Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit/Bootkit, Many Known & Unknown Remote Connections


  • This topic is locked This topic is locked
17 replies to this topic

#1 Caramello222

Caramello222

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 06 February 2016 - 06:24 PM

HP Pavilion 20-b313w All-in-one desktop

OS Windows 8 would like to upgrade back to my Windows 8.1

Scroll to 1st reply for Scans & Results

 

I have a serious problem, after a thorough reset I still have malware on my computer. Since I can't make heads or tales of what is malicious and what is not I will try my best to detail my suspicions. After the thorough reset I noticed in control panel uninstall programs there were 3 programs that were already updated without me connecting back to the internet and running Microsoft and HP updates. The items were Microsoft Visual C++ 2012 Redistributable (x64) and (x86), the third was Cyberlink You Cam. They were both dated the same day I did the thorough reset, and I'm 100% sure I wasn't connected to the internet during the reset and I didn't reconnect before I discovered those updated programs. From there I went to 'installed updates' and I saw three updates 2 Microsoft Visual C++ 2012 the (x86) had no version or publisher and the (x64) had that info but the language in the detail tab was Language: Language Neutral the other installed update was Microsoft Camera Codec and that was missing publisher and version info. I uninstalled them but now the C++ 2010s are in that spot with the same info problem the camera codec didn't come back.

Attached File  Funky1.PNG   10.93KB   0 downloads

 

I also have DLLs and EXEs with funky looking detail tabs. The range from 'Language: Language Neutral', 'Language: Chinese (Traditional, Taiwan)', misspelling, and just simple lack of info, and WTF. I've found them in CyberLink DLLs & EXEs, Realtek, AMD Catalist Control and AMD had a lot of relocated DLLs when I viewed the CCC.exe MOM.exe in process explorer dll view. Process Explorer has also flagged dnsapi.dll and apphelp.dll as malware.

Attached File  Funky3.PNG   11.48KB   0 downloads

Attached File  Funky4.PNG   9.14KB   0 downloads

Attached File  Funky6.PNG   12.08KB   0 downloads

I also have multiple ARPPRODUCTICON.exe in different folders located C:\Windows\installer\{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}. The installer folder is hidden and there are multiple folders with the same long line of numbers and letters. Some of the icons are amd catalyst, enegrystar, the installer symbol, or a long line of numbers and letters. The items in temp folder located C:\Users\Floretta\AppData\Local\Temp are always changing, just like in the install folder I found multiple uninstall.exe and they all had the icon for HP's Wild Tangent games which I already uninstalled from my computer through control panel uninstall programs, I knew they were fake so I deleted them and I haven't seen them since but there is something in that folder that is coping itself to look like legit apps I have saved in other areas of my computer. Like process explorer and rootkitrevealer, there are 6 files like this ~DFFE6A9A893A88C0DF.TMP that are sometimes visible in that folder and sometimes they aren't, and know I have 2 new folders {5D428683-EBE0-444F-B475-4AA72F995AEF} &  {E425F0E9-D575-4D0B-A3F1-BC9A0CB57651} that deny my access.

The insanity continues on with Process Explorer's TCP/IP view of programs running, multiple programs are being exploited by 'fr.a2dfp net', cloudfront, compute amazon, and unknown *:*. It gets really bad when I use soundcloud com or my windows media player.

Attached File  SndCrazy.PNG   54.55KB   0 downloads                                                                                                      Attached File  SndCrazy2.PNG   36.65KB   0 downloads

 

If the information above is not enough please let me know, I will also structure it to your liking so that it's easier for you to read through. Helping you helps me. Thank you for your time.


Edited by Caramello222, 06 February 2016 - 06:35 PM.


BC AdBot (Login to Remove)

 


#2 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 06 February 2016 - 08:49 PM

First a list of all the scans used that came up empty, then the required Farbar scans, and then my independent use of other scanners that detected and removed and last other scanners I downloaded but have not installed and used.

    ESET AvRemover_nt64_enu & AVG_Remover - Both Downloaded But Not Installed

1) Norton Internet Security (free trial came with computer 48 days remaining) It did block 4 cookies and a VBScript - 0 Threats - Installed

2) Norton Power Eraser - 0 Threats - Installed

3) McAfee Anti-Virus - 0 Threats -  Uninstalled

4) BitDefender Anti-Virus - Blocked VBScript & some other stuff - 0 Threats - Uninstalled

5) BitDefender Downadup - 0 Threats - Deleted

6) Kaspersky Tdss Killer - 0 Threats - Deleted

7) AVG Anti-Virus - 0 Threats - Uninstalled

8) Anvisoft - 0 Threats - Uninstalled

9) Avast - 0 Threats - Uninstalled

10) Emisisoft Emergency Kit - 0 Threats - Installed

11) Malwarebytes Anti-Virus - 0 Threats - Installed

12) Hitman Pro - 0 Threats - Installed

13) AdwCleaner by Explode - 0 Threats - Installed

14) Eset Nod32 Anti-Virus - 0 Threats - Unstalled

15) Eset Sirefef Cleaner - 0 Threats - Installed

16) Sc-cleaner - 0 Threats - Installed

17) Rem-vbsworm - 0 Threats - Installed

18) Sophos Virus Remover Tool - 0 Threats - Installed

19) RKill - 0 Precesses - Installed

20) Super Anti-Spyware - 0 Threats - Installed

 

 

Farbar 64: - Installed

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-01-2016
Ran by Floretta (administrator) on LA-LA-LOOPSY (06-02-2016 18:27:10)
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
(AppEx Networks Corporation) C:\Program Files\AMD Quick Stream\AMDQuickStream.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\nis.exe
(Sysinternals - www.sysinternals.com) C:\Users\Floretta\Desktop\sysinternalssuite\procexp.exe
(Sysinternals - www.sysinternals.com) C:\Users\Floretta\AppData\Local\Temp\procexp64.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes

Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced

Micro Devices, Inc.)
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[7935904 2016-01-21] (SUPERAntiSpyware)
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\Run: [AppEx Accelerator UI] => C:\Program Files\AMD Quick Stream\AMDQuickStream.exe

[482528 2014-03-31] (AppEx Networks Corporation)
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype

Technologies S.A.)
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Internet Security

\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Internet Security

\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Internet Security

\Engine64\22.5.5.15\buShell.dll [2015-11-05] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2016-02-01]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{DF33D3CC-1945-422D-B584-5065B1A9E949}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main,Start Page =

hxxp://www.microsoft.com/security/portal/threat/threats.aspx
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F

%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F

%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-3549846101-1897986340-1759491497-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =

hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security

\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources

\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine

\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security

\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine

\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3549846101-1897986340-1759491497-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files

(x86)\Norton Internet Security\Engine64\22.5.5.15\coIEPlg.dll [2015-11-05] (Symantec Corporation)

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12]

(Microsoft Corporation)
FF Plugin HKU\S-1-5-21-3549846101-1897986340-1759491497-1001: anvisoft.com/AdblockPlugin -> C:\ProgramData\Anvisoft\Anvi Smart Defender

2\extensions\npAdblockPlugin.dll [No File]
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_22.5.4.24\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_22.5.4.24\coFFAddon [2016-01-27]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-

85EF591126E7}\NIS_22.5.4.24\coFFAddon

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts

\Chrome.crx [2016-01-25]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\Exts

\Chrome.crx [2016-01-25]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lhmiofmipcpmhgihiecmpiekcacigpgb] - C:\ProgramData\Anvisoft\Anvi Smart Defender 2\extensions\chrome.crx <not

found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-04-17] (Advanced Micro Devices, Inc.) [File

not signed]
S4 AnviCsbSvc; C:\Program Files (x86)\Anvisoft\Cloud System Booster\CSBSvc.exe [42768 2015-04-27] (Anvisoft)
R2 CLHNServiceForPowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe [89864 2013-06-28]

(CyberLink Corp.)
S4 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe

[77576 2013-06-28] (CyberLink)
S4 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [294664 2013-06-28]

(CyberLink)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26168

2015-12-20] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\22.5.5.15\NIS.exe [282016 2015-11-20] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-19] (Realtek Semiconductor)
S4 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1572056 2015-12-01] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [839384 2015-12-01] (Secunia)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2015-07-06] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [228032 2014-08-08] (AppEx Networks Corporation)
S3 bbwfp; C:\Program Files (x86)\Anvisoft\Cloud System Booster\wfp\x64\BBWFP.sys [40720 2015-03-24] (Anvisoft)
R3 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\BASHDefs\20160125.001\BHDrvx64.sys [1665608 2016-

01-19] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1605050.00F\ccSetx64.sys [173808 2015-09-23] (Symantec Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3265256 2013-04-09] (Broadcom Corporation)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-11-12] (Symantec Corporation)
R1 epp; C:\EEK\bin64\epp.sys [123992 2015-10-23] (Emsisoft Ltd)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-01-24] (Symantec

Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\IPSDefs\20160205.001\IDSvia64.sys [767224 2016-01

-25] (Symantec Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160206.002\ENG64.SYS [138488 2015-10-16]

(Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\22.5.4.24\Definitions\VirusDefs\20160206.002\EX64.SYS [2148080 2015-10-

