Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random filenames sometimes appear in TEMP folder


  • This topic is locked This topic is locked
6 replies to this topic

#1 Brain2000

Brain2000

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 13 January 2016 - 06:58 PM

Random filenames sometimes appear in TEMP folder that are inaccessible.  I have tried to take ownership with an access denied.  I've tried both through the GUI and takeown.exe at the command prompt.  (yes, both are running elevated).  After a while, the temp file can disappear.

The last one I saw was a name such as "ufjejdhufh.puf" (I don't know if the extension was purposely PUF or if that was random).

Note: The PCRALM.CAB file that shows up is for our software in house that we use (I'm a developer so I know exactly what is in this file).

 

Thank you for looking at this.  Please let me know if I should provide anything else.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by bcoverstone (administrator) on COVERSTONE (13-01-2016 18:53:44)
Running from D:\
Loaded Profiles: bcoverstone (Available Profiles: bcoverstone & COVERSTONE_SP & root & MSSQLSERVER & Classic .NET AppPool)
Platform: Windows Server 2008 R2 Datacenter Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\WMSvc.exe
(Microsoft Corporation) C:\Windows\System32\vmms.exe
(Microsoft Corporation) C:\Windows\System32\wsrm.exe
(Microsoft Corporation) C:\Windows\Cluster\clussvc.exe
(Microsoft Corporation) C:\Windows\Cluster\rhs.exe
(Microsoft Corporation) C:\Windows\Cluster\rhs.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\MDM.EXE
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [slackMachineInstaller] => %ProgramFiles%\Slack Installer\slack.exe --checkInstall
HKLM\...\Policies\Explorer: [ShowSuperHidden] 1
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: E - E:\setup.exe
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: G - G:\setup.exe
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: {0a420622-846e-11e1-966e-1c6f6551fd6d} - G:\LaunchU3.exe -a
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: {31aa42fa-f180-11e3-96d8-02004c4f4f50} - F:\TL-Bootstrap.exe
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: {64d87d90-2777-11e2-aa54-1c6f6551fd6d} - G:\TL-Bootstrap.exe
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: {82aad4c6-4ddb-11e2-abaa-1c6f6551fd6d} - E:\TL_Bootstrap.exe
HKU\S-1-5-21-1547161642-492894223-839522115-1111\...\MountPoints2: {ba50b009-6154-11e0-be1a-6cf049d2608b} - I:\TL-Bootstrap.exe
Lsa: [Notification Packages] scecli rassfm
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2015-12-08]
ShortcutTarget: Microsoft Office.lnk -> D:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Users\bcoverstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-01-12]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.10.14 192.168.10.11
Tcpip\..\Interfaces\{196C9399-2DDB-414D-9E2F-89DE71FC9C5F}: [DhcpNameServer] 192.168.10.11 192.168.10.12
Tcpip\..\Interfaces\{8AAEC0B6-7CEC-4891-A1BB-DA302F224C6D}: [DhcpNameServer] 192.168.10.14 192.168.10.11

Internet Explorer:
==================
HKU\S-1-5-21-1547161642-492894223-839522115-1111\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/
HKU\S-1-5-21-1547161642-492894223-839522115-1111\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://vnoc-1.pcrecruiter.net/
hxxps://192.168.0.99/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Program Files\Java\jre7\bin\ssv.dll [2015-08-26] (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-08-26] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-11-10] (Microsoft Corporation)
DPF: HKLM {254AA86E-5655-4518-AA87-185D7CC41801} hxxps://secure.logmeinrescue.com/TechConsole/x64/RescueControl.cab
DPF: HKLM {8B3512EF-4FF5-4AA4-9CDE-56BB03E04B9F} hxxps://sftus.one.microsoft.com/SAXFileEE.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: HKLM-x32 {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1445359012487
DPF: HKLM-x32 {8DD728F1-7A97-4606-968A-F3F27D05ED33} hxxp://192.168.10.48/Digia2.cab
DPF: HKLM-x32 {8FAC20B4-0B1D-4BAC-BCE0-59DA519DEE67} hxxp://mstdev1/pcrimg/PCRALM.CAB
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Homepage: hxxps://www.malwarebytes.org/restorebrowser/_ir_15_44&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyE0E0EtDtBtDyDtByEtCyDtAyCtCzztDtN0D0Tzu0StCtAzyzytN1L2XzutAtFtCyEtFtDtFtCtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyDtDtByBzyzytC0DtGtD0C0BtAtG0DzzyEtDtGtAtBtDyCtGzz0C0D0EtAyD0ByByB0AyDzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyDyEtC0DtB0F0AtCtG0DyB0A0FtGyEtBtB0FtG0BtCtCtCtGtC0E0FtAyDtCtDtCzyzytD0D2QtN0A0LzutB%26cr%3D1006567276%26a%3Dwncy_ir_15_44%26os%3DWindows%2BServer%2B2008%2BR2%2BDatacenter
FF Plugin: @java.com/DTPlugin,version=10.80.2 -> D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.80.2 -> D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-08-26] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\Microsoft Office\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1547161642-492894223-839522115-1111: @citrixonline.com/appdetectorplugin -> C:\Users\bcoverstone\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2014-03-25] (Citrix Online)
FF Extension: Test Suite Batch Converter (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\batch-converter_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Selenium IDE: C# Formatters - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\csharpformatters@seleniumhq.org.xpi [2013-10-23] [not signed]
FF Extension: File Logging (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\file-logging_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: FireDiff - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\firediff@johnjbarton.com.xpi [2013-12-19] [not signed]
FF Extension: Highlight Elements (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\highlight-elements_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Log Search Bar (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\log-search-bar_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Power Debugger (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\power-debugger_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Selenium Expert (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\selenium-expert_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Stored Variables (Selenium IDE) - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\view-stored-vars_selenium-ide@Samit.Badle.xpi [2013-07-16] [not signed]
FF Extension: Selenium IDE - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\{a6fd85ed-e919-4a43-a5af-8da18bda539f}.xpi [2013-10-23] [not signed]
FF Extension: Firebug - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\Extensions\firebug@software.joehewitt.com.xpi [2014-04-16] [not signed]
FF Extension: Selenium IDE: Java Formatters - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\Extensions\javaformatters@seleniumhq.org.xpi [2013-10-23] [not signed]
FF Extension: Selenium IDE: Python Formatters - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\Extensions\pythonformatters@seleniumhq.org.xpi [2013-10-23] [not signed]
FF Extension: Selenium IDE: Ruby Formatters - C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\Extensions\rubyformatters@seleniumhq.org.xpi [2013-10-23] [not signed]

