2009-07-13 20:45 - 00027936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-19 06:05 - 2009-07-13 20:45 - 00027936 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-19 06:04 - 2012-07-06 11:37 - 00000000 ____D C:\Users\Default\AppData\Local\SoftThinks
2015-09-19 06:04 - 2012-07-06 11:37 - 00000000 ____D C:\Users\Default User\AppData\Local\SoftThinks
2015-09-19 06:04 - 2012-07-06 11:24 - 00000000 ____D C:\Program Files (x86)\Dell DataSafe Local Backup
2015-09-19 06:03 - 2012-07-25 05:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-19 06:03 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-19 05:53 - 2013-06-05 06:36 - 00000000 ____D C:\ProgramData\WRData
2015-09-19 05:53 - 2013-06-05 06:36 - 00000000 ____D C:\ProgramData\WRData
2015-09-16 18:16 - 2009-07-13 21:13 - 00795858 _____ C:\Windows\System32\PerfStringBackup.INI
2015-09-16 14:02 - 2013-10-20 12:53 - 00000000 ____D C:\Windows\Minidump
2015-09-16 14:02 - 2012-07-25 05:05 - 00000000 ____D C:\Users\Cathy\AppData\Local\CrashDumps
2015-09-16 13:53 - 2013-05-24 12:13 - 00000985 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-09-15 18:44 - 2014-08-04 12:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-09-15 17:54 - 2012-07-25 05:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-15 13:37 - 2009-07-13 20:45 - 00489784 _____ C:\Windows\System32\FNTCACHE.DAT
2015-09-15 13:35 - 2010-11-20 23:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-15 13:35 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-09-14 20:43 - 2013-08-14 18:52 - 00000000 ____D C:\Windows\System32\MRT
2015-09-14 20:31 - 2012-07-24 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 20:31 - 2012-07-24 16:30 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-14 05:45 - 2015-04-02 14:26 - 00106944 _____ (Webroot) C:\Windows\System32\WRusr.dll
2015-09-14 05:45 - 2015-04-02 14:21 - 00168720 _____ (Webroot) C:\Windows\SysWOW64\WRusr.dll
2015-09-14 05:45 - 2015-04-02 14:21 - 00117792 _____ (Webroot) C:\Windows\System32\Drivers\WRkrn.sys
2015-09-02 17:33 - 2013-07-11 10:45 - 00000000 ___RD C:\Users\Cathy\Desktop\Pierson's desktop icons
2015-09-02 14:48 - 2012-02-27 09:09 - 00000000 ____D C:\Windows\Panther
2015-09-01 16:10 - 2012-09-18 15:45 - 00063488 _____ C:\Users\Cathy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-31 09:49 - 2012-07-25 05:12 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 09:49 - 2012-07-25 05:12 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-26 14:37 - 2012-07-24 16:16 - 134753440 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
 
==================== Known DLLs (Whitelisted) =========================
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\dnsapi.dll => MD5 is legit
C:\Windows\SysWOW64\dnsapi.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
path                    \bootmgr
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {c47a5023-c7b4-11e1-80eb-00217064058b}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {c47a5027-c7b4-11e1-80eb-00217064058b}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {c47a5023-c7b4-11e1-80eb-00217064058b}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {c47a5027-c7b4-11e1-80eb-00217064058b}
device                  ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c47a5028-c7b4-11e1-80eb-00217064058b}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{c47a5028-c7b4-11e1-80eb-00217064058b}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {c47a5023-c7b4-11e1-80eb-00217064058b}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {c47a5028-c7b4-11e1-80eb-00217064058b}
description             Ramdisk Options
ramdisksdidevice        partition=Y:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 15%
Total physical RAM: 6049.09 MB
Available physical RAM: 5113.31 MB
Total Virtual: 6047.29 MB
Available Virtual: 5120.68 MB
 
==================== Drives ================================
 
Drive c: (OSDisk) (Fixed) (Total:917.84 GB) (Free:708.84 GB) NTFS
Drive e: (W7SP1_HOMEPREMIUM) (CDROM) (Total:5.23 GB) (Free:0 GB) UDF
Drive f: (SWAGGORONI) (Removable) (Total:1.87 GB) (Free:1.74 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.02 GB) NTFS
Drive y: (Recovery) (Fixed) (Total:13.67 GB) (Free:6.16 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AE977300)
Partition 1: (Not Active) - (Size=917.8 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=13.7 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: EED6777A)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2015-07-02 09:22
 
==================== End of FRST.txt ============================


#6 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 20 September 2015 - 11:04 PM

Hi catgeo,
 

I've included lots of directions here so please read them over a few times and make sure they make sense to you before attempting to follow them. If you have any questions, please ask before doing. :)

 

You asked me about the addition.txt option missing from the FRST menu. Upon further checking, that option is not available when FRST is run from the Recovery Environment.

To add, when I try to run malware bytes off USB from command prompt, I get the following message:
The subsystem needed to support the image type is not present

Same thing applies here. MalwareBytes Anti-Malware cannot be run from the Recovery Environment.
 