16] (Symantec Corporation)
S4 ntk_PowerDVD12; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\ntk_PowerDVD12_64.sys [84168 2013-03-12] (Cyberlink Corp.)
S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2015-12-01] (Secunia)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [288840 2013-05-16] (Realtek Semiconductor Corp.)
S4 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S4 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1605050.00F\SRTSP64.SYS [928496 2015-11-11] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1605050.00F\SRTSPX64.SYS [50936 2015-09-23] (Symantec Corporation)
R3 SymEFASI; C:\Windows\system32\drivers\NISx64\1605050.00F\SYMEFASI64.SYS [1621232 2015-11-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NISx64\1605050.00F\SymELAM.sys [24192 2015-09-23] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-01-25] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1605050.00F\Ironx64.SYS [297720 2015-09-23] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1605050.00F\SYMNETS.SYS [577768 2015-11-11] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\Drivers\TrueSight.sys [24688 2016-01-29] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-06] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [281944 2015-07-06] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 18:26 - 2016-02-06 18:26 - 00003624 _____ C:\Users\Floretta\Desktop\bleep1.txt
2016-02-06 15:57 - 2016-02-06 15:57 - 00000119 _____ C:\Users\Floretta\Desktop\dumb.txt
2016-02-05 18:29 - 2016-02-05 18:29 - 00000000 ____D C:\WINDOWS\Minidump
2016-02-04 23:26 - 2016-02-04 23:26 - 00000698 _____ C:\EEK,
2016-02-04 21:37 - 2016-02-04 21:37 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-02-04 21:37 - 2016-02-04 21:37 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\AVAST Software
2016-02-04 21:35 - 2016-02-04 21:35 - 00000000 ____D C:\Program Files\AVAST Software
2016-02-04 21:32 - 2016-02-04 21:32 - 00000000 ____D C:\ProgramData\AVAST Software
2016-02-04 21:26 - 2016-02-05 15:36 - 00000000 ____D C:\ProgramData\Sophos
2016-02-04 21:04 - 2016-02-04 21:04 - 05200384 _____ (AVAST Software) C:\Users\Floretta\Desktop\aswmbr.exe
2016-02-04 21:03 - 2016-02-04 21:03 - 00380416 _____ C:\Users\Floretta\Desktop\jxwkfpvs.exe
2016-02-04 20:10 - 2016-02-04 20:14 - 00218820 _____ C:\TDSSKiller.3.1.0.9_04.02.2016_20.10.24_log.txt
2016-02-04 20:09 - 2016-02-04 20:10 - 00080514 _____ C:\TDSSKiller.3.1.0.9_04.02.2016_20.09.28_log.txt
2016-02-04 20:08 - 2016-02-04 20:09 - 00016950 _____ C:\TDSSKiller.3.1.0.9_04.02.2016_20.08.24_log.txt
2016-02-04 17:56 - 2016-02-04 18:15 - 00000571 _____ C:\Users\Floretta\Desktop\Suspects1.txt
2016-02-04 11:48 - 2016-02-05 01:18 - 06813114 _____ C:\WINDOWS\ntbtlog.txt
2016-02-03 23:36 - 2016-02-04 21:45 - 00003292 _____ C:\WINDOWS\System32\Tasks\ASD_Main
2016-02-03 23:36 - 2016-02-03 23:36 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-02-03 23:36 - 2015-09-16 17:52 - 00051608 _____ (Anvisoft) C:\WINDOWS\system32\Drivers\asd2fsm.sys
2016-02-03 23:35 - 2016-02-03 23:35 - 00000000 ____D C:\ProgramData\Anvisoft
2016-02-03 23:01 - 2016-02-03 23:01 - 00000000 ____D C:\SUPERDelete
2016-02-03 22:49 - 2016-01-14 17:24 - 00033456 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-02-03 22:49 - 2016-01-14 16:54 - 00696320 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-03 22:49 - 2016-01-14 16:54 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-03 22:49 - 2016-01-14 16:54 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-03 22:49 - 2016-01-14 16:53 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-03 22:49 - 2016-01-14 16:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-03 22:49 - 2016-01-09 20:43 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-02 00:05 - 2016-02-03 16:39 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\Skype
2016-02-02 00:05 - 2016-02-02 00:05 - 00000000 ____D C:\Users\Floretta\AppData\Local\Skype
2016-02-02 00:04 - 2016-02-02 00:05 - 00000000 ____D C:\ProgramData\Skype
2016-02-02 00:04 - 2016-02-02 00:04 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2016-02-02 00:04 - 2016-02-02 00:04 - 00000000 ___RD C:\Program Files (x86)\Skype
2016-02-02 00:04 - 2016-02-02 00:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-02-01 23:10 - 2016-02-01 23:10 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2016-02-01 23:10 - 2016-02-01 23:10 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-02-01 00:21 - 2016-02-01 00:21 - 05066104 _____ (AVAST Software) C:\Users\Floretta\Desktop\avast_free_antivirus_setup_online_cnet2.exe
2016-02-01 00:19 - 2016-02-01 00:19 - 02838216 _____ (ESET) C:\Users\Floretta\Desktop\eset_nod32_antivirus_live_installer.exe
2016-02-01 00:15 - 2016-02-01 00:15 - 00002057 _____ C:\Users\Floretta\Desktop\HowToRemove.rtf - Shortcut.lnk
2016-02-01 00:15 - 2016-02-01 00:15 - 00002020 _____ C:\Users\Floretta\Desktop\S&D List.rtf - Shortcut.lnk
2016-01-31 23:39 - 2016-01-31 23:39 - 11411768 _____ (ESET) C:\Users\Floretta\Desktop\avremover_nt64_enu.exe
2016-01-31 22:22 - 2016-01-31 22:30 - 00000548 _____ C:\Users\Floretta\Desktop\Restore.txt
2016-01-31 22:10 - 2016-02-01 00:16 - 00007210 _____ C:\Users\Floretta\Desktop\Disable.txt
2016-01-31 01:42 - 2016-02-01 00:16 - 00006420 _____ C:\Users\Floretta\Desktop\Uninstall (2).txt
2016-01-31 01:13 - 2016-01-31 01:13 - 00000000 ____D C:\WINDOWS\Hotfix
2016-01-31 01:12 - 2016-01-31 01:12 - 24503152 _____ (Microsoft Corporation) C:\Users\Floretta\Desktop\SQLServer2005-KB933508-x64-ENU.exe
2016-01-31 00:27 - 2016-01-31 00:28 - 144229256 _____ (Sophos Limited) C:\Users\Floretta\Desktop\Sophos Virus Removal Tool.exe
2016-01-30 23:41 - 2016-01-30 23:41 - 00001429 _____ C:\Users\Floretta\Desktop\ESETSirefefCleaner.exe_20160130.234134.2796.zip
2016-01-30 23:40 - 2016-01-30 23:40 - 00005638 _____ C:\Users\Floretta\Desktop\ComScan.txt
2016-01-30 23:06 - 2016-01-30 23:06 - 00000516 _____ C:\Users\Floretta\Desktop\Search4.txt
2016-01-30 11:36 - 2016-01-30 11:36 - 00000000 ____D C:\Users\Floretta\AppData\Local\AppEx Networks
2016-01-29 21:57 - 2016-01-29 21:57 - 00000000 ____D C:\Users\Floretta\AppData\Local\AMD
2016-01-29 21:56 - 2016-01-29 21:56 - 00000000 ____D C:\ProgramData\ATI
2016-01-29 21:55 - 2016-01-29 21:56 - 00000000 ____D C:\Program Files\AMD Quick Stream
2016-01-29 21:55 - 2016-01-29 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2016-01-29 21:55 - 2016-01-29 21:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-01-29 21:55 - 2016-01-29 21:55 - 00000000 ____D C:\Program Files (x86)\AMD AVT
2016-01-29 21:55 - 2014-08-08 01:31 - 00228032 _____ (AppEx Networks Corporation) C:\WINDOWS\system32\Drivers\appexDrv.sys
2016-01-29 21:54 - 2016-01-29 21:55 - 00000000 ____D C:\ProgramData\AMD
2016-01-29 21:46 - 2016-01-29 21:46 - 00000000 ____D C:\Program Files\AMD
2016-01-29 21:38 - 2016-01-29 21:55 - 00000000 ____D C:\Program Files\ATI Technologies
2016-01-29 21:35 - 2016-01-29 21:35 - 00000000 ____D C:\AMD
2016-01-29 21:26 - 2016-01-29 21:26 - 04952336 _____ (Advanced Micro Devices, Inc.) C:\Users\Floretta\Desktop\autodetectutility.exe
2016-01-29 20:42 - 2016-01-29 20:44 - 00213624 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_20.42.04_log.txt
2016-01-29 20:33 - 2016-01-29 20:33 - 00000560 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_20.33.18_log.txt
2016-01-29 18:58 - 2016-01-29 18:58 - 00000783 _____ C:\Users\Floretta\Desktop\Search3.txt
2016-01-29 18:11 - 2016-01-29 19:17 - 00001706 _____ C:\Users\Floretta\Desktop\Search2.txt
2016-01-29 17:36 - 2016-01-29 17:39 - 00007042 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_17.36.10_log.txt
2016-01-29 17:34 - 2016-01-29 17:34 - 00000000 ____D C:\TDSSKiller_Quarantine
2016-01-29 17:31 - 2016-01-29 17:34 - 00216458 _____ C:\TDSSKiller.3.1.0.9_29.01.2016_17.31.08_log.txt
2016-01-29 17:27 - 2016-01-29 17:27 - 00001068 _____ C:\Users\Floretta\Desktop\JRT2.txt
2016-01-29 17:19 - 2016-01-29 17:19 - 00000000 _____ C:\Users\Floretta\defogger_reenable
2016-01-29 17:10 - 2016-01-29 17:10 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\SUPERAntiSpyware.com
2016-01-29 17:09 - 2016-01-31 00:00 - 00001972 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-01-29 17:09 - 2016-01-29 17:10 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-01-29 17:09 - 2016-01-29 17:09 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-01-29 17:09 - 2016-01-29 17:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-01-29 17:04 - 2016-01-29 17:04 - 06265120 _____ (Carifred) C:\Users\Floretta\Desktop\UVKSetup.exe
2016-01-29 16:20 - 2016-01-29 16:20 - 00430280 _____ (ESET) C:\Users\Floretta\Desktop\ESETSirefefCleaner.exe
2016-01-29 16:07 - 2016-01-29 16:07 - 00050477 _____ C:\Users\Floretta\Desktop\Defogger.exe
2016-01-29 16:03 - 2016-01-29 21:00 - 00390776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\Drivers\TrufosAlt.sys
2016-01-29 15:58 - 2016-01-29 15:58 - 00001584 _____ C:\JRT1.txt
2016-01-29 15:57 - 2016-01-29 17:27 - 00001068 _____ C:\Users\Floretta\Desktop\JRT.txt
2016-01-29 14:55 - 2016-01-29 14:55 - 00003078 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
2016-01-29 14:55 - 2016-01-29 14:55 - 00000000 ____D C:\ProgramData\Panda Security
2016-01-29 14:55 - 2016-01-29 14:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
2016-01-29 14:55 - 2016-01-29 14:55 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine
2016-01-29 14:49 - 2016-01-29 14:57 - 00000000 ____D C:\Rem-VBSqt
2016-01-29 14:00 - 2016-01-29 14:07 - 00000000 ____D C:\AVG_Remover
2016-01-29 14:00 - 2016-01-29 14:00 - 07814344 _____ ( ) C:\Users\Floretta\Desktop\AVG_Remover.exe
2016-01-29 13:59 - 2016-01-29 13:59 - 00865272 _____ (Panda Security ) C:\Users\Floretta\Desktop\usbvaccine.exe
2016-01-29 13:56 - 2016-01-29 13:56 - 00105472 _____ (bartblaze) C:\Users\Floretta\Desktop\rem-vbsworm.exe
2016-01-29 10:53 - 2016-01-29 10:53 - 00321611 _____ C:\Users\Floretta\Desktop\CleanUp3.txt
2016-01-28 18:34 - 2016-01-28 18:34 - 06554576 _____ (Microsoft Corporation) C:\Users\Floretta\Desktop\vcredist_x86.exe
2016-01-28 18:33 - 2016-01-28 18:33 - 07186992 _____ (Microsoft Corporation) C:\Users\Floretta\Desktop\vcredist_x64.exe
2016-01-28 00:56 - 2016-01-28 00:56 - 01507840 _____ C:\Users\Floretta\Desktop\adwcleaner_5.031.exe
2016-01-27 23:22 - 2016-01-27 23:22 - 00003477 _____ C:\Users\Floretta\Desktop\CleanUp2.txt
2016-01-27 23:21 - 2016-01-27 23:21 - 00002094 _____ C:\Users\Floretta\Desktop\RegBoost2.txt
2016-01-27 23:03 - 2016-01-27 23:03 - 00696616 _____ C:\Users\Floretta\Desktop\CleanUp1.txt
2016-01-27 21:52 - 2016-01-27 21:52 - 00071079 _____ C:\Users\Floretta\Desktop\RegBoost1.txt
2016-01-27 21:14 - 2016-01-27 21:14 - 00000913 _____ C:\Users\Floretta\Desktop\OptReport1.txt
2016-01-27 20:23 - 2016-02-04 16:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft
2016-01-27 20:23 - 2016-02-04 16:09 - 00000000 ____D C:\Program Files (x86)\Anvisoft
2016-01-27 20:23 - 2016-01-27 20:23 - 00001243 _____ C:\Users\Public\Desktop\Cloud System Booster.lnk
2016-01-27 20:07 - 2016-01-29 14:05 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\AVG
2016-01-27 20:01 - 2016-01-29 14:05 - 00000000 ____D C:\ProgramData\Avg
2016-01-27 19:59 - 2016-01-29 14:07 - 00000000 ____D C:\Users\Floretta\AppData\Local\Avg
2016-01-27 16:58 - 2016-01-27 16:58 - 00004600 _____ C:\Users\Floretta\Desktop\rk_CFFC1.tmp.txt
2016-01-27 16:09 - 2016-01-27 16:09 - 00005356 _____ C:\Users\Floretta\Desktop\rk_3FA0.tmp.txt
2016-01-27 16:07 - 2016-01-27 16:07 - 00004912 _____ C:\Users\Floretta\Desktop\rk_9942.tmp.txt
2016-01-27 15:35 - 2016-01-27 15:35 - 00000000 ____D C:\NPE
2016-01-27 15:21 - 2016-01-27 15:21 - 03088296 _____ (Symantec Corporation) C:\Users\Floretta\Desktop\NPE.exe
2016-01-26 21:19 - 2016-01-30 23:10 - 00000274 _____ C:\Users\Floretta\Desktop\Search.txt
2016-01-26 19:55 - 2016-01-26 19:55 - 00120016 _____ C:\Users\Floretta\Desktop\FRST1.txt
2016-01-26 19:55 - 2016-01-26 19:55 - 00020749 _____ C:\Users\Floretta\Desktop\Addition1.txt
2016-01-26 19:47 - 2016-01-26 19:48 - 00020749 _____ C:\Users\Floretta\Desktop\Addition.txt
2016-01-26 19:45 - 2016-02-06 18:27 - 00015485 _____ C:\Users\Floretta\Desktop\FRST.txt
2016-01-26 18:48 - 2016-01-26 18:48 - 00003234 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-01-26 17:04 - 2016-02-05 16:20 - 00000000 ____D C:\Users\Floretta\AppData\Local\CrashDumps
2016-01-26 16:54 - 2016-01-26 16:54 - 00005512 _____ C:\Users\Floretta\Desktop\Rkill1-26-2016.txt
