Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I cannot open programs or access the internet


  • This topic is locked This topic is locked
7 replies to this topic

#1 dahue

dahue

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 23 September 2015 - 04:30 PM

Hello,

 

My name is Chris and this problem started this morning with one of my computers.  The other computers on this network are showing no signs of any problems and can access the internet.  The problem pc has no problem viewing the NAS(network attached storage) and can view files and copy them to the problem pc from the NAS.  

 

Either there is a very serious system error or it is a virus.  I'm leaning toward virus since cannot open any programs and internet access seems to be blocked.

 

Any time I open a program I get the following error "The application was unable to start correctly (0xc0000005)" 

 

Here is the FRST log I don't know how good it is since I received the above error notice 3 or 4 times while it ran.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Chad (administrator) on CHAD-ASUS (23-09-2015 16:07:10)
Running from C:\Users\Chad\Documents\IT
Loaded Profiles: Chad (Available Profiles: Chad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Windows\System32\makecab.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7666392 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1391472 2014-12-11] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [392592 2015-03-31] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-06-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe [5591872 2014-01-15] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-495047999-277834062-870491222-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-495047999-277834062-870491222-1000\...\Run: [GoogleChromeAutoLaunch_08AC5966833757C305CF6FE045FFD761] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [815944 2015-08-27] (Google Inc.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
Startup: C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2015-05-19]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{01F4918C-8E12-4C6A-A6A9-B3F44DAFDEA8}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-495047999-277834062-870491222-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://eagent.farmersinsurance.com/
HKU\S-1-5-21-495047999-277834062-870491222-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
SearchScopes: HKU\S-1-5-21-495047999-277834062-870491222-1000 -> DefaultScope {931D75E6-8C51-42EC-9424-1136ADA6DB17} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-495047999-277834062-870491222-1000 -> {931D75E6-8C51-42EC-9424-1136ADA6DB17} URL = hxxps://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/icms/commonActiveX/smsx.cab
DPF: HKLM-x32 {354D91A8-E3C9-491F-BB89-0FB27DEEED86} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXTwain61.cab
DPF: HKLM-x32 {45EEDB84-57BC-4FBD-8065-7AB8E971B545} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgXDialog61.cab
DPF: HKLM-x32 {7E8DC73D-69CD-4F67-99B1-8DC6E42F6246} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/ImgX61.cab
DPF: HKLM-x32 {B2D168E0-5597-101D-843A-DA16297B4C87} hxxps://eagent.farmersinsurance.com/PLA/eAgent/imagecenter/commonActiveX/rm2.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-04-04] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-04-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-31] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-495047999-277834062-870491222-1000: @citrixonline.com/appdetectorplugin -> C:\Users\Chad\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-04-22] (Citrix Online)
 
Chrome: 
=======
CHR HomePage: Default -> hxxps://www.google.com/
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-03]
CHR Extension: (Google Docs) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-03]
CHR Extension: (Google Drive) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-03]
CHR Extension: (YouTube) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-03]
CHR Extension: (Google Search) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-03]
CHR Extension: (Google Sheets) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-03]
CHR Extension: (Google Docs Offline) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-04-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-03]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-03]
CHR Extension: (Gmail) - C:\Users\Chad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-03]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-04-03] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [344976 2015-03-31] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 16:07 - 2015-09-23 16:07 - 00000000 ____D C:\FRST
2015-09-23 14:56 - 2015-09-23 14:56 - 00000000 ____D C:\ProgramData\Recovery
2015-09-23 14:19 - 2015-09-23 14:56 - 00001893 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2015-09-23 14:19 - 2015-09-23 14:22 - 00000000 ____D C:\ProgramData\HitmanPro
2015-09-23 14:19 - 2015-09-23 14:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-09-23 14:19 - 2015-09-23 14:19 - 00000000 ____D C:\Program Files\HitmanPro
2015-09-23 11:53 - 2015-09-23 12:00 - 00000000 ____D C:\windows\pss
2015-09-23 10:46 - 2015-09-23 16:07 - 00000000 ____D C:\Users\Chad\Documents\IT
2015-09-18 11:42 - 2015-09-18 11:42 - 00012056 _____ C:\Users\Chad\Desktop\JaimeSikoraPaidReceipt9.18.15htm.htm
2015-09-18 11:41 - 2015-09-18 11:41 - 00012056 _____ C:\Users\Chad\Desktop\JaimeSikoraPaidReceipt9.18.htm
2015-09-15 09:34 - 2015-09-15 09:34 - 01521185 _____ C:\Users\Chad\Desktop\medicare-and-marketplace.pptx
2015-09-15 09:32 - 2015-09-15 09:34 - 01521185 _____ C:\Users\Chad\Downloads\medicare-and-marketplace.pptx
2015-09-15 08:59 - 2015-09-15 08:59 - 00000000 _____ C:\Users\Chad\AppData\Local\{773D4E75-9F00-4EBA-BA8E-7451BC7549AB}
2015-09-09 09:15 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-09 09:15 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-09 09:15 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-09 09:15 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-09 09:15 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-09 09:15 - 2015-07-22 19:06 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-09 09:15 - 2015-07-22 19:06 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-09 09:15 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-09 09:15 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-09 09:15 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-09 09:15 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-09 09:15 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-09 09:15 - 2015-07-22 19:02 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-09 09:15 - 2015-07-22 19:02 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-09 09:15 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-09 09:15 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-09 09:15 - 2015-07-22 19:01 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-09 09:15 - 2015-07-22 19:01 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-09 09:15 - 2015-07-22 18:58 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-09 09:15 - 2015-07-22 18:57 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 18:51 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-09 09:15 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-09 09:15 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-09 09:15 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-09 09:15 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-09 09:15 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-09 09:15 - 2015-07-22 12:52 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-09 09:15 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-09 09:15 - 2015-07-22 12:52 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-09 09:15 - 2015-07-22 12:52 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-09 09:15 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-09 09:15 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-09 09:15 - 2015-07-22 12:47 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-09 09:15 - 2015-07-22 12:46 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-09 09:15 - 2015-07-22 11:45 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-09 09:15 - 2015-07-22 11:44 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-09 09:15 - 2015-07-22 11:44 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-09 09:15 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-09 09:15 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-09 09:15 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-09 09:15 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-09 09:15 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-09 09:15 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-09 09:15 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-09 09:15 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-09 09:15 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-09 09:15 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-09 09:14 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-09 09:14 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-09 09:14 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-09 09:14 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-09 09:14 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-09 09:14 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-09 09:14 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-09 09:14 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-09 09:14 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-09 09:14 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-09 09:14 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-09 09:14 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-09 09:14 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-09 09:14 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-09 09:14 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-09 09:14 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-09 09:14 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-09 09:14 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-09 09:14 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-09 09:14 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-09 09:14 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-09 09:14 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-09 09:14 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-09 09:14 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-09 09:14 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-09 09:14 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-09 09:14 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-09 09:14 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-09 09:14 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-09 09:14 - 2015-08-22 09:40 - 14383616 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 13774848 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 02865664 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 02056704 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 01763328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 01441280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-09 09:14 - 2015-08-22 09:40 - 01181696 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00718848 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00525312 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-09 09:14 - 2015-08-22 09:40 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-09 09:14 - 2015-08-22 08:51 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-09 09:14 - 2015-08-22 08:51 - 01409024 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-09 09:14 - 2015-08-22 08:51 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-09 09:14 - 2015-08-22 08:51 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-09 09:14 - 2015-08-22 08:50 - 19291648 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 15415808 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 02657280 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 01509376 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-09 09:14 - 2015-08-22 08:50 - 00857600 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-09 09:14 - 2015-08-22 08:50 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-09 09:14 - 2015-08-20 13:53 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-09 09:14 - 2015-08-20 13:46 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-09 09:14 - 2015-08-20 13:21 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-09 09:14 - 2015-08-20 13:19 - 00441856 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-09 09:14 - 2015-08-20 12:56 - 00071680 _____ (Microsoft Corporation) C:\windows\SysWOW64\RegisterIEPKEYs.exe
2015-09-09 09:14 - 2015-08-20 12:55 - 00089600 _____ (Microsoft Corporation) C:\windows\system32\RegisterIEPKEYs.exe
2015-09-09 09:14 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-09 09:14 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-09 09:14 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-09 09:14 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-09 09:14 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-09 09:14 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-09 09:14 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-09 09:14 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-09 09:14 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-09-09 09:14 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-09 09:14 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-09 09:14 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-09 09:14 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-04 10:43 - 2015-09-04 10:43 - 00015966 _____ C:\Users\Chad\Desktop\WINBACKS MAIL LIST 9.15.xlsx
2015-09-03 14:49 - 2015-09-03 14:49 - 00000000 ____D C:\Users\Chad\Documents\Fax
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-23 16:05 - 2015-04-03 10:06 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-23 16:05 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-23 16:05 - 2009-07-13 23:51 - 00053415 _____ C:\windows\setupact.log
2015-09-23 15:47 - 2015-04-03 09:25 - 01374475 _____ C:\windows\WindowsUpdate.log
2015-09-23 15:33 - 2015-04-22 12:57 - 00000556 _____ C:\windows\Tasks\G2MUpdateTask-S-1-5-21-495047999-277834062-870491222-1000.job
2015-09-23 15:14 - 2015-04-03 10:06 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-23 15:02 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-23 15:02 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-23 15:01 - 2009-07-14 00:13 - 00783606 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-23 12:02 - 2013-05-21 02:38 - 00000000 __SHD C:\Recovery
2015-09-23 12:02 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Recovery
2015-09-23 11:49 - 2015-04-03 09:26 - 00000000 ____D C:\Users\Chad
2015-09-23 11:48 - 2015-08-04 08:52 - 00000000 ____D C:\windows\Minidump
2015-09-23 11:48 - 2015-04-04 03:50 - 00000000 ___SD C:\windows\system32\GWX
2015-09-23 11:48 - 2015-04-03 10:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-09-23 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\NDF
2015-09-23 11:48 - 2009-07-13 22:20 - 00000000 ____D C:\windows\registration
2015-09-23 11:47 - 2015-04-03 10:06 - 00000000 ____D C:\Users\Chad\AppData\Local\Google
2015-09-23 11:46 - 2015-04-06 11:07 - 00000000 __RHD C:\MSOCache
2015-09-23 11:46 - 2015-04-03 09:47 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-23 10:43 - 2011-04-12 03:28 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-09-23 10:19 - 2015-07-22 12:02 - 00000000 ____D C:\Users\Chad\Desktop\Client Auto ID Cards
2015-09-21 17:44 - 2015-06-01 16:56 - 00019145 _____ C:\Users\Chad\Desktop\CJR Business Log.xlsx
2015-09-21 13:10 - 2009-07-14 00:32 - 00000000 ____D C:\windows\system32\FxsTmp
2015-09-14 08:51 - 2015-06-05 15:30 - 00000652 _____ C:\windows\Tasks\G2MUploadTask-S-1-5-21-495047999-277834062-870491222-1000.job
2015-09-11 15:44 - 2015-04-03 10:23 - 00000681 _____ C:\windows\BRCALIB.INI
2015-09-10 18:36 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-10 17:58 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 08:46 - 2009-07-13 23:45 - 00412600 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-10 08:44 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-03 16:12 - 2015-06-05 15:30 - 00003678 _____ C:\windows\System32\Tasks\G2MUploadTask-S-1-5-21-495047999-277834062-870491222-1000
2015-09-03 16:12 - 2015-04-22 12:57 - 00003582 _____ C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-495047999-277834062-870491222-1000
2015-09-03 14:59 - 2015-04-03 10:24 - 00001081 _____ C:\windows\Brpfx04a.ini
2015-09-03 14:51 - 2015-04-03 10:24 - 00000130 _____ C:\windows\brpcfx.ini
2015-09-02 15:16 - 2015-04-03 10:07 - 00002187 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-31 17:09 - 2015-04-03 10:06 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-31 17:09 - 2015-04-03 10:06 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-24 13:36 - 2010-11-20 22:47 - 00045712 _____ C:\windows\PFRO.log
 