Chrome:
=======
CHR Profile: C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Store) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-18]
CHR Extension: (Google Drive) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-05]
CHR Extension: (Google Search) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Store) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-25]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-31]
CHR Extension: (Gmail) - C:\Users\bcoverstone\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 AppFabricCachingService; c:\Program Files\AppFabric 1.1 for Windows Server\DistributedCacheService.exe [16240 2011-11-29] (Microsoft Corporation)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ClusSvc; C:\Windows\Cluster\clussvc.exe [4584448 2010-11-20] (Microsoft Corporation)
S3 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.) [File not signed]
S3 EMP_NSWLSV; C:\Program Files (x86)\EPSON Projector\EasyMP Network Projection V2\EMP_NSWLSV.exe [98304 2010-12-15] (SEIKO EPSON CORPORATION) [File not signed]
S3 FCRegSvc; C:\Windows\system32\FCRegSvc.dll [25600 2009-07-13] (Microsoft Corporation)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-19] (Microsoft Corporation) [File not signed]
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
S3 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22768 2014-04-17] (Microsoft Corporation)
S2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [92816 2015-06-19] (Microsoft Corporation)
S4 MSSQL$MICROSOFT##SSEE; C:\Windows\SYSMSI\SSEE\MSSQL.2005\MSSQL\Binn\sqlservr.exe [39627104 2010-12-10] (Microsoft Corporation)
S3 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [372416 2015-06-09] (Microsoft Corporation)
S3 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2013-01-02] () [File not signed]
S3 NirvanaService32; D:\iDNA_Trace\x64\wow64\NirvanaService.exe [46080 2012-10-01] (Microsoft Corporation) [File not signed]
S3 NirvanaService64; D:\iDNA_Trace\x64\NirvanaService.exe [54784 2012-10-01] (Microsoft Corporation) [File not signed]
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [447784 2007-12-13] () [File not signed]
S3 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1720608 2014-07-25] (NVIDIA Corporation)
R2 nvspwmi; C:\Windows\system32\nvspwmi.dll [407040 2010-11-20] (Microsoft Corporation)
S3 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18956064 2014-07-25] (NVIDIA Corporation)
S3 RavenDB; D:\RavenDB\Raven.Server.exe [125440 2015-06-02] (Hibernating Rhinos) [File not signed]
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
S3 RSoPProv; C:\Windows\system32\RSoPProv.exe [91648 2009-07-13] (Microsoft Corporation)
S3 sacsvr; C:\Windows\system32\sacsvr.dll [14848 2009-07-13] (Microsoft Corporation)
S3 SolarWinds TFTP Server; C:\Program Files (x86)\SolarWinds\TFTPServer\SolarWinds TFTP Server.exe [54784 2010-06-10] (SolarWinds) [File not signed]
S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL12.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [613056 2015-06-09] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
S3 UsbClientService; D:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-05-11] ()
R2 vhdsvc; C:\Windows\system32\vhdsvc.dll [193024 2010-11-20] (Microsoft Corporation)
S3 Visual Studio Analyzer RPC bridge; D:\Program Files (x86)\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) [File not signed]
R2 vmms; C:\Windows\system32\vmms.exe [4625408 2010-11-20] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 VSStandardCollectorService140; D:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [52968 2015-07-06] (Microsoft Corporation)
S3 WDSServer; C:\Windows\system32\wdssrv.dll [142848 2009-07-13] (Microsoft Corporation)
S3 WebTool; C:\Program Files (x86)\Microsoft Web Application Stress Tool\webtool.exe [705024 2000-02-04] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
R2 WSRM; C:\Windows\system32\wsrm.exe [1330688 2009-07-13] (Microsoft Corporation)
S3 atashost; "C:\Windows\SysWOW64\atashost.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW76.sys [94208 2013-09-24] (Advanced Micro Devices) [File not signed]
R1 ClusDisk; C:\Windows\System32\DRIVERS\ClusDisk.sys [33280 2010-11-20] (Microsoft Corporation)
S3 CSVFilter; C:\Windows\System32\drivers\CSVFilter.sys [156160 2010-11-20] (Microsoft Corporation)
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 EPPVAD2_simple; C:\Windows\System32\drivers\EMP_NSAU.sys [23040 2010-12-15] (SEIKO EPSON CORPORATION)
R1 hvboot; C:\Windows\System32\drivers\hvboot.sys [118208 2015-11-05] (Microsoft Corporation)
S3 ioatdma; C:\Windows\System32\Drivers\qd260x64.sys [35328 2009-06-10] (Intel Corporation)
R4 KProcessHacker2; D:\Program Files\Process Hacker 2\kprocesshacker.sys [35400 2011-02-24] (wj32)
S3 mojito; C:\Windows\System32\Drivers\mojito_x64.sys [48488 2009-11-16] ()
R3 Netft; C:\Windows\System32\DRIVERS\netft.sys [86528 2009-07-13] (Microsoft Corporation)
S4 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()
S3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 passthruparser; C:\Windows\System32\drivers\passthruparser.sys [20992 2010-11-20] (Microsoft Corporation)
S4 RsFx0310; C:\Windows\System32\DRIVERS\RsFx0310.sys [249024 2015-04-20] (Microsoft Corporation)
S0 sacdrv; C:\Windows\System32\DRIVERS\sacdrv.sys [96320 2009-07-13] (Microsoft Corporation)
S3 ser2at; C:\Windows\System32\DRIVERS\ser2at64.sys [100352 2011-01-05] (Prolific Technology Inc.)
R0 SIS; C:\Windows\System32\drivers\sis.sys [133488 2011-09-07] (Microsoft Corporation)
S4 vhdparser; C:\Windows\System32\drivers\vhdparser.sys [17408 2010-11-20] (Microsoft Corporation)
R3 VMSMP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-13] (Microsoft Corporation)
S3 VMSP; C:\Windows\System32\DRIVERS\vmswitch.sys [407552 2011-05-13] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [40392 2012-07-25] (Microsoft Corporation)
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: R300 -> no filepath.
NETSVC: sacsvr -> C:\Windows\system32\sacsvr.dll (Microsoft Corporation)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 17:51 - 2016-01-13 18:53 - 00000000 ____D C:\FRST
2016-01-13 03:29 - 2015-12-08 16:53 - 00509952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-01-13 03:29 - 2015-12-08 14:07 - 00624640 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-01-13 03:11 - 2015-12-08 16:54 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-01-13 03:11 - 2015-12-08 16:54 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 01568768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 01325056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00902144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00815616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00739328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00541184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00358400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-01-13 03:11 - 2015-12-08 16:54 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00970240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00609280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00241152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00206848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qasf.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-01-13 03:11 - 2015-12-08 16:53 - 00153600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-01-13 03:11 - 2015-12-08 16:53 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-01-13 03:11 - 2015-12-08 16:53 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2016-01-13 03:11 - 2015-12-08 16:53 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2016-01-13 03:11 - 2015-12-08 16:53 - 00004608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksuser.dll
2016-01-13 03:11 - 2015-12-08 16:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 01955328 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 01575424 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 01573888 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 01393152 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 01232896 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 01153024 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00978944 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00666112 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00632320 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00378880 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00292352 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00254464 _____ (Microsoft Corporation) C:\Windows\system32\qasf.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00224768 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-01-13 03:11 - 2015-12-08 14:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-01-13 03:11 - 2015-12-08 14:07 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2016-01-13 03:11 - 2015-12-08 14:07 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\ksuser.dll
2016-01-13 03:11 - 2015-12-08 14:06 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-01-13 03:11 - 2015-12-08 14:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2016-01-13 03:11 - 2015-12-08 14:04 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2016-01-13 03:11 - 2015-12-08 13:54 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2016-01-13 03:11 - 2015-12-08 13:12 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-01-13 03:11 - 2015-12-08 13:11 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmkaud.sys
2016-01-13 03:09 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapistub.dll
2016-01-13 03:09 - 2015-11-13 18:09 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\mapi32.dll
2016-01-13 03:09 - 2015-11-13 18:08 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\fixmapi.exe
2016-01-13 03:09 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapistub.dll
2016-01-13 03:09 - 2015-11-13 17:50 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mapi32.dll
2016-01-13 03:09 - 2015-11-13 17:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fixmapi.exe