2016-01-26 16:42 - 2016-01-26 16:42 - 00296192 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-01-26 16:20 - 2016-01-26 16:20 - 00001329 _____ C:\Users\Floretta\Desktop\GrantPerms64.exe - Shortcut.lnk
2016-01-26 15:30 - 2016-01-26 16:40 - 00000144 _____ C:\Users\Floretta\Desktop\Unknown-Caches.txt
2016-01-26 14:46 - 2016-01-26 14:46 - 00000166 _____ C:\Users\Floretta\Desktop\Suspicious URLs.txt
2016-01-26 14:32 - 2016-02-06 18:27 - 00000000 ____D C:\FRST
2016-01-26 14:31 - 2016-01-26 14:31 - 02370560 _____ (Farbar) C:\Users\Floretta\Desktop\frst64.exe
2016-01-26 13:29 - 2016-01-26 13:29 - 17892448 _____ (Anvisoft) C:\Users\Floretta\Desktop\csbsetup.exe
2016-01-26 13:02 - 2016-01-26 13:03 - 24450240 _____ (SUPERAntiSpyware) C:\Users\Floretta\Desktop\SUPERAntiSpyware.exe
2016-01-26 12:51 - 2016-01-26 12:51 - 00000000 ____D C:\Users\Floretta\Desktop\GrantPerms64
2016-01-25 22:13 - 2016-01-26 18:14 - 00001838 _____ C:\Users\Floretta\Desktop\sc-cleaner.txt
2016-01-25 22:08 - 2016-01-29 17:22 - 00000000 ____D C:\AdwCleaner
2016-01-25 22:02 - 2016-01-25 22:02 - 00628779 _____ C:\Users\Floretta\Desktop\GrantPerms64.zip
2016-01-25 21:42 - 2016-01-25 21:42 - 01600184 _____ (Malwarebytes) C:\Users\Floretta\Desktop\JRT.exe
2016-01-25 21:18 - 2016-01-25 21:18 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\sc-cleaner.exe
2016-01-25 18:05 - 2016-01-25 18:05 - 00003426 _____ C:\Users\Floretta\Desktop\Rkill1.txt
2016-01-25 18:03 - 2016-02-04 17:10 - 00003426 _____ C:\Users\Floretta\Desktop\Rkill.txt
2016-01-25 16:55 - 2016-01-25 16:55 - 00001042 _____ C:\Users\Floretta\Desktop\Start Emergency Kit Scanner.exe - Shortcut.lnk
2016-01-25 16:55 - 2016-01-25 16:55 - 00001024 _____ C:\Users\Floretta\Desktop\Start Commandline Scanner.exe - Shortcut.lnk
2016-01-25 16:53 - 2016-02-05 17:01 - 00000000 ____D C:\EEK
2016-01-25 16:49 - 2016-01-25 16:50 - 00000000 ____D C:\ProgramData\HitmanPro
2016-01-25 16:49 - 2016-01-25 16:49 - 00000000 ____D C:\Program Files\HitmanPro
2016-01-25 16:48 - 2016-01-29 20:44 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-01-25 16:48 - 2016-01-25 16:48 - 00000000 ____D C:\ProgramData\RogueKiller
2016-01-25 16:47 - 2016-02-03 23:17 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-25 16:47 - 2016-01-25 16:47 - 00001073 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-01-25 16:47 - 2016-01-25 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-01-25 16:46 - 2016-01-25 16:46 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-01-25 16:46 - 2016-01-25 16:46 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-01-25 16:46 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-01-25 16:46 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-01-25 16:46 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-01-25 16:43 - 2016-01-25 16:43 - 20940872 _____ C:\Users\Floretta\Desktop\RogueKiller.exe
2016-01-25 16:40 - 2016-01-25 16:42 - 209484416 _____ C:\Users\Floretta\Desktop\EmsisoftEmergencyKit.exe
2016-01-25 16:40 - 2016-01-25 16:40 - 04010016 _____ (Secunia) C:\Users\Floretta\Desktop\PSISetup.exe
2016-01-25 15:52 - 2016-02-04 19:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-01-25 15:52 - 2016-02-04 19:31 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-01-25 15:51 - 2016-02-04 19:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-01-25 15:51 - 2016-01-25 15:51 - 01846024 _____ (Malwarebytes ) C:\Users\Floretta\Desktop\mbae-setup-1.08.1.1045.exe
2016-01-25 15:49 - 2016-01-25 15:50 - 11323704 _____ (SurfRight B.V.) C:\Users\Floretta\Desktop\HitmanPro_x64.exe
2016-01-25 15:48 - 2016-01-25 15:48 - 22908888 _____ (Malwarebytes ) C:\Users\Floretta\Desktop\mbam-setup-2.2.0.1024.exe
2016-01-25 15:47 - 2016-01-25 15:47 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
2016-01-25 15:21 - 2016-01-26 21:35 - 00004802 _____ C:\Users\Floretta\Desktop\today.txt
2016-01-25 13:47 - 2014-10-08 20:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
2016-01-25 13:47 - 2014-10-08 20:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-01-25 13:47 - 2014-10-08 20:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
2016-01-25 13:47 - 2014-10-08 19:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
2016-01-25 13:47 - 2014-10-08 19:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
2016-01-25 13:09 - 2014-07-15 14:51 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2016-01-25 12:56 - 2013-06-01 03:34 - 02391280 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-01-25 12:56 - 2013-06-01 02:24 - 02106176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-01-25 12:56 - 2013-06-01 01:25 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-01-25 12:56 - 2013-06-01 01:24 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-01-25 12:56 - 2013-06-01 01:24 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscms.dll
2016-01-25 12:56 - 2013-06-01 01:23 - 01842176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-01-25 12:56 - 2013-06-01 01:23 - 00680960 _____ (Microsoft Corporation) C:\WINDOWS\system32\vds.exe
2016-01-25 12:56 - 2013-06-01 01:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsutil.dll
2016-01-25 12:56 - 2013-06-01 01:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2016-01-25 12:56 - 2013-06-01 01:21 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-01-25 12:56 - 2013-06-01 01:21 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-01-25 12:56 - 2013-06-01 01:20 - 02219520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-01-25 12:56 - 2013-06-01 01:20 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-01-25 12:56 - 2013-06-01 01:20 - 00583168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mscms.dll
2016-01-25 12:56 - 2013-06-01 01:19 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupManager.dll
2016-01-25 12:56 - 2013-05-31 19:08 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
2016-01-25 12:55 - 2013-06-16 14:41 - 00997632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-01-25 12:54 - 2014-02-03 15:56 - 00332632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-01-25 12:54 - 2014-02-03 15:56 - 00278872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2016-01-25 12:54 - 2014-01-30 16:48 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-01-25 12:54 - 2014-01-30 16:06 - 00599040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-01-25 12:54 - 2014-01-26 19:39 - 01939288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-01-25 12:54 - 2014-01-15 15:42 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-01-25 12:54 - 2014-01-02 15:35 - 00365568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2016-01-25 12:54 - 2014-01-02 15:32 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2016-01-25 12:49 - 2014-03-24 15:42 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2016-01-25 12:49 - 2014-03-24 14:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2016-01-25 12:43 - 2013-10-04 22:10 - 00285016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2016-01-25 12:43 - 2013-08-29 21:43 - 00061784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
2016-01-25 12:43 - 2013-08-29 21:20 - 01173504 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-01-25 12:43 - 2013-08-29 21:19 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2016-01-25 12:43 - 2013-08-29 21:18 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2016-01-25 12:43 - 2013-08-29 15:48 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-01-25 12:43 - 2013-08-29 15:48 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2016-01-25 12:43 - 2013-08-29 15:47 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2016-01-25 12:43 - 2013-08-20 22:39 - 00465240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-01-25 12:43 - 2013-08-09 22:30 - 00151896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-01-25 12:43 - 2013-07-24 15:10 - 10799104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-25 12:43 - 2013-07-24 15:07 - 13661696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-25 12:42 - 2013-07-09 00:04 - 00120144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2016-01-25 12:42 - 2013-07-08 19:57 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2016-01-25 12:42 - 2013-07-08 14:46 - 00543744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-01-25 12:42 - 2013-07-08 14:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-01-25 12:42 - 2013-07-08 14:46 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanadvui.dll
2016-01-25 12:42 - 2013-07-08 14:45 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2016-01-25 12:42 - 2013-07-02 16:23 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-01-25 12:42 - 2013-07-02 16:22 - 02839552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-01-25 12:42 - 2013-07-02 16:11 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-01-25 12:42 - 2013-07-02 16:10 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-01-25 12:42 - 2013-06-30 14:30 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\openfiles.exe
2016-01-25 12:42 - 2013-06-30 14:29 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\openfiles.exe
2016-01-25 12:42 - 2013-06-28 22:15 - 00195416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-01-25 12:42 - 2013-06-28 22:15 - 00125784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-01-25 12:42 - 2013-06-25 19:01 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\udfs.sys
2016-01-25 12:42 - 2013-06-25 18:59 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HdAudio.sys
2016-01-25 12:42 - 2013-06-24 14:54 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-01-25 12:42 - 2013-06-18 21:36 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2016-01-25 12:42 - 2013-06-18 21:36 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2016-01-25 12:42 - 2013-06-18 14:38 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2016-01-25 12:42 - 2013-06-18 14:38 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2016-01-25 12:42 - 2013-06-11 15:43 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSCard.dll
2016-01-25 12:42 - 2013-06-11 15:26 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSCard.dll
2016-01-25 12:42 - 2013-06-06 00:03 - 00119040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-01-25 12:37 - 2014-07-11 20:41 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2016-01-25 12:37 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2016-01-25 12:37 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2016-01-25 12:37 - 2014-07-11 20:41 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2016-01-25 12:37 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2016-01-25 12:37 - 2014-07-11 20:41 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2016-01-25 12:37 - 2014-07-11 20:16 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2016-01-25 12:37 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2016-01-25 12:37 - 2014-07-11 20:16 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2016-01-25 12:37 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2016-01-25 12:37 - 2014-07-11 20:16 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2016-01-25 12:37 - 2014-07-11 20:15 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2016-01-25 12:37 - 2014-07-08 14:33 - 00181248 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2016-01-25 12:37 - 2014-07-08 14:32 - 01539584 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-01-25 12:37 - 2014-07-08 14:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2016-01-25 12:37 - 2014-07-08 14:30 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-01-25 12:37 - 2014-07-06 21:52 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-01-25 12:37 - 2014-07-06 21:52 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-01-25 12:37 - 2014-07-04 02:52 - 00328000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-01-25 12:37 - 2014-06-27 23:01 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2016-01-25 12:37 - 2014-06-27 22:56 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2016-01-25 12:37 - 2014-06-17 15:27 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-01-25 12:37 - 2014-06-17 15:23 - 02238464 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-01-25 12:36 - 2014-04-29 14:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
2016-01-25 12:36 - 2014-04-29 14:32 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
2016-01-25 12:36 - 2014-04-23 15:51 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2016-01-25 12:36 - 2014-04-23 15:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS

\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-01-25 12:36 - 2014-04-23 15:38 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2016-01-25 12:36 - 2014-04-23 15:38 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS

\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-01-25 12:36 - 2014-01-30 16:48 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-01-25 12:36 - 2013-08-15 21:21 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-01-25 12:32 - 2014-07-24 05:50 - 00447296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-01-25 12:32 - 2014-07-16 15:28 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sscore.dll
2016-01-25 12:32 - 2014-07-16 14:59 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2016-01-25 12:32 - 2014-07-16 14:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscore.dll
2016-01-25 12:32 - 2014-07-11 22:45 - 01549824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-01-25 12:32 - 2014-07-11 20:36 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-01-25 12:32 - 2014-07-11 20:34 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-01-25 12:32 - 2013-10-30 21:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-01-25 12:32 - 2013-10-30 21:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-01-25 12:32 - 2013-10-30 20:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-01-25 12:32 - 2013-10-30 19:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2016-01-25 12:32 - 2013-10-13 12:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-01-25 12:30 - 2014-03-01 01:47 - 01258496 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2016-01-25 12:30 - 2014-03-01 01:47 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2016-01-25 12:30 - 2014-03-01 00:07 - 01075200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2016-01-25 12:30 - 2014-02-28 22:59 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2016-01-25 12:30 - 2014-02-14 20:15 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-01-25 12:30 - 2013-11-25 15:17 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-01-25 12:30 - 2013-08-02 22:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2016-01-25 12:30 - 2013-08-02 22:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2016-01-25 12:30 - 2013-08-02 22:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2016-01-25 12:30 - 2013-08-02 21:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2016-01-25 12:30 - 2013-08-02 21:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2016-01-25 12:30 - 2013-08-02 21:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2016-01-25 12:30 - 2013-08-01 22:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2016-01-25 12:30 - 2013-08-01 21:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2016-01-25 12:30 - 2013-07-24 15:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2016-01-25 12:30 - 2013-07-24 15:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2016-01-25 12:30 - 2013-06-28 19:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2016-01-25 12:09 - 2016-01-25 12:09 - 00006124 _____ C:\Users\Floretta\Desktop\Scan Results1.txt
2016-01-25 11:32 - 2016-01-26 18:53 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Internet Security
2016-01-25 11:30 - 2016-01-26 18:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security
2016-01-25 10:32 - 2016-01-26 17:13 - 00001261 _____ C:\Users\Floretta\Desktop\Norton Installation Files.lnk
2016-01-25 10:32 - 2016-01-25 10:32 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-01-25 10:31 - 2016-01-25 10:31 - 01110680 _____ (Symantec Corporation) C:\Users\Floretta\Desktop\NortonNISDownloader.exe
2016-01-25 10:10 - 2016-01-05 12:16 - 00826328 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-25 10:10 - 2016-01-05 12:16 - 00176088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-25 10:04 - 2016-02-03 22:50 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-25 10:04 - 2016-01-25 10:04 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
2016-01-25 02:55 - 2015-01-08 22:43 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-01-25 02:55 - 2015-01-08 21:03 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2016-01-25 02:40 - 2016-02-06 16:01 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-01-25 02:40 - 2016-02-04 21:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-01-25 01:58 - 2015-10-01 05:10 - 00869568 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2016-01-25 01:58 - 2015-10-01 05:09 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2016-01-25 01:34 - 2014-04-16 10:20 - 00029888 _____ (Microsoft Corporation) C:\WINDOWS\system32\aspnet_counters.dll
2016-01-25 01:34 - 2014-04-16 10:20 - 00028352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aspnet_counters.dll
2016-01-25 01:31 - 2014-06-10 14:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-01-25 01:31 - 2014-06-10 14:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-01-25 01:25 - 2015-07-01 05:00 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-01-25 01:25 - 2015-07-01 04:58 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-01-25 01:25 - 2015-07-01 03:42 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-01-25 01:25 - 2015-07-01 03:41 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-01-25 01:24 - 2015-11-16 08:10 - 01821192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-01-25 01:24 - 2015-11-16 06:55 - 01410000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-01-25 01:24 - 2015-11-16 06:28 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-01-25 01:24 - 2015-11-16 06:28 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-01-25 01:24 - 2015-11-16 06:26 - 01637376 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-01-25 01:24 - 2015-11-16 06:26 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-01-25 01:24 - 2015-03-11 21:31 - 01688576 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-01-25 01:21 - 2015-06-27 05:46 - 01314816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-01-25 01:21 - 2015-06-27 05:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-01-25 01:21 - 2014-04-19 01:39 - 00628024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationUI.exe
2016-01-25 01:18 - 2015-07-06 08:16 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2016-01-25 01:18 - 2015-07-06 06:32 - 00281944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2016-01-25 01:18 - 2015-04-30 05:44 - 00478296 _____ C:\WINDOWS\SysWOW64\locale.nls
2016-01-25 01:18 - 2015-04-30 05:44 - 00478296 _____ C:\WINDOWS\system32\locale.nls
2016-01-25 01:18 - 2015-03-03 22:41 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2016-01-25 01:18 - 2015-03-03 22:39 - 00632832 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll
2016-01-25 01:18 - 2015-03-03 22:39 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\aelupsvc.dll
2016-01-25 01:18 - 2015-03-03 20:53 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sdbinst.exe
2016-01-25 01:18 - 2015-03-03 20:52 - 00676864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll
2016-01-25 01:18 - 2014-09-02 18:48 - 00510464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-01-25 01:18 - 2014-09-02 18:21 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-01-25 01:18 - 2014-06-12 17:57 - 01453400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-01-25 01:18 - 2014-06-12 17:55 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-01-25 01:17 - 2015-07-13 13:05 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-01-25 01:17 - 2015-07-13 13:05 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll
2016-01-25 01:16 - 2015-01-23 22:42 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-01-25 01:16 - 2015-01-23 21:00 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
2016-01-25 01:14 - 2014-11-04 22:40 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-01-25 01:14 - 2014-11-04 22:39 - 01024512 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-01-25 01:14 - 2014-10-29 06:21 - 00499008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-01-25 01:14 - 2014-08-27 22:01 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
2016-01-25 01:13 - 2015-08-01 08:21 - 00073352 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll
2016-01-25 01:13 - 2015-08-01 07:22 - 00063992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll
2016-01-25 01:13 - 2015-08-01 05:56 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidpolicyconverter.exe
2016-01-25 01:13 - 2015-08-01 05:56 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2016-01-25 01:13 - 2015-08-01 05:56 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2016-01-25 01:13 - 2014-11-14 22:06 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-01-25 01:13 - 2014-11-14 21:13 - 03286016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 01623552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2016-01-25 01:13 - 2014-11-14 21:13 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2016-01-25 01:13 - 2014-11-14 21:12 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-25 01:13 - 2014-11-14 19:54 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2016-01-25 01:13 - 2014-11-14 19:53 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-01-25 01:13 - 2014-11-14 19:53 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2016-01-25 01:13 - 2014-11-14 19:53 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2016-01-25 01:13 - 2014-06-17 15:27 - 01440256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2016-01-25 01:13 - 2014-06-17 15:24 - 01557504 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2016-01-25 01:13 - 2013-10-18 21:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2016-01-25 01:13 - 2013-10-18 20:04 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2016-01-25 01:10 - 2015-07-30 05:11 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-01-25 01:10 - 2015-07-30 05:10 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-01-25 01:10 - 2014-06-04 17:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
2016-01-25 01:10 - 2014-06-03 15:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
2016-01-25 01:08 - 2014-12-10 22:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
2016-01-25 01:06 - 2015-09-02 05:49 - 02341376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-25 01:06 - 2015-09-02 05:49 - 01850880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-01-25 01:06 - 2015-09-02 05:38 - 01744384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-25 01:06 - 2015-09-02 05:38 - 01422336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-01-25 01:06 - 2015-07-09 13:46 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-01-25 01:06 - 2015-07-09 13:44 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\aaclient.dll
2016-01-25 01:06 - 2015-07-09 12:17 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-01-25 01:06 - 2015-07-09 12:16 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
2016-01-25 01:06 - 2015-06-17 06:13 - 01150264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-01-25 01:06 - 2015-06-17 05:44 - 01567560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-01-25 01:06 - 2015-04-12 21:32 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-01-25 01:04 - 2015-08-05 05:52 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-01-25 01:04 - 2014-09-12 22:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-01-25 01:04 - 2014-09-02 18:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2016-01-25 01:04 - 2014-09-02 18:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2016-01-25 01:04 - 2014-08-28 20:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-01-25 01:04 - 2014-08-28 20:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-01-25 01:04 - 2014-08-28 20:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-01-25 01:04 - 2014-08-28 20:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-01-25 01:04 - 2014-08-27 22:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2016-01-25 01:04 - 2014-08-27 22:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2016-01-25 01:04 - 2014-08-27 21:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2016-01-25 01:04 - 2014-08-27 21:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2016-01-25 01:04 - 2014-08-27 21:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2016-01-25 01:04 - 2014-08-27 21:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2016-01-25 01:04 - 2014-07-24 05:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2016-01-25 01:03 - 2015-03-27 00:07 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptcatsvc.dll
2016-01-25 01:00 - 2015-01-29 00:05 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-01-25 01:00 - 2015-01-28 22:19 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-01-25 01:00 - 2014-10-08 19:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-01-25 01:00 - 2014-10-08 19:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-01-25 01:00 - 2014-10-08 19:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-01-25 01:00 - 2014-09-21 21:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-01-25 01:00 - 2014-09-21 19:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-01-25 00:59 - 2015-08-04 06:42 - 01229824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-01-25 00:59 - 2015-08-04 06:42 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-01-25 00:59 - 2015-08-04 06:42 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
2016-01-25 00:59 - 2015-08-04 05:54 - 01399808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-01-25 00:59 - 2015-08-04 05:53 - 00449024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-01-25 00:59 - 2015-08-04 05:53 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2016-01-25 00:59 - 2013-03-02 02:57 - 00077544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
2016-01-25 00:59 - 2013-03-02 00:23 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-01-25 00:59 - 2013-03-02 00:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2016-01-25 00:59 - 2013-03-02 00:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-01-25 00:59 - 2013-03-02 00:21 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2016-01-25 00:59 - 2013-03-02 00:21 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-01-25 00:59 - 2013-03-01 18:45 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
2016-01-25 00:59 - 2013-03-01 18:44 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-01-25 00:59 - 2013-03-01 18:44 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2016-01-25 00:59 - 2013-03-01 18:44 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
2016-01-25 00:59 - 2013-03-01 18:44 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NdisImPlatform.dll
2016-01-25 00:59 - 2013-03-01 18:44 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-01-25 00:59 - 2013-03-01 18:43 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2016-01-25 00:59 - 2013-03-01 18:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2016-01-25 00:59 - 2013-02-28 20:56 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
2016-01-25 00:58 - 2015-12-14 16:00 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-01-25 00:57 - 2015-12-14 16:01 - 14269440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-01-25 00:57 - 2015-12-14 16:00 - 15422976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 02240000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-01-25 00:56 - 2015-12-14 16:01 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 13723648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 03805696 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 02658304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 01409536 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00715776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2016-01-25 00:56 - 2015-12-14 16:00 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2016-01-25 00:56 - 2015-12-14 15:59 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-01-25 00:56 - 2015-11-07 04:46 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2016-01-25 00:56 - 2015-11-07 04:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2016-01-25 00:56 - 2015-11-07 01:34 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2016-01-25 00:56 - 2015-11-06 21:29 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2016-01-25 00:56 - 2015-09-18 05:32 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2016-01-25 00:56 - 2015-08-13 02:49 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-01-25 00:56 - 2015-08-13 02:44 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-01-25 00:56 - 2015-05-27 18:04 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-01-25 00:56 - 2015-05-27 18:02 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2016-01-25 00:56 - 2015-05-27 18:01 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2016-01-25 00:56 - 2015-05-27 18:01 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2016-01-25 00:56 - 2015-05-27 18:01 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-01-25 00:56 - 2015-05-27 18:01 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-01-25 00:56 - 2015-05-27 18:01 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-01-25 00:56 - 2015-05-27 16:44 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2016-01-25 00:56 - 2015-05-27 16:43 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-01-25 00:56 - 2015-05-27 16:43 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2016-01-25 00:56 - 2015-05-27 16:43 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2016-01-25 00:56 - 2015-05-27 16:43 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-01-25 00:56 - 2015-05-27 16:43 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2016-01-25 00:56 - 2015-05-27 16:22 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
2016-01-25 00:56 - 2015-05-27 16:20 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
2016-01-25 00:56 - 2015-05-27 16:00 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2016-01-25 00:56 - 2015-05-27 15:55 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2016-01-25 00:55 - 2015-10-31 00:14 - 02038784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-01-25 00:55 - 2015-10-30 23:33 - 02308096 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-01-25 00:55 - 2015-08-04 06:42 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-01-25 00:55 - 2015-08-04 05:54 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-01-25 00:55 - 2015-02-23 23:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-01-25 00:55 - 2014-12-07 22:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2016-01-25 00:55 - 2014-12-07 21:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2016-01-25 00:55 - 2013-07-05 14:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2016-01-25 00:55 - 2013-07-05 14:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
2016-01-25 00:55 - 2013-07-01 14:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2016-01-25 00:55 - 2013-06-21 21:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2016-01-25 00:55 - 2013-06-21 21:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2016-01-25 00:55 - 2013-04-23 15:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
2016-01-25 00:55 - 2013-04-23 15:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
2016-01-25 00:55 - 2013-04-23 14:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
2016-01-25 00:55 - 2013-04-23 14:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
2016-01-25 00:54 - 2015-12-08 07:16 - 01303040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-25 00:54 - 2015-12-05 10:48 - 01024000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-25 00:54 - 2015-06-09 05:57 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-01-25 00:54 - 2015-03-14 00:07 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-01-25 00:54 - 2015-03-13 22:33 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-01-25 00:54 - 2015-03-03 23:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-01-25 00:54 - 2015-03-03 22:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
2016-01-25 00:54 - 2015-03-03 20:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
2016-01-25 00:54 - 2015-01-23 20:31 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-01-25 00:54 - 2014-07-06 21:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-01-25 00:54 - 2014-07-06 21:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2016-01-25 00:54 - 2014-07-06 21:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
2016-01-25 00:54 - 2014-07-06 20:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
2016-01-25 00:54 - 2014-07-06 20:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
2016-01-25 00:47 - 2015-06-15 07:22 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-01-25 00:47 - 2015-06-15 07:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2016-01-25 00:47 - 2015-06-15 07:21 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2016-01-25 00:47 - 2015-06-15 07:20 - 02886144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-01-25 00:47 - 2014-10-10 23:44 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2016-01-25 00:47 - 2014-10-10 21:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2016-01-25 00:47 - 2014-06-12 15:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-01-25 00:47 - 2014-06-12 15:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-01-25 00:47 - 2014-06-05 09:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-01-25 00:40 - 2015-05-08 15:39 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-01-25 00:40 - 2015-05-08 12:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-01-25 00:39 - 2014-12-05 23:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2016-01-25 00:39 - 2014-12-05 23:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2016-01-25 00:39 - 2014-12-05 23:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
2016-01-25 00:39 - 2014-12-05 22:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
2016-01-25 00:38 - 2015-12-05 14:20 - 00319488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-25 00:38 - 2015-12-05 14:19 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll
2016-01-25 00:38 - 2015-12-05 14:19 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-01-25 00:38 - 2015-12-05 06:49 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-25 00:38 - 2015-12-05 06:49 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll
2016-01-25 00:38 - 2015-12-05 06:49 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-01-25 00:37 - 2015-09-02 05:48 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-01-25 00:37 - 2015-09-02 05:38 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-01-25 00:37 - 2015-08-28 13:59 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-01-25 00:37 - 2015-08-27 10:41 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-01-25 00:37 - 2012-10-23 19:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-01-25 00:37 - 2012-10-23 18:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-01-25 00:31 - 2014-03-10 16:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
2016-01-25 00:31 - 2014-03-10 16:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
2016-01-25 00:31 - 2014-03-10 16:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
2016-01-25 00:31 - 2014-03-10 16:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-01-25 00:31 - 2014-03-10 16:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
2016-01-25 00:30 - 2014-12-05 23:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-01-25 00:30 - 2014-12-05 23:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
2016-01-25 00:30 - 2014-12-05 23:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
2016-01-25 00:30 - 2014-12-05 22:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-01-25 00:30 - 2014-12-05 22:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
2016-01-25 00:30 - 2014-12-05 22:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
2016-01-25 00:30 - 2013-07-08 22:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
2016-01-25 00:30 - 2013-07-08 20:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
2016-01-25 00:27 - 2016-01-25 00:27 - 00000000 ____D C:\Users\Floretta\Desktop\sysinternalssuite