==================== Files in the root of some directories =======
 
2015-07-16 03:01 - 2015-07-16 03:01 - 6420480 _____ () C:\Program Files (x86)\GUTA22C.tmp
2015-09-15 08:59 - 2015-09-15 08:59 - 0000000 _____ () C:\Users\Chad\AppData\Local\{773D4E75-9F00-4EBA-BA8E-7451BC7549AB}
2014-06-12 05:01 - 2014-06-12 05:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-21 10:07
 
==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 27 September 2015 - 04:13 PM

Hi,

Welcome here! I am Black_Bird and I'll be helping you with your PC problems. :)
If something's not clear enough to you, don't hesitate to ask!

First I've got some questions for you:

1. Please download this file to your desktop:
Right-click it and click Run as Administrator
In a couple of seconds a report will be generated.
Please copy/paste the contents of this logfile into your next reply.

2. Are you known with the website "hxxps://eagent.farmersinsurance.com/" (I've replaced https with hxxps) ?

Hope to hear back from you soon. :)
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#3 dahue

dahue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 28 September 2015 - 09:31 AM

Hi Black_bird,

 

The website you metioned "hxxps://eagent.farmersinsurance.com/" is one I use for work and it is safe.  I have copied the log below.

 

 

 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7afe9a05-119d-11e4-8655-cb2fd57297bf}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7afe9a09-119d-11e4-8655-cb2fd57297bf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {7afe9a05-119d-11e4-8655-cb2fd57297bf}
nx                      OptIn
safeboot                Network
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7afe9a05-119d-11e4-8655-cb2fd57297bf}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7afe9a09-119d-11e4-8655-cb2fd57297bf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {7afe9a05-119d-11e4-8655-cb2fd57297bf}
nx                      OptIn
safeboot                Network
The boot configuration data store could not be opened.
Access is denied.


#4 dahue

dahue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 28 September 2015 - 03:30 PM

Black_bird,

 

Good news and Bad news,  first the bad news the computer stopped booting to windows.  The good news is I was able to recover and reinstall windows from the hidden partition.  Whatever cause the problems should be gone as the hard drive was reformatted.  Thank you for helping me on this and you can close the topic since the computer seems to work just fine as of now.



#5 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 28 September 2015 - 05:05 PM

Hi there,

 

As the malware is/was probably located in your boot files/settings (that's why I had you run the look.bat tool), I'd still recommend you to do at least a new scan with look.bat and FRST. The malware might still be there.

 

Please let me know if you want this or not. :)


Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#6 dahue

dahue
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:03:02 AM

Posted 29 September 2015 - 12:11 PM

Black_bird,
 
That sounds like a good idea I have copied the FRST and look.bat below and attached the addition log.
 