2016-01-13 03:06 - 2015-12-30 14:08 - 05572544 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-01-13 03:06 - 2015-12-30 14:08 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-01-13 03:06 - 2015-12-30 14:08 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-01-13 03:06 - 2015-12-30 14:05 - 01730496 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-01-13 03:06 - 2015-12-30 14:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-01-13 03:06 - 2015-12-30 14:01 - 01214464 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-01-13 03:06 - 2015-12-30 14:01 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-01-13 03:06 - 2015-12-30 14:01 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-01-13 03:06 - 2015-12-30 14:01 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-01-13 03:06 - 2015-12-30 14:01 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-01-13 03:06 - 2015-12-30 14:00 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-01-13 03:06 - 2015-12-30 13:59 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-01-13 03:06 - 2015-12-30 13:59 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-01-13 03:06 - 2015-12-30 13:59 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-01-13 03:06 - 2015-12-30 13:58 - 01461248 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-01-13 03:06 - 2015-12-30 13:58 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-01-13 03:06 - 2015-12-30 13:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-01-13 03:06 - 2015-12-30 13:57 - 00729600 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-01-13 03:06 - 2015-12-30 13:57 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-01-13 03:06 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-01-13 03:06 - 2015-12-30 13:55 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-01-13 03:06 - 2015-12-30 13:55 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:47 - 03993536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-01-13 03:06 - 2015-12-30 13:47 - 03938240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-01-13 03:06 - 2015-12-30 13:44 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-01-13 03:06 - 2015-12-30 13:41 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-01-13 03:06 - 2015-12-30 13:40 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-01-13 03:06 - 2015-12-30 13:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-01-13 03:06 - 2015-12-30 13:39 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-01-13 03:06 - 2015-12-30 13:39 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-01-13 03:06 - 2015-12-30 13:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-01-13 03:06 - 2015-12-30 13:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-01-13 03:06 - 2015-12-30 13:38 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-01-13 03:06 - 2015-12-30 13:38 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 13:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 12:57 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-01-13 03:06 - 2015-12-30 12:50 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-01-13 03:06 - 2015-12-30 12:44 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-01-13 03:06 - 2015-12-30 12:43 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-01-13 03:06 - 2015-12-30 12:42 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-01-13 03:06 - 2015-12-30 12:42 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-01-13 03:06 - 2015-12-30 12:41 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-01-13 03:06 - 2015-12-30 12:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-01-13 03:06 - 2015-12-30 12:32 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-01-13 03:06 - 2015-12-30 12:32 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-01-13 03:06 - 2015-12-30 12:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-01-13 03:06 - 2015-12-30 12:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-01-13 03:06 - 2015-12-30 12:30 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-01-13 03:06 - 2015-12-30 12:30 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 12:30 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 12:30 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-01-13 03:06 - 2015-12-30 12:30 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-01-13 03:04 - 2015-12-08 12:58 - 03211264 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-01-13 03:03 - 2015-12-08 16:52 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-01-13 03:03 - 2015-12-08 14:07 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-01-13 03:02 - 2015-12-23 18:13 - 00387784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-01-13 03:02 - 2015-12-23 17:52 - 00341192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-01-13 03:02 - 2015-12-12 13:54 - 25837568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-01-13 03:02 - 2015-12-12 13:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-01-13 03:02 - 2015-12-12 13:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-01-13 03:02 - 2015-12-12 13:16 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-01-13 03:02 - 2015-12-12 13:15 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-01-13 03:02 - 2015-12-12 13:15 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-01-13 03:02 - 2015-12-12 13:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-01-13 03:02 - 2015-12-12 13:14 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-01-13 03:02 - 2015-12-12 13:07 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-01-13 03:02 - 2015-12-12 13:07 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-01-13 03:02 - 2015-12-12 13:03 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-01-13 03:02 - 2015-12-12 13:02 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-01-13 03:02 - 2015-12-12 13:02 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-01-13 03:02 - 2015-12-12 13:02 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-01-13 03:02 - 2015-12-12 13:02 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-01-13 03:02 - 2015-12-12 12:55 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-01-13 03:02 - 2015-12-12 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-01-13 03:02 - 2015-12-12 12:49 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-01-13 03:02 - 2015-12-12 12:44 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-01-13 03:02 - 2015-12-12 12:40 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-01-13 03:02 - 2015-12-12 12:39 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-01-13 03:02 - 2015-12-12 12:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-01-13 03:02 - 2015-12-12 12:37 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-01-13 03:02 - 2015-12-12 12:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-01-13 03:02 - 2015-12-12 12:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-01-13 03:02 - 2015-12-12 12:36 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-01-13 03:02 - 2015-12-12 12:36 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-01-13 03:02 - 2015-12-12 12:35 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-01-13 03:02 - 2015-12-12 12:31 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-01-13 03:02 - 2015-12-12 12:30 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-01-13 03:02 - 2015-12-12 12:28 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-01-13 03:02 - 2015-12-12 12:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-01-13 03:02 - 2015-12-12 12:27 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-01-13 03:02 - 2015-12-12 12:27 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-01-13 03:02 - 2015-12-12 12:25 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-01-13 03:02 - 2015-12-12 12:23 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-01-13 03:02 - 2015-12-12 12:22 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-01-13 03:02 - 2015-12-12 12:21 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-01-13 03:02 - 2015-12-12 12:19 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-01-13 03:02 - 2015-12-12 12:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-01-13 03:02 - 2015-12-12 12:12 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-01-13 03:02 - 2015-12-12 12:10 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-01-13 03:02 - 2015-12-12 12:10 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-01-13 03:02 - 2015-12-12 12:08 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-01-13 03:02 - 2015-12-12 12:06 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-01-13 03:02 - 2015-12-12 12:02 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-01-13 03:02 - 2015-12-12 12:00 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-01-13 03:02 - 2015-12-12 12:00 - 00687104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-01-13 03:02 - 2015-12-12 11:42 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-01-13 03:02 - 2015-12-12 11:36 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-01-13 03:01 - 2015-12-12 13:15 - 02887168 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-01-13 03:01 - 2015-12-12 13:07 - 06051328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-01-13 03:01 - 2015-12-12 13:02 - 20367360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-01-13 03:01 - 2015-12-12 12:33 - 02280448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-01-13 03:01 - 2015-12-12 12:20 - 02123264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-01-13 03:01 - 2015-12-12 12:18 - 14457856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-01-13 03:01 - 2015-12-12 12:09 - 04610560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-01-13 03:01 - 2015-12-12 12:00 - 12856320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-01-13 03:01 - 2015-12-12 12:00 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-01-13 03:01 - 2015-12-12 11:54 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-01-13 03:01 - 2015-12-12 11:41 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-01-13 03:01 - 2015-12-12 11:38 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-01-13 03:01 - 2015-12-08 16:53 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-01-13 03:01 - 2015-12-08 14:07 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-01-12 20:30 - 2016-01-12 20:30 - 03921263 _____ C:\Users\bcoverstone\Desktop\Savant PRICE LIST October 2015.pdf
2016-01-11 17:48 - 2015-04-10 23:37 - 00297408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-01-11 17:45 - 2014-12-12 20:49 - 00410624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2016-01-11 17:34 - 2014-09-26 21:12 - 00141760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msdsm.sys
2016-01-11 17:27 - 2012-06-06 00:20 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\Robocopy.exe
2016-01-11 17:27 - 2012-06-05 23:22 - 00101888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Robocopy.exe
2016-01-11 17:11 - 2011-07-06 00:22 - 00363904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volmgrx.sys
2016-01-11 17:10 - 2016-01-11 17:10 - 00000000 ____D C:\patch
2016-01-11 15:57 - 2016-01-11 15:57 - 00002554 _____ C:\Users\bcoverstone\Desktop\Windows 7 USB DVD Download Tool.lnk
2016-01-11 15:57 - 2016-01-11 15:57 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 USB DVD Download Tool
2016-01-11 15:57 - 2016-01-11 15:57 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\Apps\Windows 7 USB DVD Download Tool
2016-01-07 13:08 - 2016-01-07 13:44 - 00001481 _____ C:\Users\bcoverstone\Desktop\costs.txt
2016-01-06 15:38 - 2016-01-06 16:41 - 00003208 _____ C:\Users\bcoverstone\Desktop\IPs.txt
2015-12-29 15:36 - 2015-12-29 19:50 - 00001515 _____ C:\Users\bcoverstone\Desktop\VLAN.txt
2015-12-23 11:42 - 2015-12-23 11:42 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Logitech
2015-12-23 11:42 - 2015-12-23 11:42 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Logishrd
2015-12-18 12:54 - 2015-12-31 12:36 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Slack
2015-12-18 12:54 - 2015-12-18 12:54 - 00002100 _____ C:\Users\bcoverstone\Desktop\Slack.lnk
2015-12-18 12:54 - 2015-12-18 12:54 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Slack Technologies
2015-12-18 12:53 - 2015-12-18 12:54 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\SquirrelTemp
2015-12-18 12:53 - 2015-12-18 12:54 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\slack
2015-12-18 12:48 - 2015-12-18 12:48 - 00000000 ____D C:\Program Files (x86)\Slack Installer
2015-12-16 12:17 - 2015-12-18 12:51 - 00002471 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-16 12:17 - 2015-12-16 12:17 - 00002055 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-12-16 09:57 - 2015-12-16 09:57 - 00796864 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-16 09:57 - 2015-12-16 09:57 - 00142528 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-16 09:28 - 2015-12-16 09:28 - 00000143 _____ C:\Users\bcoverstone\.gitconfig