2016-01-25 00:27 - 2015-12-04 08:12 - 00793312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-01-25 00:27 - 2015-12-04 08:12 - 00522752 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-01-25 00:27 - 2015-12-04 08:12 - 00446872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-01-25 00:27 - 2015-12-04 08:12 - 00253624 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-01-25 00:27 - 2015-12-04 06:55 - 00612528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-01-25 00:27 - 2015-12-04 06:55 - 00463880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-01-25 00:27 - 2015-12-04 06:55 - 00324456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-01-25 00:27 - 2015-12-04 06:52 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 02615808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 01770496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 01350656 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 01150464 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2016-01-25 00:27 - 2015-12-04 06:52 - 01100800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-01-25 00:27 - 2015-12-04 06:52 - 01073664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 00577536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL
2016-01-25 00:27 - 2015-12-04 06:52 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 02893824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 01527808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 01208832 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 01174016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 01138688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00666112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00406016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\qasf.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-25 00:27 - 2015-12-04 06:51 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:51 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll
2016-01-25 00:27 - 2015-12-04 06:51 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 02312704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 01468928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 00904192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00722944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL
2016-01-25 00:27 - 2015-12-04 06:46 - 00189440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qasf.dll
2016-01-25 00:27 - 2015-12-04 06:46 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 02400256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 01453568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00946688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00929792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00571392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00546304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00251904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-25 00:27 - 2015-12-04 06:45 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-25 00:27 - 2015-12-04 06:45 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll
2016-01-25 00:27 - 2015-12-04 06:45 - 00054272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll
2016-01-25 00:27 - 2015-12-03 11:57 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
2016-01-25 00:27 - 2014-12-05 23:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-01-25 00:27 - 2013-09-27 19:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-01-25 00:27 - 2013-05-03 23:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-01-25 00:27 - 2013-05-03 22:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
2016-01-25 00:27 - 2013-05-03 22:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
2016-01-25 00:27 - 2013-05-03 22:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-01-25 00:27 - 2013-05-03 22:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-01-25 00:27 - 2013-05-03 22:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
2016-01-25 00:27 - 2013-05-03 22:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
2016-01-25 00:27 - 2013-05-03 22:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
2016-01-25 00:27 - 2013-05-03 22:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
2016-01-25 00:27 - 2013-05-03 20:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
2016-01-25 00:27 - 2013-05-03 20:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-01-25 00:27 - 2013-05-03 20:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
2016-01-25 00:27 - 2013-05-03 20:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
2016-01-25 00:27 - 2013-05-03 20:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
2016-01-25 00:27 - 2013-05-03 20:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
2016-01-25 00:27 - 2013-05-03 20:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-01-25 00:27 - 2013-05-03 20:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-01-25 00:27 - 2013-05-03 20:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
2016-01-25 00:27 - 2013-05-03 20:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
2016-01-25 00:27 - 2013-05-03 20:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
2016-01-25 00:27 - 2013-05-03 20:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
2016-01-25 00:27 - 2013-05-03 20:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2016-01-25 00:27 - 2013-05-03 20:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-01-25 00:27 - 2013-05-03 20:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
2016-01-25 00:27 - 2013-03-01 18:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
2016-01-25 00:27 - 2013-03-01 18:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
2016-01-25 00:26 - 2015-12-30 15:29 - 06972760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-25 00:26 - 2015-07-15 08:09 - 00095064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2016-01-25 00:26 - 2015-07-15 05:29 - 01333248 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2016-01-25 00:25 - 2015-12-09 06:27 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-25 00:25 - 2015-11-16 06:42 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-01-25 00:25 - 2015-11-16 06:29 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-01-25 00:25 - 2015-11-16 06:29 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-01-25 00:25 - 2015-11-16 06:29 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-01-25 00:25 - 2015-11-16 06:29 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
2016-01-25 00:25 - 2015-11-16 06:29 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
2016-01-25 00:25 - 2015-11-16 06:28 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-01-25 00:25 - 2015-11-16 06:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
2016-01-25 00:25 - 2015-11-16 06:27 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-25 00:25 - 2015-11-16 06:26 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-01-25 00:25 - 2015-11-16 06:26 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
2016-01-25 00:25 - 2015-09-23 05:10 - 00570256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-01-25 00:25 - 2015-09-22 09:53 - 01405408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-25 00:25 - 2015-09-22 09:53 - 01273184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-25 00:25 - 2015-06-25 10:29 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-01-25 00:25 - 2015-06-25 10:27 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-01-25 00:25 - 2015-05-01 22:28 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
2016-01-25 00:25 - 2015-01-15 01:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2016-01-25 00:25 - 2015-01-15 01:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2016-01-25 00:25 - 2015-01-06 20:25 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-01-25 00:25 - 2014-10-10 21:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2016-01-25 00:25 - 2014-10-10 21:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2016-01-25 00:25 - 2014-04-11 22:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2016-01-25 00:25 - 2014-03-10 16:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
2016-01-25 00:25 - 2014-03-10 16:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
2016-01-25 00:25 - 2014-03-09 17:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-01-25 00:25 - 2013-07-01 17:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-01-25 00:25 - 2013-07-01 17:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2016-01-25 00:25 - 2013-06-30 17:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2016-01-25 00:25 - 2013-06-30 17:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2016-01-25 00:25 - 2013-06-30 17:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2016-01-25 00:25 - 2013-06-30 17:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2016-01-25 00:25 - 2013-06-28 19:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2016-01-25 00:25 - 2013-06-28 19:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2016-01-25 00:25 - 2013-05-24 14:09 - 01217352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-01-25 00:25 - 2013-05-24 14:09 - 01093904 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-01-25 00:25 - 2013-03-05 22:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-01-25 00:24 - 2015-11-07 04:46 - 01341952 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-01-25 00:24 - 2015-11-07 04:44 - 01840640 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-01-25 00:24 - 2015-11-07 04:44 - 01280000 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-01-25 00:24 - 2015-11-07 01:32 - 01412608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-01-25 00:24 - 2015-11-06 23:52 - 04063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-01-25 00:24 - 2015-11-06 21:53 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-01-25 00:24 - 2015-11-06 21:52 - 01680384 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-01-25 00:24 - 2015-11-06 21:46 - 01426944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-01-25 00:24 - 2015-10-10 22:45 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-01-25 00:24 - 2015-10-10 22:45 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-01-25 00:24 - 2014-12-18 00:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2016-01-25 00:24 - 2014-12-17 22:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-01-25 00:24 - 2014-12-17 22:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-01-25 00:24 - 2014-11-08 03:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2016-01-25 00:24 - 2014-11-07 22:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2016-01-25 00:24 - 2014-10-23 04:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
2016-01-25 00:24 - 2014-10-23 03:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
2016-01-25 00:24 - 2013-11-19 16:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-01-25 00:24 - 2013-11-19 15:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-01-25 00:24 - 2013-06-10 11:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-01-25 00:24 - 2013-06-10 11:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-01-25 00:23 - 2015-12-08 07:43 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-25 00:23 - 2015-12-08 07:16 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-25 00:23 - 2015-12-03 16:55 - 00595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-25 00:23 - 2015-12-03 13:47 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-25 00:23 - 2015-09-23 05:10 - 00377552 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-01-25 00:23 - 2015-09-23 05:10 - 00332576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-01-25 00:23 - 2015-09-12 05:09 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-01-25 00:23 - 2015-08-01 06:50 - 17562112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-01-25 00:23 - 2015-08-01 05:56 - 19778048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-01-25 00:23 - 2015-04-24 19:41 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2016-01-25 00:23 - 2015-04-24 15:13 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2016-01-25 00:23 - 2015-01-23 22:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2016-01-25 00:23 - 2015-01-23 21:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2016-01-25 00:23 - 2014-06-02 14:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
2016-01-25 00:23 - 2013-05-14 18:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
2016-01-25 00:23 - 2013-05-14 18:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2016-01-25 00:23 - 2013-05-14 18:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
2016-01-25 00:23 - 2013-05-14 18:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2016-01-25 00:23 - 2013-03-02 01:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2016-01-25 00:22 - 2015-11-05 01:55 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-01-25 00:22 - 2015-10-13 05:16 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-01-25 00:22 - 2015-10-13 05:16 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-01-25 00:22 - 2015-07-09 13:47 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2016-01-25 00:22 - 2015-07-09 13:47 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2016-01-25 00:22 - 2015-07-09 12:18 - 00233984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2016-01-25 00:22 - 2015-03-11 21:31 - 02048000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdshext.dll
2016-01-25 00:22 - 2015-03-11 21:31 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WPDShServiceObj.dll
2016-01-25 00:22 - 2015-03-11 19:52 - 01933312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpdshext.dll
2016-01-25 00:22 - 2014-12-18 20:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-01-25 00:22 - 2014-11-25 22:43 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-01-25 00:22 - 2014-11-25 20:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2016-01-25 00:22 - 2013-12-04 15:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2016-01-25 00:22 - 2013-12-04 15:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2016-01-25 00:22 - 2013-10-10 01:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
2016-01-25 00:22 - 2013-10-10 01:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
2016-01-25 00:22 - 2013-10-10 01:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2016-01-25 00:22 - 2013-10-10 01:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-25 00:22 - 2013-10-10 01:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
2016-01-25 00:22 - 2013-10-10 01:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
2016-01-25 00:22 - 2013-10-10 01:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2016-01-25 00:22 - 2013-08-22 23:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-01-25 00:22 - 2013-08-22 17:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-01-25 00:22 - 2013-07-12 22:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2016-01-25 00:22 - 2013-07-12 22:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-01-25 00:22 - 2013-07-12 22:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-01-25 00:22 - 2013-07-12 22:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-01-25 00:22 - 2013-07-12 20:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2016-01-25 00:22 - 2013-07-12 20:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-01-25 00:22 - 2013-07-12 20:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-01-25 00:21 - 2013-03-21 19:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-01-25 00:21 - 2013-03-21 14:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-01-25 00:08 - 2013-04-02 15:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
2016-01-25 00:08 - 2013-04-02 15:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
2016-01-24 23:08 - 2016-01-25 11:47 - 00000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
2016-01-24 23:01 - 2016-01-24 23:05 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-24 23:01 - 2016-01-24 23:01 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-24 22:51 - 2013-04-08 20:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-01-24 22:51 - 2013-04-08 20:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2016-01-24 22:51 - 2013-04-08 20:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2016-01-24 22:51 - 2013-04-08 13:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-01-24 22:50 - 2015-09-12 05:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2016-01-24 22:50 - 2015-09-12 05:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
2016-01-24 22:50 - 2015-09-12 05:29 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
2016-01-24 22:50 - 2015-09-12 05:29 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
2016-01-24 22:50 - 2015-09-12 05:29 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
2016-01-24 22:50 - 2014-12-18 22:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-01-24 22:50 - 2013-04-08 21:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-01-24 22:50 - 2013-04-08 21:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
2016-01-24 22:50 - 2013-04-08 21:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
2016-01-24 22:50 - 2013-04-08 21:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
2016-01-24 22:50 - 2013-04-08 20:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2016-01-24 22:50 - 2013-04-08 20:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-01-24 22:50 - 2013-04-08 20:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2016-01-24 22:50 - 2013-04-08 20:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
2016-01-24 22:50 - 2013-04-08 20:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-01-24 22:50 - 2013-04-08 20:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-01-24 22:50 - 2013-04-08 20:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2016-01-24 22:50 - 2013-04-08 20:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
2016-01-24 22:50 - 2013-04-08 20:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
2016-01-24 22:50 - 2013-04-08 20:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
2016-01-24 22:50 - 2013-04-08 18:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
2016-01-24 22:50 - 2013-04-08 18:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
2016-01-24 22:50 - 2013-04-08 18:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
2016-01-24 22:50 - 2013-04-08 18:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
2016-01-24 22:50 - 2013-04-08 15:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-01-24 22:50 - 2013-04-08 15:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-01-24 22:50 - 2013-04-08 13:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2016-01-24 22:50 - 2013-04-08 13:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2016-01-24 22:50 - 2013-04-08 13:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
2016-01-24 22:50 - 2013-04-08 13:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
2016-01-24 22:50 - 2013-04-08 13:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
2016-01-24 22:50 - 2013-04-04 15:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2016-01-24 22:50 - 2013-03-15 14:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-01-24 22:50 - 2013-03-15 14:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-01-24 22:50 - 2013-03-02 02:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-01-24 22:50 - 2012-11-09 20:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2016-01-24 22:47 - 2015-07-22 14:09 - 00984448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbase.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00901264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbase.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll
2016-01-24 22:47 - 2015-07-22 14:09 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-01-24 22:47 - 2015-04-05 21:36 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhotoMetadataHandler.dll
2016-01-24 22:47 - 2015-04-05 20:08 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhotoMetadataHandler.dll
2016-01-24 22:46 - 2015-08-10 06:34 - 05331968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe
2016-01-24 22:46 - 2015-08-10 06:34 - 01174528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-01-24 22:46 - 2015-08-10 06:34 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-01-24 22:46 - 2014-10-29 23:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-01-24 22:46 - 2014-10-29 21:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-01-24 22:46 - 2013-10-31 21:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2016-01-24 22:46 - 2013-10-31 19:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2016-01-24 22:31 - 2016-01-24 22:31 - 00002188 _____ C:\Users\Floretta\Desktop\HP Support Assistant.lnk
2016-01-24 22:19 - 2016-01-24 22:19 - 00000000 ____D C:\Users\Floretta\AppData\Local\CyberLink
2016-01-24 22:09 - 2016-01-24 22:09 - 00000000 ____D C:\MediaServer
2016-01-24 21:54 - 2016-01-27 23:18 - 00000000 ____D C:\ProgramData\install_clap
2016-01-24 21:54 - 2016-01-24 22:18 - 00000000 ____D C:\Program Files (x86)\CyberLink
2016-01-24 21:48 - 2016-01-24 21:48 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2016-01-24 21:09 - 2016-01-24 21:09 - 00000000 ____D C:\Users\Floretta\Desktop\Updated January-3-2016
2016-01-24 20:51 - 2016-01-24 20:51 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-01-24 20:51 - 2016-01-24 20:51 - 00000000 ____D C:\Program Files\Realtek
2016-01-24 20:51 - 2013-04-02 21:29 - 03381960 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-01-24 20:51 - 2013-04-02 19:26 - 00449509 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-01-24 20:51 - 2013-04-01 18:44 - 21150208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-01-24 20:51 - 2013-04-01 14:06 - 02079816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2016-01-24 20:51 - 2013-03-27 16:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-01-24 20:51 - 2013-03-26 17:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-01-24 20:51 - 2013-03-26 17:04 - 02734624 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-01-24 20:51 - 2013-03-26 15:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2016-01-24 20:51 - 2013-03-26 14:38 - 01659464 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-01-24 20:51 - 2013-03-23 03:43 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-01-24 20:51 - 2013-03-20 13:16 - 02102040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-01-24 20:51 - 2013-03-20 13:16 - 00910104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-01-24 20:51 - 2013-03-12 18:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-01-24 20:51 - 2013-02-28 13:10 - 02032408 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-01-24 20:51 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-01-24 20:51 - 2013-02-19 18:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-01-24 20:51 - 2012-06-20 17:26 - 00110592 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-01-24 20:51 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-01-24 20:51 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-01-24 20:51 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-01-24 20:51 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-01-24 20:51 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-01-24 20:51 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-01-24 20:51 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-01-24 20:51 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-01-24 20:51 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-01-24 20:51 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-01-24 20:51 - 2010-07-11 21:28 - 00180048 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFProc64.dll
2016-01-24 20:51 - 2010-07-11 21:28 - 00086352 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFComm64.dll
2016-01-24 20:51 - 2010-07-11 21:28 - 00083792 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFSAPO64.dll
2016-01-24 20:51 - 2010-07-11 21:28 - 00082768 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFHAPO64.dll
2016-01-24 20:51 - 2010-07-11 21:28 - 00082768 _____ (Sonic Focus, Inc.) C:\WINDOWS\system32\SFDAPO64.dll
2016-01-24 20:51 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-01-24 20:51 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-01-24 20:51 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-01-24 20:51 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-01-24 19:38 - 2013-08-15 21:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-01-24 19:38 - 2013-08-15 21:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-01-24 19:38 - 2013-08-15 14:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-01-24 19:35 - 2016-01-24 19:35 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\WinBatch
2016-01-24 19:35 - 2013-04-17 11:21 - 00801864 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2016-01-24 19:35 - 2013-04-17 11:21 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2016-01-24 19:21 - 2016-01-29 10:48 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\hpqlog
2016-01-24 19:06 - 2016-01-29 15:43 - 00000000 ____D C:\Users\Floretta\Downloads\HP Downloads
2016-01-24 18:59 - 2016-01-24 18:59 - 03762808 _____ (Oleg N. Scherbakov) C:\Users\Floretta\Downloads\HPSupportSolutionsFramework-