Note: If you are unable to launch your browser or Notepad from your nonworking computer, then when it comes time to download or implement the utility programs I mention below, use a flash drive and a working computer to transfer the downloaded files from your working computer to the desktop of your nonworking computer.
 
Let's begin with getting a copy of your master boot record. Please copy and paste the text below into a blank Notepad window.

SaveMbr: Drive=0

Save the above Notepad file to your flash drive as fixlist.txt. Note: fixlist.txt must be saved in the same folder as FRST64.exe or the fix will not work.
 
Next:
 
Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html
  • To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.
    On the System Recovery Options menu you will get the following options:

    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt


    Select Command Prompt

Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type F:\frst64 and press Enter
    Note: Replace the letter F with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button not the scan button..
  • It will create a log, MBRDUMP.txt, on the flash drive in the same location as FRST64.exe. Please copy and paste it into your next reply to me.

On your nonworking computer, reboot to normal mode.
 
Using either of the links below, please download RKill by Grinler and save it to your desktop (or flash drive if using a different computer to aid you with the download).

  • Link 1
  • Link 2
  • Right-click on the RKill icon and select, Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file and then download and use the one provided in Link 2.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer because you will nullify the effect of RKill for the following steps.

Next:
 
Follow the link below and read the guide to ComboFix.exe. There you will find links and instructions for running the tool.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix.
 
If ComboFix won't run, below are two alternative methods to get it to launch:

1st alternative method:

  • Right-click the ComboFix.exe icon on your desktop and choose the rename option.
  • Change the file name to any random 3-8 character named file with an .exe extension. aadddcc.exe would be a good example of a randomly named file.
  • While pressing and holding the Windows flag key, tap the letter R on your keyboard.
  • A small run box will open.
  • Assuming ComboFix.exe is on the desktop as was instructed, copy and paste, or type, "%userprofile%\desktop\[insert randomly named file from previous step here]" (without the quote marks) into the run box and click OK.

2nd alternative method

  • Right-click the ComboFix.exe icon on your desktop and choose the rename option.
  • Change the file name to any random 3-8 character named file with an .exe extension. aadddcc.exe would be a good example of a randomly named file.
  • Open the Task Manager by pressing the Shift-Ctrl-Esc keys at the same time.
  • In the menu at the top of the dialog box, click File -> New Task (Run...).
  • Assuming ComboFix.exe is on the desktop as was instructed, copy and paste, or type, "%userprofile%\desktop\[insert randomly named file from previous step here]" (without the quote marks) into the run box and click OK.
  • If ComboFix runs successfully, please copy and paste the ComboFix.txt log into your next reply to me.

Next:
 
Now let's try and run FRST64 in normal mode. If you are able to get to the opening menu, make sure the check box for Addition.txt is enabled. Leave the other boxes in their default state and click Scan. After the scan has completed, copy and paste the two logs, FRST.txt and addition.txt into your next reply to me  If you cannot launch FRST, do the following:

  • Right-click on the RKill icon on your desktop and select, Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If the tool does not run, please let me know.
  • Do not reboot the computer because you will nullify the effect of RKill for the following steps.
  • Right-click the FRST64.exe icon and choose the rename option.
  • Change the file name to any random 3-8 character named file with a .exe extension.
  • Now try to launch the program again. If successful, click on Scan.
  • When the scan has completed, please copy and paste the FRST.txt and addition.txt logs into your next reply to me. 

In summary, please copy and paste the following into your next reply to me:

  • MBRDUMP.txt
  • ComboFix.txt log
  • FRST and addition.txt logs

Let me know if you have any questions.
 
polskamachina



#7 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 21 September 2015 - 07:34 PM

Well, I don't have much to report other than more bad news. I saved the fixlist.txt file on a USB drive with FRST64.exe. I ran the FRST fix option from the command prompt in the System Recovery Option. This is what was in the MBRDUMP.txt log:

 

3ÀŽÐ¼ |ŽÀŽØ¾ |¿ ¹ üó¤PhËû¹ ½¾€~  |…ƒÅâñ͈V UÆFÆF ´A»ªUÍ]rûUªu ÷Á tþFf`€~ t&fh    fÿvh  h |h h ´BŠV ‹ôÍŸƒÄžë¸» |ŠV ŠvŠNŠnÍfasþNu€~ €„Š ²€ë„U2äŠV Í]ëž>þ}Uªunÿv è uú°Ñædèƒ °ßæ`è| °ÿædèu û¸ »Íf#Àu;fûTCPAu2ùr,fh»  fh  fh   fSfSfUfh    fh |  fah  ÍZ2öê |  Í ·ë ¶ë µ2ä ‹ð¬< t » ´Íëòôëý+Éädë $àø$ÃInvalid partition table Error loading operating system Missing operating system   c{š s—®    ! þÿÿ   غr€þÿÿþÿÿ àºr €µ                                Uª

 

It doesn't look good to me, how about you?. When I booted in Normal mode, I tried to open the file explorer to get to the USB drive. All the icons were visible and a blank explorer window opened, but nothing would load. Like before, nothing would open. Before I shut down, more advertisements briefly appeared (things like 'mom meet the new barbie' and 'family videos'???). I went through the same process again with the same results, but when windows started I got a message inviting me to download Windows 10, which I had gotten prior to all the problems. When I clicked on it, however, nothing would happen. It seems like there is a brief period as windows load when things work, but everything quickly gets disabled. I'm not sure what else to say. Any other options or questions?  