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-13 18:52 - 2011-04-07 14:32 - 00000000 ____D C:\Users\bcoverstone
2016-01-13 18:46 - 2009-07-13 22:20 - 00000000 ____D C:\Windows
2016-01-13 18:45 - 2011-12-12 13:18 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\Spotify
2016-01-13 18:44 - 2011-12-12 13:17 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\Spotify
2016-01-13 18:32 - 2011-04-07 17:28 - 00000104 _____ C:\Windows\system32\config\netlogon.ftl
2016-01-13 18:10 - 2012-02-09 17:12 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-01-13 18:10 - 2012-02-09 17:12 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-01-13 17:14 - 2015-05-13 19:09 - 00003888 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-13 17:12 - 2009-07-13 23:49 - 00015440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-01-13 17:12 - 2009-07-13 23:49 - 00015440 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-01-13 17:04 - 2011-05-13 10:42 - 25804800 _____ C:\Windows\system32\vmguest.iso
2016-01-13 17:04 - 2009-07-14 00:10 - 01192294 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-13 17:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2016-01-13 17:04 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\inf
2016-01-13 17:02 - 2009-07-13 23:49 - 00500896 _____ C:\Windows\system32\FNTCACHE.DAT
2016-01-13 16:55 - 2011-11-19 14:11 - 00065536 _____ C:\Windows\system32\Ikeext.etl
2016-01-13 16:55 - 2009-07-14 00:06 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-13 12:39 - 2014-09-24 13:22 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{AD0C7E31-52A0-43FB-9BA3-C2716EFC585C}
2016-01-13 03:30 - 2011-04-07 17:18 - 00000000 ____D C:\ProgramData\Microsoft Help
2016-01-13 03:28 - 2013-08-15 02:03 - 00000000 ____D C:\Windows\system32\MRT
2016-01-13 03:28 - 2012-12-06 12:07 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-01-13 03:14 - 2011-04-07 15:56 - 143671360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-01-13 03:12 - 2009-07-13 21:34 - 00000478 _____ C:\Windows\win.ini
2016-01-11 16:51 - 2011-04-07 14:32 - 00002502 __RSH C:\Users\bcoverstone\ntuser.pol
2016-01-11 16:50 - 2011-04-07 17:30 - 00018552 __RSH C:\ProgramData\ntuser.pol
2016-01-08 23:00 - 2011-06-21 11:47 - 00000442 _____ C:\Windows\Tasks\ShadowCopyVolume{ba50b2bb-6154-11e0-be1a-6cf049d2608b}.job
2016-01-08 12:56 - 2013-02-26 20:03 - 00001801 _____ C:\Users\bcoverstone\Last session bcoverstone.prj
2016-01-07 19:24 - 2013-06-03 17:05 - 00002259 _____ C:\Users\bcoverstone\.kdiff3rc
2016-01-07 19:23 - 2011-04-07 16:42 - 00000071 _____ C:\Windows\VBAddin.INI
2016-01-07 16:02 - 2015-11-05 18:36 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\CrashDumps
2016-01-07 10:24 - 2015-10-23 09:33 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\PCRecruiter
2016-01-06 17:14 - 2012-07-09 12:21 - 00000600 _____ C:\Users\bcoverstone\AppData\Local\PUTTY.RND
2016-01-06 16:54 - 2011-04-08 12:38 - 00002330 ____H C:\Users\bcoverstone\Documents\Default.rdp
2016-01-06 16:00 - 2011-04-28 12:01 - 00000000 ____D C:\Program Files\Debugging Tools for Windows (x64)
2016-01-05 17:48 - 2011-04-11 13:37 - 00000000 ____D C:\Users\bcoverstone\Documents\SQL Server Management Studio
2015-12-29 13:11 - 2015-08-17 15:28 - 00000000 ____D C:\Users\bcoverstone\Documents\Visual Studio 2015
2015-12-17 20:11 - 2015-08-28 16:26 - 00001676 _____ C:\Users\bcoverstone\Desktop\hyperv.txt
2015-12-16 12:38 - 2014-08-19 09:34 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\Adobe
2015-12-16 12:17 - 2015-09-21 15:51 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-12-16 09:29 - 2013-08-16 10:50 - 00000000 ____D C:\Users\bcoverstone\AppData\Roaming\GitHub
2015-12-16 09:29 - 2013-08-16 10:50 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\GitHub
2015-12-16 09:28 - 2011-04-19 16:02 - 00000000 ____D C:\Users\bcoverstone\AppData\Local\Deployment
2015-12-16 09:18 - 2011-09-27 17:53 - 00000000 ____D C:\Program Files (x86)\Telerik
2015-12-15 20:57 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache

==================== Files in the root of some directories =======

2015-10-31 16:29 - 2015-11-20 00:29 - 0000135 _____ () C:\Users\bcoverstone\AppData\Roaming\WB.CFG
2011-04-07 19:48 - 2011-04-07 19:48 - 0759060 _____ () C:\Users\bcoverstone\AppData\Local\dd_ADONETEntityFrameworkTools_enu_MSI3955.txt
2011-04-07 19:42 - 2011-04-07 19:42 - 0121612 _____ () C:\Users\bcoverstone\AppData\Local\dd_AspNetMVC2.msi34DE.txt
2011-04-07 19:44 - 2011-04-07 19:44 - 0598520 _____ () C:\Users\bcoverstone\AppData\Local\dd_CrystalReportsTemplates363C.txt
2014-05-08 14:46 - 2014-05-08 14:49 - 0504690 _____ () C:\Users\bcoverstone\AppData\Local\dd_CrystalReportsTemplates4AB1.txt
2011-04-07 19:46 - 2011-04-07 19:46 - 0162506 _____ () C:\Users\bcoverstone\AppData\Local\dd_DACFramework_MSI3871.txt
2011-04-07 19:47 - 2011-04-07 19:47 - 0388490 _____ () C:\Users\bcoverstone\AppData\Local\dd_DACProjectSystem_MSI3884.txt
2011-04-07 21:39 - 2011-04-07 22:00 - 0067032 _____ () C:\Users\bcoverstone\AppData\Local\dd_depcheck_NETFX_EXP_35.txt
2011-04-07 21:42 - 2014-02-06 19:44 - 0317313 _____ () C:\Users\bcoverstone\AppData\Local\dd_depcheck_VB_EXP_90.txt
2011-04-07 19:14 - 2014-05-08 14:46 - 0613867 _____ () C:\Users\bcoverstone\AppData\Local\dd_depcheck_VS_PRO_100.txt
2011-04-07 19:43 - 2011-04-07 19:43 - 0184512 _____ () C:\Users\bcoverstone\AppData\Local\dd_DotfuscatorCE_MSI361B.txt
2011-04-07 21:39 - 2011-04-07 22:08 - 0001086 _____ () C:\Users\bcoverstone\AppData\Local\dd_dotnetfx35error.txt
2011-04-07 21:39 - 2011-04-07 22:08 - 0117348 _____ () C:\Users\bcoverstone\AppData\Local\dd_dotnetfx35install.txt
2011-04-07 19:16 - 2011-04-07 19:17 - 0324992 _____ () C:\Users\bcoverstone\AppData\Local\dd_dw20shared_x86_msi218B.txt
2011-04-07 21:42 - 2011-04-07 22:14 - 0000950 _____ () C:\Users\bcoverstone\AppData\Local\dd_error_vb_xcor_90.txt
2011-04-07 19:14 - 2014-05-08 14:46 - 0000912 _____ () C:\Users\bcoverstone\AppData\Local\dd_error_vs_procore_100.txt
2011-04-07 22:08 - 2011-04-07 22:08 - 1167656 _____ () C:\Users\bcoverstone\AppData\Local\dd_ExpRemoteDbg_x64_MSI24EB.txt
2011-04-07 19:21 - 2011-04-07 19:21 - 0279288 _____ () C:\Users\bcoverstone\AppData\Local\dd_fsharpredist2.02548.txt
2011-04-07 19:48 - 2011-04-07 19:48 - 0322594 _____ () C:\Users\bcoverstone\AppData\Local\dd_HelpSetup_MSI39C4.txt
2011-04-21 16:48 - 2011-04-21 16:48 - 0645236 _____ () C:\Users\bcoverstone\AppData\Local\dd_HelpSetup_MSI75D3.txt
2011-04-21 16:48 - 2011-04-21 16:48 - 0011242 _____ () C:\Users\bcoverstone\AppData\Local\dd_HelpSetup_UI75D3.txt
2011-04-07 21:42 - 2014-02-06 19:44 - 1436856 _____ () C:\Users\bcoverstone\AppData\Local\dd_install_vb_xcor_90.txt
2011-04-07 19:14 - 2014-05-08 15:06 - 1681726 _____ () C:\Users\bcoverstone\AppData\Local\dd_install_vs_procore_100.txt
2011-04-07 19:22 - 2011-04-07 19:22 - 1217312 _____ () C:\Users\bcoverstone\AppData\Local\dd_netfx_dtp260C.txt
2011-04-07 19:21 - 2011-04-07 19:21 - 1449324 _____ () C:\Users\bcoverstone\AppData\Local\dd_PreReq_AMD64_MSI252D.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0359560 _____ () C:\Users\bcoverstone\AppData\Local\dd_ProviderServices_amd64_MSI3720.txt
2014-02-06 19:42 - 2014-02-06 19:42 - 0372840 _____ () C:\Users\bcoverstone\AppData\Local\dd_rdbgexp64_80MSI66AB.txt
2014-02-06 19:42 - 2014-02-06 19:42 - 0115988 _____ () C:\Users\bcoverstone\AppData\Local\dd_rdbgexp64_80UI66AB.txt
2011-04-07 19:46 - 2011-04-07 19:46 - 1569324 _____ () C:\Users\bcoverstone\AppData\Local\dd_SharedManagementObjects_MSI37C3.txt
2011-04-07 19:46 - 2011-04-07 19:46 - 2634394 _____ () C:\Users\bcoverstone\AppData\Local\dd_SharedManagementObjects_MSI381F.txt
2011-04-07 19:42 - 2011-04-07 19:42 - 1271566 _____ () C:\Users\bcoverstone\AppData\Local\dd_silverlight_sdk.msi351C.txt
2011-04-07 19:47 - 2011-04-07 19:47 - 1334016 _____ () C:\Users\bcoverstone\AppData\Local\dd_SpTools_x86_enu38AF.txt
2011-04-07 22:11 - 2011-04-07 22:11 - 0279340 _____ () C:\Users\bcoverstone\AppData\Local\dd_SQLCEToolsForVS2007_MSI26F2.txt
2011-04-07 19:44 - 2011-04-07 19:45 - 0172064 _____ () C:\Users\bcoverstone\AppData\Local\dd_SQLCEToolsForVS2007_MSI36F9.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0278936 _____ () C:\Users\bcoverstone\AppData\Local\dd_SqlPubWiz_14_msi375E.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0484432 _____ () C:\Users\bcoverstone\AppData\Local\dd_SQLSysClrTypes_msi3775.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0479730 _____ () C:\Users\bcoverstone\AppData\Local\dd_SQLSysClrTypes_msi3796.txt
2011-04-07 19:44 - 2011-04-07 19:44 - 0662146 _____ () C:\Users\bcoverstone\AppData\Local\dd_SSCERuntime_64_MSI36D8.txt
2011-04-07 19:44 - 2011-04-07 19:44 - 0684186 _____ () C:\Users\bcoverstone\AppData\Local\dd_SSCERuntime_MSI36B4.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0306892 _____ () C:\Users\bcoverstone\AppData\Local\dd_SyncFrameworkRuntime_amd64_MSI3706.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0926674 _____ () C:\Users\bcoverstone\AppData\Local\dd_SyncSDK_amd64_MSI3737.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0275292 _____ () C:\Users\bcoverstone\AppData\Local\dd_SyncServicesADO_amd64_MSI3713.txt
2011-04-07 19:22 - 2011-04-07 19:22 - 0402368 _____ () C:\Users\bcoverstone\AppData\Local\dd_TFS_ObjectModel_x64_MSI25B7.txt
2011-04-07 19:47 - 2011-04-07 19:47 - 0153546 _____ () C:\Users\bcoverstone\AppData\Local\dd_TSqlLanguageService_MSI3898.txt
2011-04-08 00:19 - 2011-04-08 00:19 - 0393480 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI0918.txt
2012-02-13 15:06 - 2012-02-13 15:07 - 0009986 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI1B0E.txt
2013-11-04 16:22 - 2013-11-04 16:23 - 0365676 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI1D9E.txt
2014-09-08 16:46 - 2014-09-08 16:46 - 0377036 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI305F.txt
2014-09-08 16:46 - 2014-09-08 16:46 - 0386428 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI306C.txt