Look.bat:
 
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {7afe9a0b-119d-11e4-8655-cb2fd57297bf}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {7afe9a0d-119d-11e4-8655-cb2fd57297bf}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \windows
resumeobject            {7afe9a0b-119d-11e4-8655-cb2fd57297bf}
nx                      OptIn
 
FRST:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
Ran by Chad (administrator) on CHAD-ASUSPC (29-09-2015 11:56:52)
Running from C:\Users\Chad\Documents\IT
Loaded Profiles: Chad (Available Profiles: Chad)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Manager\AsHKService.exe
(ASUSTeK) C:\Program Files (x86)\ASUS\ASUS Manager\Power Manager\Power Manager_background.exe
() C:\Program Files (x86)\ASUS\ASUS Manager\PC Cleanup\SecureDeleteBackground.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\EXCEL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTE.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1368792 2013-11-13] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [404376 2015-08-09] ()
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-10-20] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3216032 2014-06-12] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.1.1.265\AsusWSPanel.exe [5591872 2014-01-15] (ASUS Cloud Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3701516258-2805159106-3171793684-1000\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\S-1-5-21-3701516258-2805159106-3171793684-1000\...\MountPoints2: {2e81a0a8-661d-11e5-a815-382c4ac5821a} - G:\LaunchU3.exe -a
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.1.1.265\ASUSWSShellExt64.dll [2013-06-25] (ASUS Cloud Corporation.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{47DC54FC-D179-454E-80D6-65C342A5DD77}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus13.msn.com/?pc=ASJB
HKU\S-1-5-21-3701516258-2805159106-3171793684-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://eagent.farmersinsurance.com/
HKU\S-1-5-21-3701516258-2805159106-3171793684-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-28] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-09-28] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-28] (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-04-04] (Adobe Systems Incorporated)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-09-28] (Microsoft Corporation)
DPF: HKLM-x32 {1663ed61-23eb-11d2-b92f-008048fdd814} hxxps://eagent.farmersinsurance.com/PLA/eAgent/eAutoTwoE/commonActiveX/smsx.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-28] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-01-10] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2012-04-04] (Adobe Systems Inc.)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2015-09-28] ()
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [355232 2015-08-09] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-10-17] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R0 assdv2; C:\Windows\System32\Drivers\assdv2.sys [21816 2013-12-05] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28008 2013-08-01] (Intel Corporation)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 11:57 - 2015-09-29 11:57 - 00000000 ____D C:\Users\Chad\Desktop\wlan_wiz
2015-09-29 11:56 - 2015-09-29 11:57 - 00000000 ____D C:\Users\Chad\Desktop\install
2015-09-29 11:56 - 2015-09-29 11:56 - 00000000 ____D C:\FRST
2015-09-29 11:55 - 2015-09-29 11:56 - 129154840 _____ (A.I.SOFT,INC.) C:\Users\Chad\Downloads\MFC-9970CDW-inst-E1-usa.EXE
2015-09-29 11:55 - 2015-09-29 11:56 - 00000000 ____D C:\Users\Chad\Documents\IT
2015-09-29 11:34 - 2015-09-29 11:34 - 00000165 ____H C:\Users\Chad\Desktop\~$CJR Business Log.xlsx
2015-09-29 10:00 - 2015-09-29 11:19 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-09-29 10:00 - 2015-09-29 10:00 - 00780488 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-09-29 10:00 - 2015-09-29 10:00 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-09-29 10:00 - 2015-09-29 10:00 - 00000000 ____D C:\windows\system32\Macromed
2015-09-29 03:28 - 2015-09-29 03:28 - 00000118 _____ C:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-09-28 16:13 - 2015-09-29 10:00 - 00000000 ____D C:\Users\Chad\AppData\Local\Adobe
2015-09-28 15:40 - 2015-09-28 15:40 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mead & Company
2015-09-28 15:36 - 2015-09-28 15:36 - 00000401 _____ C:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-09-28 15:32 - 2015-09-28 15:32 - 00000000 ____D C:\ProgramData\Skype
2015-09-28 15:31 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\TsUsbFlt.sys
2015-09-28 15:31 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-09-28 15:31 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-09-28 15:31 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\windows\system32\MsRdpWebAccess.dll
2015-09-28 15:31 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\windows\system32\wksprtPS.dll
2015-09-28 15:31 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-09-28 15:31 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\windows\system32\TsUsbGDCoInstaller.dll
2015-09-28 15:31 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\windows\system32\rdvidcrl.dll
2015-09-28 15:31 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\MsRdpWebAccess.dll
2015-09-28 15:31 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\windows\SysWOW64\wksprtPS.dll
2015-09-28 15:31 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-09-28 15:31 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\wksprt.exe
2015-09-28 15:31 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-09-28 15:31 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2015-09-28 15:31 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\windows\SysWOW64\rdvidcrl.dll
2015-09-28 15:31 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2015-09-28 15:31 - 2013-10-01 15:57 - 06578176 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-09-28 15:31 - 2013-10-01 15:55 - 05698048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-09-28 15:24 - 2015-09-28 15:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-28 15:23 - 2015-09-28 15:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-28 15:23 - 2015-09-28 15:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-28 15:23 - 2015-08-05 13:02 - 00157016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-09-28 15:23 - 2015-08-05 13:02 - 00097112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-09-28 15:23 - 2015-08-05 12:56 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\icaapi.dll
2015-09-28 15:23 - 2015-08-05 12:56 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-09-28 15:23 - 2015-08-05 12:55 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-09-28 15:23 - 2015-08-05 12:55 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-09-28 15:23 - 2015-08-05 12:50 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-09-28 15:23 - 2015-08-05 12:50 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-09-28 15:23 - 2015-08-05 12:46 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-09-28 15:23 - 2015-08-05 12:41 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-09-28 15:23 - 2015-08-05 12:41 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-09-28 15:23 - 2015-08-05 12:41 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-09-28 15:23 - 2015-08-05 12:41 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-09-28 15:23 - 2015-08-05 12:40 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-09-28 15:23 - 2015-08-05 12:40 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-09-28 15:23 - 2015-08-05 12:40 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-09-28 15:23 - 2015-08-05 12:40 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-09-28 15:23 - 2015-08-05 12:40 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-09-28 15:23 - 2015-08-05 12:39 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-09-28 15:23 - 2015-08-05 12:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-09-28 15:23 - 2015-08-05 12:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-09-28 15:23 - 2015-08-05 12:34 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-09-28 15:23 - 2015-08-05 12:34 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-09-28 15:23 - 2015-08-05 12:30 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-09-28 15:23 - 2015-08-05 12:06 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2015-09-28 15:23 - 2015-08-05 11:38 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-09-28 15:23 - 2015-08-05 11:37 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-09-28 15:23 - 2015-08-05 11:37 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-09-28 15:22 - 2015-09-29 11:34 - 00000000 ____D C:\Users\Chad\Desktop\Current Client Quotes
2015-09-28 15:22 - 2015-09-29 11:33 - 00000000 ____D C:\Users\Chad\Desktop\Client Property Photos
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Workers Comp Quotations
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Prospect Quotations
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\New Group Health Prospects
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Life Quotations
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Leads Lists
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Individual Health Quotes
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Individual Health Applications
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Current Client Evidence of Insurace
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Client Paid Receipts
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Client Jewelry Endorsement Info
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Client Cost Spreadsheets
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Client Cancellation Letters
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Client Auto ID Cards
2015-09-28 15:22 - 2015-09-28 15:22 - 00000000 ____D C:\Users\Chad\Desktop\Chad
2015-09-28 15:22 - 2015-09-21 16:44 - 00019145 _____ C:\Users\Chad\Desktop\CJR Business Log.xlsx
2015-09-28 15:22 - 2015-09-15 08:34 - 01521185 _____ C:\Users\Chad\Desktop\medicare-and-marketplace.pptx
2015-09-28 15:22 - 2015-09-04 09:43 - 00015966 _____ C:\Users\Chad\Desktop\WINBACKS MAIL LIST 9.15.xlsx