12.0.30.473.exe
2016-01-24 18:57 - 2016-01-24 18:57 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\Macromedia
2016-01-24 18:38 - 2016-01-24 18:38 - 00000000 ____D C:\Users\Floretta\AppData\Local\MediaServer
2016-01-24 17:34 - 2016-01-27 15:43 - 00000000 ____D C:\Users\Floretta\AppData\Local\NPE
2016-01-24 16:03 - 2016-01-24 19:06 - 00000000 ____D C:\Users\Floretta\AppData\Local\Hewlett-Packard
2016-01-24 15:49 - 2016-02-05 20:58 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3549846101-1897986340-

1759491497-1001
2016-01-24 15:47 - 2016-01-24 16:02 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\Hewlett-Packard
2016-01-24 15:45 - 2016-01-24 15:45 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\ATI
2016-01-24 15:45 - 2016-01-24 15:45 - 00000000 ____D C:\Users\Floretta\AppData\Local\ATI
2016-01-24 15:43 - 2016-02-05 21:41 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{E5F2DE08-F70D-4325-A95E-F82F3C8A9F93}
2016-01-24 15:43 - 2016-01-24 18:01 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shopping and Services
2016-01-24 15:43 - 2016-01-24 15:43 - 00001441 _____ C:\Users\Floretta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet

Explorer.lnk
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 __RSH C:\WINDOWS\SysWOW64\Drivers\103C_HP_cPC_20-

b313w_Y53316J_0U_Q3CR33700X4_E13AM2AR8608_4A_I2AFD_SHP_V1.02_B80.07_T140423_W8101-

0_L409_M3542_J500_7AMD_8BFF_91.40_#130724_N168C0032;10EC8168_Z_G10029838_Ohp CDDVDW SN-208DB_DHWP4218.MRK
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 __RSH C:\WINDOWS\system32\Drivers\103C_HP_cPC_20-

b313w_Y53316J_0U_Q3CR33700X4_E13AM2AR8608_4A_I2AFD_SHP_V1.02_B80.07_T140423_W8101-

0_L409_M3542_J500_7AMD_8BFF_91.40_#130724_N168C0032;10EC8168_Z_G10029838_Ohp CDDVDW SN-208DB_DHWP4218.MRK
2016-01-24 15:43 - 2016-01-24 15:43 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\Adobe
2016-01-24 15:42 - 2016-01-29 20:33 - 00000000 ____D C:\Users\Floretta\AppData\Local\VirtualStore
2016-01-24 15:42 - 2016-01-29 17:19 - 00000000 ____D C:\Users\Floretta
2016-01-24 15:42 - 2016-01-24 17:57 - 00000000 ____D C:\Users\Floretta\AppData\Local\Packages
2016-01-24 15:42 - 2016-01-24 15:42 - 00000020 ___SH C:\Users\Floretta\ntuser.ini
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 _SHDL C:\Users\Floretta\My Documents
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 _SHDL C:\Users\Floretta\Documents\My Videos
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 _SHDL C:\Users\Floretta\Documents\My Pictures
2016-01-24 15:42 - 2016-01-24 15:42 - 00000000 _SHDL C:\Users\Floretta\Documents\My Music
2016-01-24 15:42 - 2013-07-24 21:51 - 00002108 _____ C:\Users\Floretta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SkyDrive.lnk
2016-01-24 15:42 - 2013-07-24 21:04 - 00000000 ___HD C:\Users\Floretta\Documents\hp.system.package.metadata
2016-01-24 15:42 - 2013-07-24 21:04 - 00000000 ___HD C:\Users\Floretta\Documents\hp.applications.package.appdata
2016-01-24 15:27 - 2016-01-24 15:27 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-24 15:23 - 2016-02-05 18:29 - 00122165 ____N C:\WINDOWS\Minidump\020516-25225-01.dmp
2016-01-24 15:23 - 2016-01-24 15:23 - 00000000 _____ C:\Recovery.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-06 15:58 - 2012-07-25 23:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-05 22:23 - 2013-07-24 20:59 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-05 21:55 - 2012-07-25 21:37 - 00000000 ____D C:\Windows
2016-02-03 23:36 - 2012-07-25 21:37 - 00000000 ____D C:\WINDOWS\Inf
2016-02-03 22:51 - 2012-07-25 23:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-01 23:20 - 2012-07-25 21:26 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-01 23:17 - 2012-07-25 21:26 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-30 12:56 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-01-29 21:55 - 2013-07-24 21:12 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-01-29 21:50 - 2012-07-25 23:28 - 00876558 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-29 21:44 - 2013-04-03 16:17 - 00000000 ____D C:\ProgramData\Package Cache
2016-01-29 20:33 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2016-01-29 15:43 - 2013-04-10 11:20 - 00000000 ____D C:\SWSETUP
2016-01-28 17:19 - 2012-07-26 00:12 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-01-28 16:25 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\AppCompat
2016-01-27 21:54 - 2013-07-24 21:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-01-27 21:54 - 2013-04-03 17:09 - 00000000 ____D C:\WINDOWS\Panther
2016-01-27 16:55 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\rescache
2016-01-26 18:32 - 2013-07-24 21:54 - 00002386 _____ C:\Users\Public\Desktop\Norton Internet Security.LNK
2016-01-26 18:32 - 2013-07-24 21:53 - 00000000 ____D C:\WINDOWS\system32\Drivers\NISx64
2016-01-26 17:13 - 2013-07-24 21:53 - 00000000 ____D C:\ProgramData\Norton
2016-01-25 15:26 - 2012-07-25 21:38 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-01-25 15:25 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-01-25 15:25 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-25 15:25 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-25 15:25 - 2012-07-25 21:38 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-25 15:24 - 2012-07-26 00:12 - 00000000 ___RD C:\WINDOWS\ToastData
2016-01-25 15:24 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\WinStore
2016-01-25 15:24 - 2012-07-26 00:12 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-01-25 10:37 - 2013-07-24 21:54 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-01-25 10:37 - 2013-07-24 21:54 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-01-25 10:37 - 2013-07-24 21:54 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-01-25 10:35 - 2013-07-24 21:53 - 00000000 ____D C:\Program Files (x86)\Norton Internet Security
2016-01-25 10:04 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-25 10:04 - 2012-07-26 00:12 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-25 10:04 - 2012-07-25 21:38 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-01-25 10:04 - 2012-07-25 21:38 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-01-25 10:03 - 2012-07-25 23:52 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-24 23:25 - 2012-07-25 21:37 - 00000000 ____D C:\WINDOWS\servicing
2016-01-24 22:31 - 2013-07-24 21:08 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-01-24 22:31 - 2013-07-24 21:06 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-01-24 22:30 - 2013-07-24 21:03 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-01-24 22:28 - 2013-07-24 21:05 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-01-24 22:19 - 2013-07-24 21:38 - 00000000 ____D C:\Users\Public\CyberLink
2016-01-24 22:17 - 2013-07-24 21:38 - 00000000 ____D C:\ProgramData\CyberLink
2016-01-24 22:08 - 2013-07-24 21:15 - 00000000 ____D C:\ProgramData\Temp
2016-01-24 21:25 - 2012-07-26 00:12 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-24 20:53 - 2013-07-24 21:11 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-01-24 20:51 - 2013-07-24 21:11 - 00000000 ____D C:\Program Files (x86)\Realtek
2016-01-24 20:04 - 2013-07-24 21:14 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-01-24 18:33 - 2013-07-24 21:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
2016-01-24 18:27 - 2013-07-24 21:19 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Productivity and Tools
2016-01-24 17:47 - 2013-07-24 21:19 - 00000000 ____D C:\Program Files (x86)\WildTangent Games
2016-01-24 15:43 - 2013-07-24 21:48 - 00000000 ___RD C:\Program Files\Online Services
2016-01-24 15:43 - 2013-07-24 21:17 - 00000000 ___RD C:\Program Files (x86)\Online Services
2016-01-24 15:43 - 2013-07-24 21:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-01-24 15:43 - 2013-04-09 17:58 - 00000000 _RSHD C:\system.sav
2016-01-24 15:43 - 2013-04-03 16:13 - 00000000 ____D C:\ProgramData\PRICache
2016-01-24 15:23 - 2012-07-26 00:13 - 00262144 _____ C:\WINDOWS\system32\config\BCD-Template

Some files in TEMP:
====================
C:\Users\Floretta\AppData\Local\Temp\DQVTXUOE.exe
C:\Users\Floretta\AppData\Local\Temp\procexp64.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-02-05 15:25

==================== End of FRST.txt ============================

 

Farbar 64 Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-01-2016
Ran by Floretta (2016-02-06 18:28:52)
Running from C:\Users\Floretta\Desktop
Windows 8 (X64) (2016-01-24 23:42:18)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3549846101-1897986340-1759491497-500 - Administrator - Disabled)
Floretta (S-1-5-21-3549846101-1897986340-1759491497-1001 - Administrator - Enabled) => C:\Users\Floretta
Guest (S-1-5-21-3549846101-1897986340-1759491497-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Norton Internet Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton Internet Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.10.2.0 - AppEx Networks)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cloud System Booster (HKLM-x32\...\Cloud System Booster) (Version: 3.6 - Anvisoft)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.1.3024 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{904822F1-6C7D-4B91-B936-6A1C0810544C}) (Version: 7.7.34.34 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.0.30.473 - HP)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft

Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft

Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 -

Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 -

Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft

Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 -

Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 -

Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 22.5.5.15 - Symantec Corporation)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version:  - Panda Security)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.15.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6875 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Secunia PSI (3.0.0.11003) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.11003 - Secunia)
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1212 - SUPERAntiSpyware.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01BA96A5-E307-4208-9A22-7B5A059E330C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton

Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {22BA3046-D63D-4187-9061-60F98A09A844} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe

[2010-06-01] ()
Task: {3494350C-682F-4E21-B3BE-1EC95BD7214D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-24]

(Microsoft Corporation)
Task: {3CDEEC3F-C4DB-490D-93D9-AC6F2135B954} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton

Internet Security\Engine\22.5.5.15\SymErr.exe [2015-11-05] (Symantec Corporation)
Task: {56116801-9FB7-462D-B61B-57C51E163AE5} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:

\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-11-13] (Hewlett-Packard)
Task: {68ED44DB-D2AA-4CC5-895C-780E8BE1A3AD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {72984FAC-0170-4D81-8F85-A9C2AE0CD127} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files

(x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {7F77BFA3-5599-4B5B-AFDD-065BEF4E2DDB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-

Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-11-29] (Hewlett-Packard Company)
Task: {8A7141F8-72B4-4AEE-A416-13830D3FA110} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:

\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-08-21] (Hewlett-Packard Company)
Task: {8C0AC56C-8BBA-4641-833F-98C3063D404F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine

\22.5.5.15\WSCStub.exe [2016-01-06] (Symantec Corporation)
Task: {9F1578F2-3470-4928-BC4F-310518E1E9D8} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {A91B08AB-5F56-4379-BF98-163565AEE986} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program

Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {AE6FB356-E13A-4114-9008-B271AE7F77F1} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton

Internet Security\Upgrade.exe [2016-01-06] (Symantec Corporation)
Task: {D76D580C-4594-4FF6-A9FC-3F3A35B5672E} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast!

Antivirus\backup.exe [2016-02-04] (AVAST Software)
Task: {E8534720-109E-4343-90B0-4B82AAC5DC60} - System32\Tasks\ASD_Main => C:\Program Files (x86)\Anvisoft\Anvi Smart Defender\ASD2.exe
Task: {EBA0440C-B3D1-47DC-B528-68F9317CFEF4} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS

\system32\NotificationUI.exe [2014-04-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\87954525.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\87954525.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 21:26 - 2016-01-26 18:42 - 00508693 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 12122 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\HP\HP_Svinoya_Norway_Sunset.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-3549846101-1897986340-1759491497-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{43EEB4C3-7F8C-4E06-B508-51FC52748CF5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{50B662BD-2EFB-406F-B9B5-60FC83BA2A3A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3800CD8E-7C89-4E37-9C57-55D5260E6DB8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DC54B328-4D6C-4B67-946E-A41BC9A3EFDA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AA11E24A-D54E-4303-84FA-8DC5696833B6}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8D4F68E7-2EA5-4FAB-B4A3-11E5972F9975}] => (Allow) LPort=2869
FirewallRules: [{72FDA2DC-1A31-49AB-95F9-B6337E9A1FDB}] => (Allow) LPort=1900
FirewallRules: [{8AFADB3F-B0E0-47F2-AE8D-4DAC6207B614}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{BE6D84E9-BB76-44C0-BBC8-1801879A02BD}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{5C775848-F9AE-499A-B3E0-A55B758FA0EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{D58173D4-A14D-41B7-A211-13F0FE791704}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{AA9D1B38-9826-410D-9B30-FB08A9C33D35}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

==================== Restore Points =========================

29-01-2016 15:55:48 JRT Pre-Junkware Removal
29-01-2016 17:25:18 JRT Pre-Junkware Removal
31-01-2016 01:19:24 Installed Sophos Virus Removal Tool.
03-02-2016 22:49:40 Windows Update
05-02-2016 15:35:56 Removed Sophos Virus Removal Tool.

==================== Faulty Device Manager Devices =============

Name: WAN Miniport (IKEv2)
Description: WAN Miniport (IKEv2)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: RasAgileVpn
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to

change the device start type parameter in the registry.

Name: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Description: Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Qualcomm Atheros Communications Inc.
Service: athr
Problem: : A driver (service) for this device has been disabled. An alternate driver may be providing this functionality (Code 32)
Resolution: The start type for this driver is set to disabled in the registry.
Uninstall the driver from Device Manager, and then scan for new hardware to install the driver again. If this does not work, you might have to

change the device start type parameter in the registry.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/06/2016 12:47:20 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 10.0.9200.17568 stopped interacting with Windows and was closed. To see if more information about

the problem is available, check the problem history in the Action Center control panel.

Process ID: 86c

Start Time: 01d1611de67c9641

Termination Time: 78

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: cc2f1e5f-cd12-11e5-be9f-54bef7330c70

Faulting package full name:

Faulting package-relative application ID:

Error: (02/05/2016 10:23:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Faulting module name: atieclxx.exe, version: 6.14.11.1143, time stamp: 0x513ffaa6
Exception code: 0xc0000005
Fault offset: 0x000000000002ea19
Faulting process id: 0xfc0
Faulting application start time: 0xatieclxx.exe0
Faulting application path: atieclxx.exe1
Faulting module path: atieclxx.exe2
Report Id: atieclxx.exe3
Faulting package full name: atieclxx.exe4
Faulting package-relative application ID: atieclxx.exe5

Error: (02/05/2016 09:38:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program Instup.exe version 11.1.2253.1653 stopped interacting with Windows and was closed. To see if more information about the

problem is available, check the problem history in the Action Center control panel.

Process ID: 8c0

Start Time: 01d160a04a61e4f2

Termination Time: 4294967295

Application Path: C:\Program Files\AVAST Software\Avast\Setup\Instup.exe

Report Id: de421975-cc93-11e5-be9e-54bef7330c70

Faulting package full name:

Faulting package-relative application ID:

Error: (02/05/2016 09:30:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: aswmbr.exe, version: 1.0.1.2290, time stamp: 0x54b4df14
Faulting module name: ntdll.dll, version: 6.2.9200.17581, time stamp: 0x5644f0df
Exception code: 0xc0000005
Fault offset: 0x00061840
Faulting process id: 0xb34
Faulting application start time: 0xaswmbr.exe0
Faulting application path: aswmbr.exe1
Faulting module path: aswmbr.exe2
Report Id: aswmbr.exe3
Faulting package full name: aswmbr.exe4
Faulting package-relative application ID: aswmbr.exe5

Error: (02/05/2016 04:19:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0xac4
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3
Faulting package full name: RootkitRevealer.exe4
Faulting package-relative application ID: RootkitRevealer.exe5

Error: (02/04/2016 08:10:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe, version: 3.1.0.9, time stamp: 0x566b28d2
Faulting module name: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe, version: 3.1.0.9, time stamp: 0x566b28d2
Exception code: 0x40000015
Fault offset: 0x0014321c
Faulting process id: 0xd88
Faulting application start time: 0x{E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe0
Faulting application path: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe1
Faulting module path: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe2
Report Id: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe3
Faulting package full name: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe4
Faulting package-relative application ID: {E96751CE-6B08-4E3D-A323-9990B1E1EC19}.exe5

Error: (02/04/2016 08:09:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe, version: 3.1.0.9, time stamp: 0x566b28d2
Faulting module name: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe, version: 3.1.0.9, time stamp: 0x566b28d2
Exception code: 0x40000015
Fault offset: 0x0014321c
Faulting process id: 0x924
Faulting application start time: 0x{9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe0
Faulting application path: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe1
Faulting module path: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe2
Report Id: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe3
Faulting package full name: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe4
Faulting package-relative application ID: {9D3E39B3-E5E8-426E-9C7B-072C554A7934}.exe5

Error: (02/04/2016 07:28:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (02/04/2016 07:28:00 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: .NETFrameworkC:\WINDOWS\system32\mscoree.dll8

Error: (02/03/2016 04:35:23 PM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: The Desktop Window Manager has encountered a fatal error (0x8898008d)

System errors:
=============
Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:
%%1058

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:
%%1058

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:
%%1058

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:
%%1058

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1068

Error: (02/06/2016 05:27:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Workstation service depends on the Browser Support Driver service which failed to start because of the following error:
%%1058

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 23%
Total physical RAM: 3541.62 MB
Available physical RAM: 2712.39 MB
Total Virtual: 3941.62 MB
Available Virtual: 2948.2 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:445.78 GB) (Free:396.21 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:17.71 GB) (Free:2.16 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 9EA9B791)

Partition: GPT.

==================== End of Addition.txt ============================

 

 

Junk Remover Tool: - Installed

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 8 x64
Ran by Floretta (Administrator) on Fri 01/29/2016 at 17:25:15.92
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 4

Successfully deleted: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3SP0CL8C (Folder)
Successfully deleted: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3T27Y35A (Folder)
Successfully deleted: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\90139ZEJ (Folder)
Successfully deleted: C:\Users\Floretta\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HVMJ2QJX (Folder)

 

Registry: 0

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/29/2016 at 17:27:13.65
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Rogue Killer by Adlice, Scan 1: - Installed

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Floretta [Administrator]
Started from : C:\Users\Floretta\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/27/2016 16:08:22

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://support.hp.com/us-en/drivers/selfservice/hp-pavilion-20-b300-all-in-one-desktop-pc-series/5395624/model/5398931  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://support.hp.com/us-en/drivers/selfservice/hp-pavilion-20-b300-all-in-one-desktop-pc-series/5395624/model/5398931  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DF33D3CC-1945-422D-B584-5065B1A9E949} | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DF33D3CC-1945-422D-B584-5065B1A9E949} | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44} -> Deleted
[PUP][File] C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}\0x0409.ini -> Deleted
[PUP][File] C:\ProgramData\{65AB91D4-DDD0-48D4-804D-C24E1FC90D44}\HP Support Assistant.msi -> Deleted

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] c2a85036c14f4420a8e0e40215c5f9f2
[BSP] 5bef15c36d8798fe98372410787d35b1 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 456483 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 937973760 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 938895360 | Size: 350 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 939612160 | Size: 18137 MB
User = LL1 ... OK
User = LL2 ... OK

 

Rogue Killer by Adlice, Scan 2: - Installed

 

RogueKiller V11.0.9.0 [Jan 24 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8 (6.2.9200) 64 bits version
Started in : Normal mode
User : Floretta [Administrator]
Started from : C:\Users\Floretta\Desktop\RogueKiller.exe
Mode : Delete -- Date : 01/27/2016 16:57:11

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://support.hp.com/us-en/drivers/selfservice/hp-pavilion-20-b300-all-in-one-desktop-pc-series/5395624/model/5398931  -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://support.hp.com/us-en/drivers/selfservice/hp-pavilion-20-b300-all-in-one-desktop-pc-series/5395624/model/5398931  -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Replaced ()
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 75.114.81.1 75.114.81.2 ([X][X])  -> Replaced ()

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x20]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BD142 +++++
--- User ---
[MBR] c2a85036c14f4420a8e0e40215c5f9f2
[BSP] 5bef15c36d8798fe98372410787d35b1 : Empty MBR Code
Partition table:
0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 1023 MB
1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2097152 | Size: 360 MB
2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 2834432 | Size: 128 MB
3 - Basic data partition | Offset (sectors): 3096576 | Size: 456483 MB
4 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 937973760 | Size: 450 MB
5 - [SYSTEM][MAN-MOUNT]  | Offset (sectors): 938895360 | Size: 350 MB
6 - [SYSTEM] Basic data partition | Offset (sectors): 939612160 | Size: 18137 MB
User = LL1 ... OK
User = LL2 ... OK

 

Emsisoft Command Line Scanner: After the 1st scan below I did another scan with the following features turned on. Scan Archives, Advanced Caching, and Direct Disk Access - 0 Threats - Installed

 

Emsisoft Commandline Scanner - Version 11.0
Last update: 2/4/2016 10:11:04 PM

Scan settings:

Scan type:                              Malware Scan
Objects:                                Memory, Traces, Files

Detect Potentially Unwanted Programs:   On
Scan archives:                          Off
ADS Scan:                               On
File extensions:                        Off
Advanced caching:                       Off
Direct disk access:                     Off

Scan start:                             2/4/2016 10:57:53 PM

Value: HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_USERS\S-1-5-21-3549846101-1897986340-1759491497-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)

Scanned            72627
Found              2
Removed            2

Scan end:          2/4/2016 10:59:33 PM
Scan time:         0:01:39

 

Other Scans & Tools:

1) Windows Defender & it's Offline version - Disabled

2) Windows Essentials 2012 (I did not install this but it is on my uninstall programs list, I've never touched it because I've always assumed it was there as an intergration with Windows Defender, and it's never been updated). 

3) Microsoft Saftey Scanner - Not Installed

4) Microsoft Malicious Software removal tool - Installed 

All Microsoft scanners were used before my January thorough reset.

5) GrantPerms64 - Installed

6) USBVaccine - Enabled

7) Defogger -  I haven't clicked Enable yet, but do I have to click disable every time I log on to my computer or is once enough?