2014-09-08 16:47 - 2014-09-08 16:47 - 0375456 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI316B.txt
2014-09-08 16:47 - 2014-09-08 16:47 - 0386686 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI3172.txt
2014-09-08 14:49 - 2014-09-08 14:49 - 0377402 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI56C6.txt
2014-09-08 14:49 - 2014-09-08 14:49 - 0388342 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI56D9.txt
2014-06-03 10:32 - 2014-06-03 10:34 - 0702018 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistMSI7733.txt
2011-04-08 00:19 - 2011-04-08 00:19 - 0011458 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI0918.txt
2012-02-13 15:06 - 2012-02-13 15:06 - 0011496 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI1B0E.txt
2012-02-13 15:06 - 2012-02-13 15:06 - 0010678 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI1B0F.txt
2013-11-04 16:22 - 2013-11-04 16:23 - 0012818 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI1D9E.txt
2014-09-08 16:46 - 2014-09-08 16:46 - 0011472 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI305F.txt
2014-09-08 16:46 - 2014-09-08 16:46 - 0011392 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI306C.txt
2014-09-08 16:47 - 2014-09-08 16:47 - 0011408 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI316B.txt
2014-09-08 16:47 - 2014-09-08 16:47 - 0011408 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI3172.txt
2014-09-08 14:49 - 2014-09-08 14:49 - 0011488 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI56C6.txt
2014-09-08 14:49 - 2014-09-08 14:49 - 0011472 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI56D9.txt
2014-06-03 10:32 - 2014-06-03 10:34 - 0015740 _____ () C:\Users\bcoverstone\AppData\Local\dd_vcredistUI7733.txt
2011-04-07 19:45 - 2011-04-07 19:45 - 0216446 _____ () C:\Users\bcoverstone\AppData\Local\dd_vc_designtime_x64_msi374B.txt
2011-04-07 21:59 - 2011-04-07 22:00 - 0409078 _____ () C:\Users\bcoverstone\AppData\Local\dd_VC_Red_MSI1E1E.txt
2011-04-07 19:17 - 2011-04-07 19:17 - 0410640 _____ () C:\Users\bcoverstone\AppData\Local\dd_VC_Red_MSI21A2.txt
2011-04-07 23:09 - 2011-04-07 23:09 - 0358414 _____ () C:\Users\bcoverstone\AppData\Local\dd_VC_Red_MSI53A8.txt
2011-04-07 19:17 - 2011-04-07 19:17 - 0235936 _____ () C:\Users\bcoverstone\AppData\Local\dd_vc_runtime_x64_msi2235.txt
2011-04-07 19:17 - 2011-04-07 19:17 - 0257500 _____ () C:\Users\bcoverstone\AppData\Local\dd_vc_runtime_x86_msi2207.txt
2011-04-07 19:41 - 2011-04-07 19:42 - 0384640 _____ () C:\Users\bcoverstone\AppData\Local\dd_VS2010ToolsMVC2.msi3452.txt
2011-04-07 19:22 - 2011-04-07 19:22 - 1623536 _____ () C:\Users\bcoverstone\AppData\Local\dd_vsa_env_msi258F.txt
2011-04-07 19:32 - 2011-04-07 19:40 - 47109552 _____ () C:\Users\bcoverstone\AppData\Local\dd_VSMsiLog2D7B.txt
2014-05-08 14:49 - 2014-05-08 14:54 - 31952642 _____ () C:\Users\bcoverstone\AppData\Local\dd_VSMsiLog4C9B.txt
2011-04-07 19:43 - 2011-04-07 19:43 - 2957440 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstodt40_x64.msi359F.txt
2014-05-08 16:10 - 2014-05-08 16:10 - 0573462 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64MSI0AE8.txt
2013-12-11 16:10 - 2013-12-11 16:10 - 1692352 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64MSI5EBE.txt
2014-08-07 13:57 - 2014-08-07 13:57 - 0965286 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64MSI6B1D.txt
2011-04-21 16:43 - 2011-04-21 16:45 - 2077462 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64MSI71D1.txt
2014-05-08 16:10 - 2014-05-08 16:10 - 0023684 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64UI0AE8.txt
2013-12-11 16:10 - 2013-12-11 16:10 - 0040418 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64UI5EBE.txt
2014-08-07 13:57 - 2014-08-07 13:57 - 0012186 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64UI6B1D.txt
2011-04-21 16:43 - 2011-04-21 16:45 - 0011306 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64UI71D1.txt
2011-04-07 19:42 - 2011-04-07 19:42 - 0742234 _____ () C:\Users\bcoverstone\AppData\Local\dd_vstor40_x64_msi3533.txt
2011-04-07 19:41 - 2011-04-07 19:41 - 0493040 _____ () C:\Users\bcoverstone\AppData\Local\dd_WebDeploy_x64_en-US.msi3434.txt
2011-04-07 22:08 - 2011-04-07 22:08 - 0205896 _____ () C:\Users\bcoverstone\AppData\Local\dd_WinSDK_ExpTools_x64_MSI24FB.txt
2011-04-07 23:09 - 2011-04-07 23:09 - 0239198 _____ () C:\Users\bcoverstone\AppData\Local\dd_WinSDK_ExpTools_x64_MSI53B2.txt
2011-04-07 22:08 - 2011-04-07 22:08 - 0195742 _____ () C:\Users\bcoverstone\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI2505.txt
2011-04-07 23:09 - 2011-04-07 23:09 - 0194472 _____ () C:\Users\bcoverstone\AppData\Local\dd_WinSDK_Win32ExpTools_x64_MSI53BF.txt
2015-12-03 13:09 - 2015-12-03 13:09 - 0000000 _____ () C:\Users\bcoverstone\AppData\Local\debuggee.mdmp
2012-01-11 14:31 - 2012-01-11 14:47 - 0000870 _____ () C:\Users\bcoverstone\AppData\Local\DTAM.localsec.dat
2012-12-04 16:39 - 2012-12-04 16:39 - 0000036 _____ () C:\Users\bcoverstone\AppData\Local\housecall.guid.cache
2012-07-09 12:21 - 2016-01-06 17:14 - 0000600 _____ () C:\Users\bcoverstone\AppData\Local\PUTTY.RND
2012-07-03 11:37 - 2012-07-03 11:37 - 0000218 _____ () C:\Users\bcoverstone\AppData\Local\recently-used.xbel
2011-04-08 12:29 - 2015-12-02 15:51 - 0007670 _____ () C:\Users\bcoverstone\AppData\Local\resmon.resmoncfg
2013-12-27 17:17 - 2013-12-27 17:18 - 0032768 _____ () C:\Users\bcoverstone\AppData\Local\SqlCe35AddinStore.sdf
2011-04-07 19:14 - 2014-05-08 15:06 - 0146828 _____ () C:\Users\bcoverstone\AppData\Local\uxeventlog.txt
2011-04-07 22:08 - 2011-04-07 22:11 - 9706292 _____ () C:\Users\bcoverstone\AppData\Local\VSMsiLog2515.txt
2011-04-07 23:09 - 2011-04-07 23:10 - 10022946 _____ () C:\Users\bcoverstone\AppData\Local\VSMsiLog53C9.txt
2014-02-06 19:44 - 2014-02-06 19:44 - 5840308 _____ () C:\Users\bcoverstone\AppData\Local\VSMsiLog680F.txt
2011-09-20 19:07 - 2012-09-14 13:10 - 0000144 _____ () C:\Users\bcoverstone\AppData\Local\xobni_installer_updater.log