2015-09-28 15:22 - 2015-08-11 12:08 - 00071678 _____ C:\Users\Chad\Desktop\MikeAbbateFarmersEOI8.11.15.xps
2015-09-28 15:22 - 2015-08-10 11:45 - 00052003 _____ C:\Users\Chad\Desktop\ColleenRitsemaNewAutoIDCards8.10.15.xps
2015-09-28 15:22 - 2015-08-05 09:35 - 00002269 _____ C:\Users\Chad\Desktop\Personal Lines - Shortcut.lnk
2015-09-28 15:22 - 2015-08-05 09:35 - 00001870 _____ C:\Users\Chad\Desktop\Commercial Shortcut.lnk
2015-09-28 15:22 - 2015-07-21 10:04 - 00018296 _____ C:\Users\Chad\Desktop\RonAnsariPaymentInstallmentSchedule7.21.15.htm
2015-09-28 15:22 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\windows\system32\ucrtbase.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\windows\SysWOW64\ucrtbase.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-09-28 15:22 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-09-28 15:22 - 2015-06-16 13:49 - 00120669 _____ C:\Users\Chad\Desktop\AlanShifrinApplication&SubscriptionAgreement6.16.15.xps
2015-09-28 15:22 - 2015-05-29 17:04 - 00012357 _____ C:\Users\Chad\Desktop\Raj Soni Property List.xlsx
2015-09-28 15:22 - 2015-05-29 09:01 - 00087801 _____ C:\Users\Chad\Desktop\Farmers Policy Information.xps
2015-09-28 15:22 - 2015-05-12 14:36 - 00018387 _____ C:\Users\Chad\Desktop\Leads List update.csv
2015-09-28 15:22 - 2015-05-12 10:54 - 00017537 _____ C:\Users\Chad\Desktop\FarmersSaisiAgencyCostSpreadsheetTemplate.xlsx
2015-09-28 15:22 - 2015-05-11 10:48 - 00017491 _____ C:\Users\Chad\Desktop\Farmers Home Auto Umbrella Cost Spreadsheet 5.11.15.xlsx
2015-09-28 15:22 - 2015-05-08 11:29 - 00016700 _____ C:\Users\Chad\Desktop\Farmers Home Auto Umbrella Cost Spreadsheet.xlsx
2015-09-28 15:22 - 2015-04-03 09:17 - 02237440 _____ C:\Users\Chad\Desktop\ie_script.exe
2015-09-28 15:22 - 2015-04-03 09:12 - 00001443 _____ C:\Users\Chad\Desktop\Internet Explorer.lnk
2015-09-28 15:22 - 2015-04-03 08:58 - 00001668 _____ C:\Users\Chad\Desktop\Community-Folder (COMMUNITY-DRIVE) - Shortcut.lnk
2015-09-28 15:22 - 2015-04-03 08:49 - 00002405 _____ C:\Users\Chad\Desktop\Word 2013.lnk
2015-09-28 15:22 - 2015-04-03 08:49 - 00002367 _____ C:\Users\Chad\Desktop\Excel 2013.lnk
2015-09-28 15:08 - 2015-09-28 15:11 - 00000000 ___SD C:\windows\system32\GWX
2015-09-28 15:08 - 2015-09-28 15:08 - 00000000 ___SD C:\windows\SysWOW64\GWX
2015-09-28 15:08 - 2015-09-28 15:08 - 00000000 ___SD C:\windows\system32\CompatTel
2015-09-28 15:08 - 2015-09-28 15:08 - 00000000 ____D C:\windows\system32\appraiser
2015-09-28 14:55 - 2015-01-08 18:44 - 00419936 _____ C:\windows\SysWOW64\locale.nls
2015-09-28 14:55 - 2015-01-08 18:43 - 00419936 _____ C:\windows\system32\locale.nls
2015-09-28 14:50 - 2015-07-30 08:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-09-28 14:50 - 2015-07-30 08:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-09-28 14:14 - 2015-09-28 14:16 - 00000000 ____D C:\windows\system32\MRT
2015-09-28 14:14 - 2015-08-26 18:37 - 134753440 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-09-28 13:45 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2015-09-28 13:45 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2015-09-28 13:42 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2015-09-28 13:42 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2015-09-28 13:42 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2015-09-28 13:42 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2015-09-28 13:42 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2015-09-28 13:42 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2015-09-28 13:42 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2015-09-28 13:42 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2015-09-28 13:27 - 2015-09-28 15:24 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieUserList
2015-09-28 13:27 - 2015-09-28 15:24 - 00000000 __SHD C:\Users\Chad\AppData\Local\EmieSiteList
2015-09-28 13:24 - 2015-09-28 13:24 - 00018858 _____ C:\windows\Ascd_log_oobe3.ini
2015-09-28 13:21 - 2015-09-28 13:21 - 00000000 ____D C:\Users\Chad\AppData\Roaming\WebStorage
2015-09-28 13:20 - 2015-09-28 16:13 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Adobe
2015-09-28 13:20 - 2015-09-28 15:13 - 00000363 _____ C:\Users\Chad\Documents\RecentPlaces.lnk
2015-09-28 13:20 - 2015-09-28 13:20 - 00001421 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-09-28 13:20 - 2015-09-28 13:20 - 00000000 ____D C:\Users\Chad\AppData\Local\VirtualStore
2015-09-28 13:20 - 2015-08-05 12:56 - 00275456 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2015-09-28 13:20 - 2015-08-05 12:56 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\jnwmon.dll
2015-09-28 13:20 - 2015-08-05 12:40 - 00216064 _____ (Microsoft Corporation) C:\windows\SysWOW64\InkEd.dll
2015-09-28 13:20 - 2015-07-28 15:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-09-28 13:20 - 2015-07-28 15:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-09-28 13:20 - 2015-07-28 15:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-09-28 13:20 - 2015-07-28 15:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-09-28 13:20 - 2015-07-28 15:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-09-28 13:20 - 2015-07-28 15:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-09-28 13:20 - 2015-07-28 15:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-09-28 13:20 - 2015-07-28 14:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-09-28 13:20 - 2015-07-15 13:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-09-28 13:20 - 2015-07-15 13:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-09-28 13:20 - 2015-07-15 13:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-09-28 13:20 - 2015-06-03 15:16 - 01239720 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2015-09-28 13:20 - 2015-06-03 15:16 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2015-09-28 13:20 - 2015-06-01 19:07 - 00254976 _____ (Microsoft Corporation) C:\windows\system32\cewmdm.dll
2015-09-28 13:20 - 2015-06-01 18:47 - 00210432 _____ (Microsoft Corporation) C:\windows\SysWOW64\cewmdm.dll
2015-09-28 13:20 - 2015-04-29 13:22 - 14635008 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2015-09-28 13:20 - 2015-04-29 13:21 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll
2015-09-28 13:20 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx
2015-09-28 13:20 - 2015-04-29 13:21 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll
2015-09-28 13:20 - 2015-04-29 13:19 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL
2015-09-28 13:20 - 2015-04-29 13:07 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2015-09-28 13:20 - 2015-04-29 13:07 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll
2015-09-28 13:20 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx
2015-09-28 13:20 - 2015-04-29 13:07 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll
2015-09-28 13:20 - 2015-04-29 13:05 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL
2015-09-28 13:20 - 2015-04-17 22:10 - 00460800 _____ (Microsoft Corporation) C:\windows\system32\certcli.dll
2015-09-28 13:20 - 2015-04-17 21:56 - 00342016 _____ (Microsoft Corporation) C:\windows\SysWOW64\certcli.dll
2015-09-28 13:20 - 2015-04-12 22:28 - 00328704 _____ (Microsoft Corporation) C:\windows\system32\services.exe
2015-09-28 13:20 - 2015-01-08 22:14 - 00950272 _____ (Microsoft Corporation) C:\windows\system32\perftrack.dll
2015-09-28 13:20 - 2015-01-08 22:14 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\wdi.dll
2015-09-28 13:20 - 2015-01-08 22:14 - 00029696 _____ (Microsoft Corporation) C:\windows\system32\powertracker.dll
2015-09-28 13:20 - 2015-01-08 21:48 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdi.dll
2015-09-28 13:19 - 2015-09-28 13:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS Music Maker
2015-09-28 13:19 - 2015-08-17 20:42 - 00393304 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-09-28 13:19 - 2015-08-17 20:14 - 00344168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-09-28 13:19 - 2015-08-15 01:48 - 25190400 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-09-28 13:19 - 2015-08-15 01:34 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-09-28 13:19 - 2015-08-15 01:33 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-09-28 13:19 - 2015-08-15 01:18 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-09-28 13:19 - 2015-08-15 01:18 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-09-28 13:19 - 2015-08-15 01:17 - 02886144 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-09-28 13:19 - 2015-08-15 01:17 - 00585216 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-09-28 13:19 - 2015-08-15 01:17 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-09-28 13:19 - 2015-08-15 01:17 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-09-28 13:19 - 2015-08-15 01:10 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-09-28 13:19 - 2015-08-15 01:09 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-09-28 13:19 - 2015-08-15 01:06 - 19856896 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-09-28 13:19 - 2015-08-15 01:06 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-09-28 13:19 - 2015-08-15 01:04 - 00817664 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-09-28 13:19 - 2015-08-15 01:04 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-09-28 13:19 - 2015-08-15 01:04 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-09-28 13:19 - 2015-08-15 01:04 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-09-28 13:19 - 2015-08-15 01:00 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-09-28 13:19 - 2015-08-15 00:57 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-09-28 13:19 - 2015-08-15 00:53 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-09-28 13:19 - 2015-08-15 00:53 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-09-28 13:19 - 2015-08-15 00:46 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-09-28 13:19 - 2015-08-15 00:42 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-09-28 13:19 - 2015-08-15 00:41 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-09-28 13:19 - 2015-08-15 00:40 - 00504832 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-09-28 13:19 - 2015-08-15 00:40 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-09-28 