#8 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 22 September 2015 - 03:13 AM

Hi catgeo :)

 

The nonsensical text you saw in the file along with the error message contained therein is normal. The file cannot be analyzed by just looking at the string of characters. Each character has a numeric meaning which in turn can be used to analyze your master boot record. I should have instructed you to attach the MBRDUMP.txt rather than copying and pasting It into the reply window. Here are the corrected steps for the entire procedure:

  • Insert the flash drive with the MBRDUMP.txt file into your working computer and power it on.
  • Click on the More Reply Options to this message.
  • Click on the Browse button next to the Attach Files box (located near the picture of the paper clip at the bottom of the reply window).
  • Locate the path to your flash drive and the MBRDUMP.txt file.
  • Click on the MBRDUMP.txt file
  • Click on Open.
  • Click on, Attach This File.
  • Click the, Preiview Post button.
  • You should now see the file attached to your pending reply.
  • If you would like to make any comments along with your file attachment, type them in the reply window now.
  • Click on, Add Reply to send me the file and your comments.

Let me know if you have any questions.

 

polskamachina



#9 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 22 September 2015 - 06:40 AM

That makes more sense :)

Thanks for the quick reply.

Attached Files



#10 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 22 September 2015 - 05:27 PM

Hi catgeo :)

 

Good job attaching the MBRDUMP :thumbsup:

When I booted in Normal mode, I tried to open the file explorer to get to the USB drive. All the icons were visible and a blank explorer window opened, but nothing would load. Like before, nothing would open.

Were you able to see the contents of your USB drive in the explorer window? Were you able to run either of the two program links to RKill?

 

polskamachina

 

 



#11 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 22 September 2015 - 05:43 PM

Thanks!
I was not able to see anything in explorer while in normal mode (or safe mode). I should have clarified, I could see the desktop icons, but the file explorer never fully loaded - just an empty white box. Because I was not able to navigate to the USB or open any other programs, I could not run RKill.
Catgeo

#12 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 24 September 2015 - 10:09 AM

Hi catgeo :)

 

I've read your reply and I'm working on fix. Thanks for your patience.

 

polskamachina



#13 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 24 September 2015 - 02:05 PM

Hi catgeo :)
 
On your working computer, please go to this link and download the Malwarebytes Anti-rootkit files to your flash drive. It is a compressed zip file therefore you will need to double-click the file after it has downloaded and then extract all the files to your flash drive. Take note of the folder name where the files, MBAR.exe and MBAR.cmd are located. That is the folder you will need to access later.

Next:

  • Insert the flash drive into your nonworking computer.
  • Power it on and do the necessary steps to boot to the Recovery Environment command prompt as we have done before.
  • At the command prompt type, notepad
  • Within the Notepad window click on, File -> Open
  • Change the Files of type option to, All Files.
  • Use the browser window to navigate to your flash drive where the MBAR.exe file is located.
  • Right-click the file and select, Run as administrator.
  • If the MBAR.exe program will not run, return to step 3 of this list and substitute the file, MBAR.cmd for MBAR.exe.
  • When the scan has completed, a log will be generated on your flash drive with the following named text file: mbar-log-date (time).txt
  • Please copy and paste that log into your next reply to me.
  • While still at the command prompt type, echo hello <nul>
  • The result should be a blank line. If you get any thing other than a blank line in return, let me know.

Let me know if you have any questions.
 
polskamachina



#14 catgeo

catgeo
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:07 AM

Posted 24 September 2015 - 05:51 PM

No good news :mellow:

 

MBAR.exe would not run (image type not present error). MBR.cmd appeared to do something (screen quickly popped up and went down), but no text file or log was created.

 

In the command prompt, echo hello <nul> gave me a syntax error, but echo hello >nul returned nothing.



#15 polskamachina

polskamachina

  • Malware Response Team
  • 4,036 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:07 AM

Posted 24 September 2015 - 11:55 PM

Hi catgeo :)
 
Let's try running a FRST fix. On you working computer copy and paste the following into Notepad:

Reg: reg delete HKCU\Software\Classes\.exe\shell\open\command /f
Reg: reg delete HKCU\Software\Classes\secfile\shell\open\command /f
Reg: reg delete HKCR\.exe\shell\open\command /f
Reg: reg add HKCR\.exe /ve exefile /f
Reg: reg add HKCR\.exe /v "Content Type" /d application/x-msdownload /f
Reg: reg delete HKCR\secfile /f
  • Save the file to your flash drive as fixlist.txt into the same folder as FRST64.exe
  • Insert the flash drive into your nonworking computer and boot to the Recovery Enviornment command prompt.
  • Run the FRST64 program as you did previously.
  • When the FRST menu appears, click on the Fix button.
  • After the fix is complete, a file will be created on your flash drive named, fixlog.txt  Please copy and paste that log into your next reply to me.

Finally, please restart your computer and let me know if you can launch any programs.
 
polskamachina






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users