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Windows\system64

LastRegBack: 2016-01-09 00:35

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 AM

Posted 15 January 2016 - 02:04 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Temporary files in a \Temp or \tmp folders are created by the programs you used.
While the program is in use you cannot delete them.
If after you have closed the problem and have restarted by computer you should be able to delete all of them.
===


Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset catalog

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S3 atashost; "C:\Windows\SysWOW64\atashost.exe" [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
NETSVC: R300 -> no filepath.
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32
AlternateDataStreams: C:\Users\bcoverstone\Documents\Altigen_MST_Testing.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\AmericanExpressDisputeEF63652.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ArchitetureGoals.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPInventory.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPModuleUpdateProcedure.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPSecurity.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPWindowPatchStatus.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Billing2005120100001.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\BusinessCards.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Cisco-NPE225-Defective.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\cisco_asp_questions_final.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\CodePresentationSeparation.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Coverstone_Interrogatory.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\dotNET Procedures.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ExactTarget integration.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Exhibit 4 to the WorldBridge.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Invention.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\kerberos.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\KeywordV3.vsd:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MadisonHouse.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MAIN SEQUENCE IOR PROJECT TECHNICAL MODULE INFORMATION.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Main_Sequence_Feedback(1)cisco2.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MartinFletcher.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MartinFletchSlowdown.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MRI_IOR_Documentation.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MSTMissionStatementQuestionnaire.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MultiDatabaseSearch.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\NEC SoftPhone Proposal.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\OFCCP Internet Applicant Recordkeeping Rule.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\OFCCP.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PassportIntention.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCR Socket replacement module with SSL.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRecruiter Thick Client IOR Notes.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRRecordSecurity.vsd:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRServerSpecs.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PO-12736-Altigen.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PO-Blank.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Q-ventis Idea Working List.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\tvcheck.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\WIKI.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\~WRL0001.tmp:CscBitmapStream

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please post the log and let me know if the problem persists.

p.s.
Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

You can manually check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

Be careful not to install malware posing as Java update!
Important read this blog.
http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/

Quoted from the page.
"In light of the recent events surrounding Java, users must seriously consider their use of Java. Do they really need it? If yes, make sure that users follow the steps we recommended and get the security update directly from the official oracle website." at:
http://www.oracle.com/technetwork/java/javase/downloads/index.html

How to disable Java in your browsers
http://www.infoworld.com/t/web-browsers/how-disable-java-in-your-browsers-210882


If present remove the old version(s) of Java using the Control Panel > Programs and Features applet.
Java 7 Update 80 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417080FF}) (Version: 7.0.800 - Oracle)
Java SE Development Kit 7 Update 80 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170800}) (Version: 1.7.0.800 - Oracle)

#3 Brain2000

Brain2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 15 January 2016 - 04:39 PM

Thank you for the reply.  I ran the FIX as posted, below are the results.  I can't remove the version of Java just yet as we are still using that to compile.  Plans are in the works to move to version 8 soon.