13:19 - 2015-08-15 00:39 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-09-28 13:19 - 2015-08-15 00:39 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-09-28 13:19 - 2015-08-15 00:39 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-09-28 13:19 - 2015-08-15 00:38 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-09-28 13:19 - 2015-08-15 00:35 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-09-28 13:19 - 2015-08-15 00:33 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-09-28 13:19 - 2015-08-15 00:32 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-09-28 13:19 - 2015-08-15 00:30 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-09-28 13:19 - 2015-08-15 00:29 - 00665600 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-09-28 13:19 - 2015-08-15 00:29 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-09-28 13:19 - 2015-08-15 00:29 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-09-28 13:19 - 2015-08-15 00:24 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-09-28 13:19 - 2015-08-15 00:23 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-09-28 13:19 - 2015-08-15 00:22 - 02126336 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-09-28 13:19 - 2015-08-15 00:22 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-09-28 13:19 - 2015-08-15 00:21 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-09-28 13:19 - 2015-08-15 00:16 - 14451712 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-09-28 13:19 - 2015-08-15 00:16 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-09-28 13:19 - 2015-08-15 00:14 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-09-28 13:19 - 2015-08-15 00:12 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-09-28 13:19 - 2015-08-15 00:11 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-09-28 13:19 - 2015-08-15 00:10 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-09-28 13:19 - 2015-08-15 00:07 - 02427392 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-09-28 13:19 - 2015-08-15 00:04 - 12857344 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-09-28 13:19 - 2015-08-15 00:02 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-09-28 13:19 - 2015-08-15 00:01 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-09-28 13:19 - 2015-08-15 00:01 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-09-28 13:19 - 2015-08-14 23:55 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-09-28 13:19 - 2015-08-14 23:43 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-09-28 13:19 - 2015-08-14 23:43 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-09-28 13:19 - 2015-08-14 23:39 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-09-28 13:19 - 2015-08-14 23:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-09-28 13:19 - 2015-07-14 22:17 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2015-09-28 13:19 - 2015-07-14 21:54 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2015-09-28 13:19 - 2015-07-09 12:58 - 01632256 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2015-09-28 13:19 - 2015-07-09 12:58 - 00082944 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2015-09-28 13:19 - 2015-07-09 12:42 - 01372160 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2015-09-28 13:19 - 2015-07-09 12:42 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2015-09-28 13:19 - 2015-07-01 15:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-09-28 13:19 - 2015-07-01 15:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-09-28 13:19 - 2015-07-01 15:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-09-28 13:19 - 2015-07-01 15:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-09-28 13:19 - 2015-06-09 13:03 - 03180544 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2015-09-28 13:19 - 2015-06-09 13:03 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\RdpGroupPolicyExtension.dll
2015-09-28 13:19 - 2015-06-03 15:17 - 00243200 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2015-09-28 13:19 - 2015-05-25 13:19 - 00113664 _____ (Microsoft Corporation) C:\windows\system32\sechost.dll
2015-09-28 13:19 - 2015-05-25 13:18 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\tracerpt.exe
2015-09-28 13:19 - 2015-05-25 13:18 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\logman.exe
2015-09-28 13:19 - 2015-05-25 13:18 - 00047104 _____ (Microsoft Corporation) C:\windows\system32\typeperf.exe
2015-09-28 13:19 - 2015-05-25 13:18 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\relog.exe
2015-09-28 13:19 - 2015-05-25 13:18 - 00019456 _____ (Microsoft Corporation) C:\windows\system32\diskperf.exe
2015-09-28 13:19 - 2015-05-25 13:01 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\sechost.dll
2015-09-28 13:19 - 2015-05-25 13:00 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\tracerpt.exe
2015-09-28 13:19 - 2015-05-25 13:00 - 00082944 _____ (Microsoft Corporation) C:\windows\SysWOW64\logman.exe
2015-09-28 13:19 - 2015-05-25 13:00 - 00040448 _____ (Microsoft Corporation) C:\windows\SysWOW64\typeperf.exe
2015-09-28 13:19 - 2015-05-25 13:00 - 00037888 _____ (Microsoft Corporation) C:\windows\SysWOW64\relog.exe
2015-09-28 13:19 - 2015-05-25 13:00 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\diskperf.exe
2015-09-28 13:19 - 2015-02-02 22:31 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2015-09-28 13:19 - 2015-02-02 22:31 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2015-09-28 13:19 - 2015-02-02 22:30 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll
2015-09-28 13:19 - 2015-02-02 22:30 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2015-09-28 13:19 - 2015-02-02 22:30 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2015-09-28 13:19 - 2015-02-02 22:30 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\pcawrk.exe
2015-09-28 13:19 - 2015-02-02 22:30 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2015-09-28 13:19 - 2015-02-02 22:29 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2015-09-28 13:19 - 2015-02-02 22:28 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2015-09-28 13:19 - 2015-02-02 22:19 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2015-09-28 13:19 - 2015-02-02 22:12 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00171520 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2015-09-28 13:19 - 2015-02-02 22:12 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll
2015-09-28 13:19 - 2015-02-02 22:11 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2015-09-28 13:19 - 2015-02-02 22:11 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2015-09-28 13:19 - 2015-02-02 22:09 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2015-09-28 13:19 - 2015-01-28 22:19 - 02543104 _____ (Microsoft Corporation) C:\windows\system32\wpdshext.dll
2015-09-28 13:19 - 2015-01-28 22:02 - 02311168 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpdshext.dll
2015-09-28 13:19 - 2014-12-18 20:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-09-28 13:19 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2015-09-28 13:19 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2015-09-28 13:19 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2015-09-28 13:19 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2015-09-28 13:19 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2015-09-28 13:18 - 2015-09-28 13:18 - 00000000 ____D C:\Users\Public\Documents\ASUS
2015-09-28 13:18 - 2015-09-28 13:18 - 00000000 ____D C:\ProgramData\MAGIX
2015-09-28 13:18 - 2015-08-04 13:03 - 00692672 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2015-09-28 13:18 - 2015-08-04 13:00 - 00616360 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2015-09-28 13:18 - 2015-08-04 12:56 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll
2015-09-28 13:18 - 2015-08-04 12:56 - 00059392 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll
2015-09-28 13:18 - 2015-08-04 12:56 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll
2015-09-28 13:18 - 2015-08-04 12:55 - 00147456 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe
2015-09-28 13:18 - 2015-08-04 12:55 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe
2015-09-28 13:18 - 2015-08-04 12:47 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll
2015-09-28 13:18 - 2015-08-04 11:58 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys
2015-09-28 13:18 - 2015-07-30 13:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-09-28 13:18 - 2015-07-30 13:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-09-28 13:18 - 2015-07-30 13:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-09-28 13:18 - 2015-07-30 12:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-09-28 13:18 - 2015-07-30 12:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-09-28 13:18 - 2015-06-03 15:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2015-09-28 13:18 - 2015-06-03 15:16 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2015-09-28 13:18 - 2015-06-03 15:16 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2015-09-28 13:18 - 2015-04-24 13:17 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2015-09-28 13:18 - 2015-04-24 12:56 - 00530432 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2015-09-28 13:18 - 2015-04-10 22:19 - 00069888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\stream.sys
2015-09-28 13:18 - 2015-02-02 22:31 - 01424896 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2015-09-28 13:18 - 2015-02-02 22:12 - 01230848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2015-09-28 13:18 - 2014-11-25 22:53 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2015-09-28 13:18 - 2014-11-25 22:32 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2015-09-28 13:18 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2015-09-28 13:18 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2015-09-28 13:18 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2015-09-28 13:18 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2015-09-28 13:18 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2015-09-28 13:18 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2015-09-28 13:18 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2015-09-28 13:18 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2015-09-28 13:18 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2015-09-28 13:18 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2015-09-28 13:18 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2015-09-28 13:18 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2015-09-28 13:18 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2015-09-28 13:18 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2015-09-28 13:18 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2015-09-28 13:18 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2015-09-28 13:18 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2015-09-28 13:18 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2015-09-28 13:18 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2015-09-28 13:18 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2015-09-28 13:18 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2015-09-28 13:18 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2015-09-28 13:17 - 2015-08-05 12:56 - 01110016 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2015-09-28 13:17 - 2013-09-16 12:17 - 00016344 _____ (Intel Corporation) C:\windows\system32\Drivers\IntelMEFWVer.dll
2015-09-28 13:16 - 2015-09-28 13:17 - 00000086 _____ C:\windows\MEI.log
2015-09-28 13:16 - 2015-09-28 13:16 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-09-28 13:16 - 2015-09-28 13:16 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Intel Corporation
2015-09-28 13:16 - 2015-09-28 13:16 - 00000000 ____D C:\Users\Chad\AppData\Roaming\InstallShield
2015-09-28 13:16 - 2015-09-28 12:46 - 00115208 _____ C:\Users\Chad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-09-28 13:16 - 2013-09-16 12:17 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2015-09-28 13:16 - 2013-09-16 12:17 - 00099288 _____ (Intel Corporation) C:\windows\system32\Drivers\TeeDriverx64.sys
2015-09-28 13:15 - 2015-09-28 13:17 - 00000000 ____D C:\ProgramData\Intel
2015-09-28 13:15 - 2015-09-28 13:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-09-28 13:14 - 2015-09-28 13:14 - 00000000 ____D C:\Users\Chad\Intel
2015-09-28 13:14 - 2014-12-18 22:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2015-09-28 13:14 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2015-09-28 13:14 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2015-09-28 13:14 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2015-09-28 13:13 - 2015-09-29 11:21 - 01652810 _____ C:\windows\WindowsUpdate.log
2015-09-28 13:13 - 2015-09-28 15:36 - 00000000 ____D C:\Users\Chad
2015-09-28 13:13 - 2015-09-28 13:13 - 00000020 ___SH C:\Users\Chad\ntuser.ini
2015-09-28 13:13 - 2015-09-28 13:13 - 00000000 ____D C:\Users\Chad\AppData\Local\ASUS
2015-09-28 13:13 - 2015-09-28 12:41 - 00002141 _____ C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-09-28 13:13 - 2015-07-14 22:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-09-28 13:13 - 2009-07-13 23:54 - 00000000 ___RD C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-28 13:13 - 2009-07-13 23:49 - 00000000 ___RD C:\Users\Chad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-09-28 13:12 - 2015-06-17 12:47 - 00404992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2015-09-28 13:12 - 2015-06-17 12:37 - 00312320 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2015-09-28 13:11 - 2015-07-22 19:06 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-09-28 13:11 - 2015-07-22 19:03 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-09-28 13:11 - 2015-07-22 19:03 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-09-28 13:11 - 2015-07-22 19:03 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-09-28 13:11 - 2015-07-22 19:03 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-09-28 13:11 - 2015-07-22 19:03 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 01390592 _____ (Microsoft Corporation) C:\windows\system32\diagtrack.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\tdh.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\windows\system32\advapi32.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-09-28 13:11 - 2015-07-22 19:02 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-09-28 13:11 - 2015-07-22 19:02 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-09-28 13:11 - 2015-07-22 19:02 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-09-28 13:11 - 2015-07-22 19:01 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-09-28 13:11 - 2015-07-22 18:52 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 18:52 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:57 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-09-28 13:11 - 2015-07-22 12:57 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-09-28 13:11 - 2015-07-22 12:54 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-09-28 13:11 - 2015-07-22 12:53 - 00641536 _____ (Microsoft Corporation) C:\windows\SysWOW64\advapi32.dll
2015-09-28 13:11 - 2015-07-22 12:53 - 00635392 _____ (Microsoft Corporation) C:\windows\SysWOW64\tdh.dll
2015-09-28 13:11 - 2015-07-22 12:53 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-09-28 13:11 - 2015-07-22 12:53 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-09-28 13:11 - 2015-07-22 12:52 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-09-28 13:11 - 2015-07-22 12:52 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-09-28 13:11 - 2015-07-22 12:52 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-09-28 13:11 - 2015-07-22 12:52 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 12:42 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 11:48 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\UtcResources.dll
2015-09-28 13:11 - 2015-07-22 11:34 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-09-28 13:11 - 2015-07-22 11:34 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-09-28 13:11 - 2015-07-22 11:31 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 11:31 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 11:31 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-09-28 13:11 - 2015-07-22 11:31 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-09-28 13:11 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-09-28 13:11 - 2015-07-09 12:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-09-28 13:11 - 2015-07-09 12:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-09-28 13:11 - 2015-07-04 13:07 - 02087424 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2015-09-28 13:11 - 2015-07-04 12:48 - 01414656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2015-09-28 13:11 - 2015-06-15 16:45 - 03242496 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2015-09-28 13:11 - 2015-06-15 16:45 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2015-09-28 13:11 - 2015-06-15 16:44 - 00128000 _____ (Microsoft Corporation) C:\windows\system32\msiexec.exe
2015-09-28 13:11 - 2015-06-15 16:43 - 02364416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2015-09-28 13:11 - 2015-06-15 16:43 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2015-09-28 13:11 - 2015-06-15 16:42 - 00073216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msiexec.exe
2015-09-28 13:11 - 2015-06-15 16:42 - 00025088 _____ (Microsoft Corporation) C:\windows\system32\msimsg.dll
2015-09-28 13:11 - 2015-06-15 16:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msimsg.dll
2015-09-28 13:11 - 2015-06-03 15:17 - 00459336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2015-09-28 13:11 - 2015-04-27 14:23 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2015-09-28 13:11 - 2015-04-27 14:23 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2015-09-28 13:11 - 2015-04-27 14:23 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2015-09-28 13:11 - 2015-04-27 14:23 - 00140288 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2015-09-28 13:11 - 2015-04-27 14:05 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2015-09-28 13:11 - 2015-04-27 14:04 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2015-09-28 13:11 - 2015-04-27 14:04 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll
2015-09-28 13:11 - 2015-04-27 14:04 - 00103936 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2015-09-28 13:11 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2015-09-28 13:11 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2015-09-28 13:10 - 2015-08-27 13:18 - 02004480 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-09-28 13:10 - 2015-08-27 13:18 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-09-28 13:10 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-09-28 13:10 - 2015-08-27 13:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-09-28 13:10 - 2015-08-27 12:58 - 01391104 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-09-28 13:10 - 2015-08-27 12:58 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-09-28 13:10 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-09-28 13:10 - 2015-08-27 12:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-09-28 13:10 - 2015-06-25 05:06 - 00115136 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2015-09-28 13:10 - 2015-06-25 05:01 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2015-09-28 13:10 - 2015-06-25 05:01 - 00070656 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2015-09-28 13:10 - 2015-06-25 04:44 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2015-09-28 13:10 - 2015-02-24 22:18 - 00754688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2015-09-28 13:10 - 2015-02-18 02:06 - 00123904 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2015-09-28 13:10 - 2015-02-18 02:04 - 00142336 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2015-09-28 13:10 - 2015-01-16 21:48 - 01067520 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2015-09-28 13:10 - 2015-01-16 21:30 - 00828928 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2015-09-28 13:10 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2015-09-28 13:10 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2015-09-28 13:10 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2015-09-28 13:10 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2015-09-28 13:08 - 2015-03-03 23:41 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\apphelp.dll
2015-09-28 13:08 - 2015-03-03 23:41 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\aelupsvc.dll