Even when a file is in use, I'm able to take ownership of the file as the local admin.  Besides having a strange filename, not being able to even read the file permissions alerted me that something wasn't right.

 

I don't see any files in the temp folder at the moment, but they were random anyways.  I will keep an eye out should they occur again.

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by bcoverstone (2016-01-15 15:27:45) Run:1
Running from D:\
Loaded Profiles: bcoverstone (Available Profiles: bcoverstone & COVERSTONE_SP & root & MSSQLSERVER & Classic .NET AppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

EmptyTemp:
CloseProcesses:
cmd: netsh winsock reset catalog

GroupPolicyScripts: Restriction <======= ATTENTION
GroupPolicyScripts\User: Restriction <======= ATTENTION
Winsock: Catalog5 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 03 mswsock.dll No File ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
S3 atashost; "C:\Windows\SysWOW64\atashost.exe" [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotDev; system32\DRIVERS\motodrv.sys [X]
NETSVC: R300 -> no filepath.
AlternateDataStreams: C:\ProgramData\TEMP:07BF512B
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2
AlternateDataStreams: C:\ProgramData\TEMP:F8D65F32
AlternateDataStreams: C:\Users\bcoverstone\Documents\Altigen_MST_Testing.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\AmericanExpressDisputeEF63652.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ArchitetureGoals.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPInventory.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPModuleUpdateProcedure.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPSecurity.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ASPWindowPatchStatus.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Billing2005120100001.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\BusinessCards.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Cisco-NPE225-Defective.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\cisco_asp_questions_final.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\CodePresentationSeparation.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Coverstone_Interrogatory.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\dotNET Procedures.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\ExactTarget integration.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Exhibit 4 to the WorldBridge.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Invention.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\kerberos.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\KeywordV3.vsd:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MadisonHouse.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MAIN SEQUENCE IOR PROJECT TECHNICAL MODULE INFORMATION.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Main_Sequence_Feedback(1)cisco2.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MartinFletcher.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MartinFletchSlowdown.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MRI_IOR_Documentation.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MSTMissionStatementQuestionnaire.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\MultiDatabaseSearch.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\NEC SoftPhone Proposal.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\OFCCP Internet Applicant Recordkeeping Rule.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\OFCCP.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PassportIntention.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCR Socket replacement module with SSL.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRecruiter Thick Client IOR Notes.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRRecordSecurity.vsd:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PCRServerSpecs.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PO-12736-Altigen.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\PO-Blank.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\Q-ventis Idea Working List.xls:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\tvcheck.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\WIKI.doc:CscBitmapStream
AlternateDataStreams: C:\Users\bcoverstone\Documents\~WRL0001.tmp:CscBitmapStream

End
*****************

Processes closed successfully.

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

C:\Windows\system32\GroupPolicy\Machine => moved successfully
C:\Windows\system32\GroupPolicy\GPT.ini => moved successfully
C:\Windows\system32\GroupPolicy\User => moved successfully
Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5-x64 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5-x64 000000000003\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
atashost => service removed successfully
AODDriver4.2.0 => service removed successfully
motandroidusb => service removed successfully
motccgp => service removed successfully
motccgpfl => service removed successfully
MotDev => service removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs R300 => removed successfully
C:\ProgramData\TEMP => ":07BF512B" ADS removed successfully.
C:\ProgramData\TEMP => ":DFC5A2B2" ADS removed successfully.
C:\ProgramData\TEMP => ":F8D65F32" ADS removed successfully.
C:\Users\bcoverstone\Documents\Altigen_MST_Testing.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\AmericanExpressDisputeEF63652.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ArchitetureGoals.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ASPInventory.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ASPModuleUpdateProcedure.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ASPSecurity.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ASPWindowPatchStatus.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Billing2005120100001.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\BusinessCards.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Cisco-NPE225-Defective.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\cisco_asp_questions_final.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\CodePresentationSeparation.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Coverstone_Interrogatory.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\dotNET Procedures.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\ExactTarget integration.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Exhibit 4 to the WorldBridge.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Invention.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\kerberos.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\KeywordV3.vsd => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MadisonHouse.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MAIN SEQUENCE IOR PROJECT TECHNICAL MODULE INFORMATION.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Main_Sequence_Feedback(1)cisco2.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MartinFletcher.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MartinFletchSlowdown.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MRI_IOR_Documentation.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MSTMissionStatementQuestionnaire.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\MultiDatabaseSearch.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\NEC SoftPhone Proposal.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\OFCCP Internet Applicant Recordkeeping Rule.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\OFCCP.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PassportIntention.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PCR Socket replacement module with SSL.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PCRecruiter Thick Client IOR Notes.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PCRRecordSecurity.vsd => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PCRServerSpecs.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PO-12736-Altigen.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\PO-Blank.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\Q-ventis Idea Working List.xls => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\tvcheck.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\WIKI.doc => ":CscBitmapStream" ADS removed successfully.
C:\Users\bcoverstone\Documents\~WRL0001.tmp => ":CscBitmapStream" ADS removed successfully.
EmptyTemp: => 7 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 15:29:31 ====



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 AM

Posted 16 January 2016 - 09:18 AM

You can test this program and find out if you can use it to remove the files in the \temp folders.

Download to your Desktop the Junkware Removal Tool Download from this link.
http://www.bleepingcomputer.com/download/junkware-removal-tool/

Shutdown your antivirus to avoid any conflicts.
Right click the icon - disable for say 20 mins.
Right-mouse click JRT.exe and select Run as administrator (If using XP just double click on the icon to run it.)
The tool will open and start scanning your system.
Please be patient as this can take a while to complete.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.
======

#5 Brain2000

Brain2000
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:51 AM

Posted 18 January 2016 - 11:53 AM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows Server 2008 R2 Datacenter x64
Ran by bcoverstone (Administrator) on Mon 01/18/2016 at 11:50:41.17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 9

Failed to delete: C:\Windows\system32\dds_trash_log.cmd (File)
Successfully deleted: C:\Users\bcoverstone\AppData\Roaming\download manager (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Roaming\getrighttogo (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Roaming\Mozilla\Firefox\Profiles\8bg4loct.default\extensions\staged (Folder)
Successfully deleted: C:\Users\bcoverstone\Documents\add-in express (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\73K6NH57 (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R2VT4HFK (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RDEGXNZO (Folder)
Successfully deleted: C:\Users\bcoverstone\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RVPT56CJ (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 01/18/2016 at 11:52:46.36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 AM

Posted 19 January 2016 - 08:43 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:51 AM

Posted 25 January 2016 - 09:22 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users