2015-09-28 13:08 - 2015-03-03 23:41 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\sdbinst.exe
2015-09-28 13:08 - 2015-03-03 23:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\shimeng.dll
2015-09-28 13:08 - 2015-03-03 23:11 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\shimeng.dll
2015-09-28 13:08 - 2015-03-03 23:10 - 00295936 _____ (Microsoft Corporation) C:\windows\SysWOW64\apphelp.dll
2015-09-28 13:08 - 2015-03-03 23:10 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\sdbinst.exe
2015-09-28 13:07 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\usp10.dll
2015-09-28 13:07 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\windows\SysWOW64\usp10.dll
2015-09-28 13:06 - 2014-12-05 23:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-09-28 13:06 - 2014-12-05 22:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-09-28 13:06 - 2014-12-05 22:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-09-28 13:05 - 2015-07-10 12:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-09-28 13:05 - 2015-07-10 12:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-09-28 13:05 - 2014-12-07 22:09 - 00406528 _____ (Microsoft Corporation) C:\windows\system32\scesrv.dll
2015-09-28 13:05 - 2014-12-07 21:46 - 00308224 _____ (Microsoft Corporation) C:\windows\SysWOW64\scesrv.dll
2015-09-28 13:04 - 2015-09-01 22:04 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-09-28 13:04 - 2015-09-01 22:04 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-09-28 13:04 - 2015-09-01 22:04 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-09-28 13:04 - 2015-09-01 22:04 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-09-28 13:04 - 2015-09-01 21:48 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-09-28 13:04 - 2015-09-01 21:48 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-09-28 13:04 - 2015-09-01 21:48 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-09-28 13:04 - 2015-09-01 21:47 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-09-28 13:04 - 2015-09-01 20:51 - 03209216 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-09-28 13:04 - 2015-09-01 20:47 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-09-28 13:04 - 2015-09-01 20:33 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 03165696 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-09-28 13:04 - 2015-08-26 13:07 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-09-28 13:04 - 2015-08-26 13:06 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-09-28 13:04 - 2015-08-26 13:06 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-09-28 13:04 - 2015-08-26 13:06 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-09-28 13:04 - 2015-08-26 13:06 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-09-28 13:04 - 2015-08-26 12:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-09-28 13:04 - 2015-08-26 12:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-09-28 13:04 - 2015-08-26 12:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-09-28 13:04 - 2015-08-26 12:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-09-28 13:04 - 2015-08-26 12:55 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-09-28 13:04 - 2015-03-03 23:55 - 00367552 _____ (Microsoft Corporation) C:\windows\system32\clfs.sys
2015-09-28 13:04 - 2015-03-03 23:41 - 00079360 _____ (Microsoft Corporation) C:\windows\system32\clfsw32.dll
2015-09-28 13:04 - 2015-03-03 23:10 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\clfsw32.dll
2015-09-28 12:57 - 2015-02-03 22:16 - 00465920 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2015-09-28 12:57 - 2015-02-03 21:54 - 00417792 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2015-09-28 12:57 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2015-09-28 12:57 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2015-09-28 12:43 - 2015-09-28 12:43 - 00000000 __RHD C:\MSOCache
2015-09-28 12:41 - 2015-09-28 12:41 - 00000000 ___RD C:\Users\Chad\OneDrive
2015-09-28 12:39 - 2015-09-28 12:39 - 00000000 ____D C:\windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-09-28 12:38 - 2015-09-28 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-09-28 12:37 - 2015-09-28 15:31 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-28 12:31 - 2015-09-28 12:31 - 00001945 _____ C:\windows\epplauncher.mif
2015-09-28 12:31 - 2015-09-28 12:31 - 00000000 ____D C:\Users\Chad\AppData\Roaming\Macromedia
2015-09-28 12:30 - 2015-09-28 15:16 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-09-28 12:30 - 2015-09-28 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-28 12:30 - 2015-09-28 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-28 12:30 - 2015-09-28 12:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-28 12:30 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2015-09-28 12:30 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2015-09-28 12:30 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2015-09-28 12:29 - 2015-09-28 12:29 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Chad\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-28 12:28 - 2015-09-28 12:28 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-09-28 12:28 - 2015-09-28 12:28 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-09-28 12:28 - 2015-09-28 12:28 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-09-29 10:00 - 2014-06-12 05:00 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-29 04:01 - 2009-07-13 22:20 - 00000000 ____D C:\windows\rescache
2015-09-29 03:42 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-29 03:42 - 2009-07-13 23:45 - 00016976 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-29 03:31 - 2009-07-13 22:20 - 00000000 ____D C:\windows\AppCompat
2015-09-29 03:29 - 2009-07-14 00:13 - 00783606 _____ C:\windows\system32\PerfStringBackup.INI
2015-09-29 03:24 - 2009-07-14 00:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-09-29 03:24 - 2009-07-13 23:51 - 00047206 _____ C:\windows\setupact.log
2015-09-29 03:23 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\SysWOW64\winrm
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\SysWOW64\WCN
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\SysWOW64\sysprep
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\SysWOW64\slmgr
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\SysWOW64\Printing_Admin_Scripts
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\system32\winrm
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\system32\WCN
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\system32\slmgr
2015-09-29 03:23 - 2011-04-12 03:17 - 00000000 ____D C:\windows\system32\Printing_Admin_Scripts
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Sidebar
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-09-29 03:23 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\Setup
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\oobe
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\MUI
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\migwiz
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\Dism
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\SysWOW64\com
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\sysprep
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Setup
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\oobe
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\MUI
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\migwiz
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Dism
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\com
2015-09-29 03:23 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\System
2015-09-29 03:22 - 2009-07-13 22:20 - 00000000 ____D C:\windows\servicing
2015-09-29 03:22 - 2009-07-13 22:20 - 00000000 ____D C:\windows\IME
2015-09-29 03:22 - 2009-07-13 22:20 - 00000000 ____D C:\windows\Globalization
2015-09-28 15:36 - 2014-06-12 05:00 - 00000000 ____D C:\Intel
2015-09-28 15:36 - 2009-07-13 22:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-09-28 15:35 - 2010-11-20 22:47 - 00014422 _____ C:\windows\PFRO.log
2015-09-28 15:35 - 2009-07-13 22:20 - 00000000 ____D C:\windows\tracing
2015-09-28 15:27 - 2014-06-12 05:30 - 03059076 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2015-09-28 15:09 - 2009-07-13 23:45 - 00412600 _____ C:\windows\system32\FNTCACHE.DAT
2015-09-28 15:08 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\AdvancedInstallers
2015-09-28 15:08 - 2009-07-13 22:20 - 00000000 ____D C:\windows\PolicyDefinitions
2015-09-28 13:51 - 2009-07-13 22:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-09-28 13:25 - 2013-05-21 02:22 - 00000000 ____D C:\windows\SysWOW64\OEM
2015-09-28 13:25 - 2013-05-21 02:22 - 00000000 ____D C:\windows\Panther
2015-09-28 13:24 - 2014-06-12 05:00 - 00011078 _____ C:\windows\Ascd_tmp.ini
2015-09-28 13:24 - 2014-06-12 05:00 - 00002175 _____ C:\windows\scd.ini
2015-09-28 13:24 - 2014-06-12 05:00 - 00002162 _____ C:\windows\Ascd_HDI_log.ini
2015-09-28 13:24 - 2014-06-12 05:00 - 00001769 _____ C:\windows\Language_trs.ini
2015-09-28 13:24 - 2014-06-12 05:00 - 00000672 _____ C:\windows\As_Utilities.log
2015-09-28 13:24 - 2014-06-12 05:00 - 00000251 _____ C:\windows\InstAll_result.log
2015-09-28 13:24 - 2014-06-12 05:00 - 00000000 _____ C:\windows\Ascd_err.ini
2015-09-28 13:19 - 2014-06-12 05:00 - 00019111 _____ C:\windows\Ascd_log_oobe1.ini
2015-09-28 13:19 - 2014-06-12 05:00 - 00018857 _____ C:\windows\Ascd_log_oobe2.ini
2015-09-28 13:18 - 2014-06-12 05:25 - 00000000 ____D C:\ProgramData\ASUS
2015-09-28 13:18 - 2014-06-12 05:25 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-09-28 13:16 - 2014-06-12 05:21 - 00000000 ____D C:\Program Files\Intel
2015-09-28 13:16 - 2014-06-12 05:01 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-09-28 13:16 - 2014-06-12 05:00 - 00000000 ____D C:\Program Files (x86)\Intel
2015-09-28 13:14 - 2009-07-14 00:32 - 00000000 ____D C:\windows\system32\restore
2015-09-28 13:13 - 2013-05-21 02:38 - 00000000 __SHD C:\Recovery
2015-09-28 13:13 - 2009-07-13 22:20 - 00000000 ____D C:\windows\system32\Recovery
2015-09-28 12:46 - 2014-06-12 06:24 - 00000000 ____D C:\ProgramData\McAfee
2015-09-28 12:46 - 2014-06-12 06:24 - 00000000 ____D C:\Program Files\Common Files\mcafee
 
==================== Files in the root of some directories =======
 
2014-06-12 05:01 - 2014-06-12 05:01 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll => File is digitally signed
C:\windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-09-28 18:36
 
==================== End of FRST.txt ============================

Attached Files



#7 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 29 September 2015 - 01:26 PM

Hi,

 

Seems all clean to me. :)

 

All Clean!
Congratulations, your computer seems to be clean again! I don't see any more signs of malware present on your PC. I feel glad to tell you that we are done here! The steps below will remove the tools we have used, and reset any settings changed. I have also provided a list of recourses and tools that you might find useful and included some other advices and information.


=================================== Clean up & Windows Update ===================================



1. Download DelFix and save the file to your Desktop.
  • Double-click DelFix.exe to run the programme.
  • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset system settings
  • Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + Delete).

2. We need to install any available updates for your Windows operating system so you will be more protected against malware.
  • Go to Start > All Programs > Windows Update.
  • Once Windows Update has opened, click Check for updates in the left menu.
  • When the program has finished it's search for updates, please click on one of the "X important update(s) available" links (where X represents a number).
  • You're able to select which updates you want to install now. Please select ALL updates on both tabs (Required and Optional).
  • Now click the Install (or OK) button and click Install updates.
  • If a reboot is required to install updates, please allow Windows Update to do so.


================================= Reading material & Prevention =================================



I have compiled below a list of articles you may find useful. The articles document information on computer security, common infection vectors and how you can stay safe on the Internet.



The following programmes come highly recommended in the security community.
  • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
  • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
  • Malwarebytes' Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
  • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
  • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
  • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
  • Secunia PSI will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
  • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
  • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.


====================================== Other notes from me ======================================



I want to thank you for your co-operation and trust during the malware removal process. Beside that I want to give you one last advice: Never use any of the specialized tools used in this topic yourself, without proper supervision by a Malware Removal Team member. These tools/programs were developed to be used under supervision and can cause real damage to your system if not used properly.

My help will always be free! However, if you're happy with the help provided and/or want to buy me a drink, you can consider a donation:
btn_donate_SM.gif



===================================== Confirmation of issues =====================================



Please confirm if you have no outstanding issues, and are happy with the state of your computer. Also please tell me if you got any questions left regarding the removal process we went through and the information I gave you in this post.


Edited by Black_Bird, 29 September 2015 - 01:29 PM.

Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.


#8 Black_Bird

Black_Bird

  • Malware Response Team
  • 228 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:02 AM

Posted 01 October 2015 - 05:22 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Kind regards,
Black_Bird
 

What to do when your computer is infected? Read here!

The Bleeping Computer Board Rules - The Moderating Team


If I am directly helping you on a topic and I've not replied within 24 hours please send me a Private Message with a link to your topic.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users