8) Anvisoft's Cloud System Booster - Installed and if you would like to view it's removal logs for Optimize, Registry & File Cleaner or just the total of junk removed let me know and I'll make it available.

9) GMER - Installed, since I don't know how to read it's results I only used it once.

10) aswMBR - Installed, but it crashed during scanning and unsure if that event is related to the Kernel crash that happened not to long after the scanner crashed, or if it was due to the folder I double-clicked then my computer froze. C:\Windows\System32\Drivers\UMDF

11) UVK by Carifred - Downloaded but not installed

12) Mark Russinovich's Sysinternal Suite

 

 

 

 

 

 



#3 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 09 February 2016 - 07:55 AM

Hi Caramello222 :)

My name is Aura and I'll be assisting you with your issue :) Please give me a few hours to review your log, and prepare a reply.

Thank you!

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 09 February 2016 - 08:40 AM

Hi Caramello222 :)

My name is Aura and I'll be assisting you with your malware issue. Since we'll be working together, you can call me Aura or Yoan, which is my real name, it's up to you! Now that we've broke the ice, I'll just ask you a few things during the time we'll be working together to clean your system and get it back to an operational state.
  • As you'll notice, the logs we are asking for here are quite lenghty, so it's normal for me to not reply exactly after you post them. This is because I need some time to analyse them and then act accordingly. However, I'll always reply within 24 hours, 48 hours at most if something unexpected happens;
  • As long as I'm assisting you on BleepingComputer, in this thread, I'll ask you to not seek assistance anywhere else for any issue related to the system we are working on. If you have an issue, question, etc. about your computer, please ask it in this thread and I'll assist you;
  • The same principle applies to any modifications you make to your system, I would like you to ask me before you do any manipulations that aren't in the instructions I posted. This is to ensure that we are operating in sync and I know exactly what's happening on your system;
  • If you aren't sure about an instruction I'm giving you, ask me about it. This is to ensure that the clean-up process goes without any issue. I'll answer you and even give you more precise instructions/explanations if you need. There's no shame in asking questions here, better be safe than sorry!;
  • If you don't reply to your thread within 3 days, I'll bump this thread to let you know that I'm waiting for you. If you don't reply after 5 days, it'll be closed. If you return after that period, you can send me a PM to get it unlocked and we'll continue where we left off;
  • Since malware can work quickly, we want to get rid of them as fast as we can, before they make unknown changes to the system. This being said, I would appreciate if you could reply to this thread within 24 hours of me posting. This way, we'll have a good clean-up rhythm and the chances of complications will be reduced;
  • I'm against any form of pirated, illegal and counterfeit software and material. So if you have any installed on your system, I'll ask you to uninstall them right now. You don't have to tell me if you indeed had some or not, I'll give you the benefit of the doubt. Plus, this would be against BleepingComputer's rules;
  • In the end, you are the one asking for assistance here. So if you wish to go a different way during the clean-up, like format and reinstall Windows, you are free to do so. I would appreciate you to let me know about it first, and if you need, I can also assist you in the process;
  • I would appreciate if you were to stay with me until the end, which means, until I declare your system clean. Just because your system isn't behaving weirdly anymore, or is running better than before, it doesn't mean that the infection is completely gone;
  • Since I'm still a trainee, all my posts have to be reviewed by an instructor prior to be posted to make sure that you receive the best assistance possible. Sorry for the inconvenience. This being said, I have a full time job, and I also have night classes on Mondays and Wednesdays, which means that if you reply during these two days, it'll take longer for me to reply to you. Don't worry, you'll be my first priority as soon as I get home and have time to look at your thread;
This being said, it's time to clean-up some malware, so let's get started, shall we? :)

There's two things I would like to know before I proceed to give you some explanations on your situation:
  • What is your computer/laptop brand and model?
  • How did you reset your Windows 8? Via the Reset feature in Windows 8, or via a Recovery media (CD, DVD, USB) that came with your computer/laptop?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 10 February 2016 - 06:44 PM

HP Pavilion 20-b313w All-in-one desktop

I did a thorough reset using the windows 8 feature not recovery. After the first time I saw it didn't work I tried to replace the recovery data (thinking it's infected) by running the recovery media discs one by one. There are 5 discs and I ordered them from HP. The reason I did that was because there was no option that I saw visible to reset using the discs. So I tried the thorough reset again but it still didn't work. Thank you for taking my case and I agree to all of your conditions. The only things I've done since my post is I downloaded and ran Kaspersky's zbotkiller, kidokiller, virutkiller, xpajkiller, none of them removed anything, and I installed UVK - Ultra Virus Killer out of curiosity I have not done anything with it I just looked around at it. I know I should uninstall and remove a lot of what is on my computer, so let me know what you want removed and I'll do it.



#6 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 11 February 2016 - 06:14 AM

Thank you for the information :) Now I can answer all your worries one by one with what you gave me.

I did a thorough reset using the windows 8 feature not recovery.


Under Windows 8, when you use the "Reset" feature, you are restoring a Windows image on your computer to overwrite the old one. That image is usually located on a Recovery partition on your computer, and it is created by your computer's manufacturer and stored there before they shipped the computer to the customer or the store. This image can be personalized, which means that some programs (usually called OEM software) can be present on it, and when restored, these programs will show up because they were part of the image present on the Recovery partition. In your case, it means that the Windows image used during the Reset already had Microsoft Visual C++ Redistributable packages and CyberLink YouCam installed on it, hence why they show up. The same can be said about the three updates that shows up in your Windows Update history. This explains why programs and updates were already installed on your system after you did a Reset.
 

I also have DLLs and EXEs with funky looking detail tabs. The range from 'Language: Language Neutral', 'Language: Chinese (Traditional, Taiwan)', misspelling, and just simple lack of info, and WTF. I've found them in CyberLink DLLs & EXEs, Realtek, AMD Catalist Control and AMD had a lot of relocated DLLs when I viewed the CCC.exe MOM.exe in process explorer dll view.


All of these are part of the programs that were present on the system image used for the Reset (like explained above) and drivers for your computer. CyberLink .dll and .exe files belongs to CyberLink YouCam (which is installed), Realtek files are for your audio and/or card reader, AMD Catalyst Control and CCC.exe are for your graphic card (and maybe CPU if you have an APU), etc. In other words, all these .dll and .exe are legitimate and the reason they are on your system is once again, because the Windows image that was used for the Reset had them on it.
 

Process Explorer has also flagged dnsapi.dll and apphelp.dll as malware.


This is a false positive from Process Explorer, it can happen often. For more information about false positives, you can read the article below, it sums it up quite nicely.

http://antivirus.about.com/od/antivirusglossary/g/falsepositive.htm
 

I also have multiple ARPPRODUCTICON.exe in different folders located C:\Windows\installer\{1A6752E1-966B-9D1F-F6B7-DDBCA6FC87ED}. The installer folder is hidden and there are multiple folders with the same long line of numbers and letters. Some of the icons are amd catalyst, enegrystar, the installer symbol, or a long line of numbers and letters.


This is also normal. The ARPPRODUCTION.exe is used as part of the InstallShield installer, which a lot of program uses. So it's presence in the C:\Windows\Installer folder isn't surprising. Also, all the files you see in the C:\Windows\Installer folder are installers for programs, drivers, etc. located on your system. If you delete them, you might find yourself unable to uninstall or repair installed programs, so I suggest you to leave that folder alone, since nothing in it is malicious :) Also, if you see a file with a long string of numbers and letters with an icon for EnergyStar (for example), it means that this installer is related to an EnergyStar program or component installed on your system.
 

The items in temp folder located C:\Users\Floretta\AppData\Local\Temp are always changing, just like in the install folder I found multiple uninstall.exe and they all had the icon for HP's Wild Tangent games which I already uninstalled from my computer through control panel uninstall programs, I knew they were fake so I deleted them and I haven't seen them since but there is something in that folder that is coping itself to look like legit apps I have saved in other areas of my computer. Like process explorer and rootkitrevealer, there are 6 files like this ~DFFE6A9A893A88C0DF.TMP that are sometimes visible in that folder and sometimes they aren't, and know I have 2 new folders {5D428683-EBE0-444F-B475-4AA72F995AEF} & {E425F0E9-D575-4D0B-A3F1-BC9A0CB57651} that deny my access.


It's normal for the content of the temp folder to be changing rapidly and all the time. This is what that folder is used for after all, for programs to save temporary data in order to access them in the future, and once they are done with it, if they cannot delete the files, they just leave it in the temp folder since they know that it'll be cleaned eventually by the user.
 

The insanity continues on with Process Explorer's TCP/IP view of programs running, multiple programs are being exploited by 'fr.a2dfp net', cloudfront, compute amazon, and unknown *:*. It gets really bad when I use soundcloud com or my windows media player.


Your programs aren't being exploited, your programs are connecting to these domains and IP addresses in order to function properly and/or accomplish a specific task. It's normal for programs and services to establish connections with remote domains in order to work properly (like check whether or not an upgrade for the program is available).
 

The only things I've done since my post is I downloaded and ran Kaspersky's zbotkiller, kidokiller, virutkiller, xpajkiller, none of them removed anything, and I installed UVK - Ultra Virus Killer out of curiosity I have not done anything with it I just looked around at it.


You can run every tool you want, but none of them will find anything because...

You aren't infected. Your system is behaving normally and all the files, programs, processes, etc. you are worried about are legitimate and have a reason/explanation to be there. I hope that you understood everything I explained you in this post. If there's something you still don't understand, please let me know and I'll give you a more detailled explanation.

Since you aren't infected (and never were since the Reset), is there anything else that you need me to check, or are you good? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#7 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 11 February 2016 - 12:01 PM

So that I know for the future reference what can cause installed updates to not show the version & publisher especially something like Microsoft Visual C++ and do you mine and how do I make sure they are up to date other then clicking check for windows updates? I understand that languages can vary through the properties information in an application but what about the one that looks like a rough draft that says File Description: TO DO <file description>. Would an executable really have fill in the blank or information missing in properties? Last my main concern is that 'fr.a2dfp net' is listening in lass.exe, mDNSResponder.exe, nis.exe, services.exe, svchost.exe -k RPCSS, svchost.exe -k LocalServiceNetworkRestricted, svchost.exe -k netsvcs, svchost.exe -k NetworkService, System, wininit.exe, WinLogon.exe -SpecialSession. I don't understand how 'fr.a2dfp net' can be listening through tcp/Ip when I have it on my host list as a block on my mvp list. I would like to resovle that because cloudfront and amazonaws are making multiple conections to my computer that are slowing it down and when I looked the full domain names to this they are not friendly sites. (http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen desc&domain=ec-52-48-138-157.eu-west-1.compute.amazonaws.com) & ( http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen desc&domain=server-54-230-205-56.atl50.r.cloudfront.net). These 2 only make connections through iexplore.exe or windows media player. I know you said that connections are common place and I know that, but I don't think these connections are good especially when so many jump at once and slow my computer down to the point of internet explorer stops responding.

Attached File  H1.PNG   15.95KB   0 downloads


Edited by Caramello222, 11 February 2016 - 12:46 PM.


#8 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 11 February 2016 - 02:03 PM

So that I know for the future reference what can cause installed updates to not show the version & publisher especially something like Microsoft Visual C++


Sadly I have no explanation for this. There's way too many possiblities. Maybe Microsoft themself didn't add that information to the history because it was redundant (since the version and publisher of the x86 package is the same as the x64 one). The KB2565063 is a legitimate update however. It's a security update for Visual C++ 2010 SP1.
https://support.microsoft.com/en-us/kb/2565063
 

how do I make sure they are up to date other then clicking check for windows updates?


If you click on Check for updates in your Windows Updates panel, and none are found, it means that your Windows is up-to-date, and the Microsoft programs installed on it also are.
 

I understand that languages can vary through the properties information in an application but what about the one that looks like a rough draft that says File Description: TO DO <file description>. Would an executable really have fill in the blank or information missing in properties?


Yes, it's possible. You would be surprised at how many software publishers don't fill in these things. They'll usually fill it for the most important files, and leave the rest blank. You can even see unsigned files from Antivirus and Antimalware now a day. I agree that it isn't the best practice, but it doesn't mean that the file is malicious just because of it.
 

Last my main concern is that 'fr.a2dfp net' is listening in lass.exe, mDNSResponder.exe, nis.exe, services.exe, svchost.exe -k RPCSS, svchost.exe -k LocalServiceNetworkRestricted, svchost.exe -k netsvcs, svchost.exe -k NetworkService, System, wininit.exe, WinLogon.exe -SpecialSession. I don't understand how 'fr.a2dfp net' can be listening through tcp/Ip when I have it on my host list as a block on my mvp list.


Can you show me screenshots of that? In the ones you gave me, I don't see that domain being contacted at all (at least, not by name).
 

I would like to resovle that because cloudfront and amazonaws are making multiple conections to my computer that are slowing it down and when I looked the full domain names to this they are not friendly sites. (http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen desc&domain=ec-52-48-138-157.eu-west-1.compute.amazonaws.com) & ( http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen desc&domain=server-54-230-205-56.atl50.r.cloudfront.net). These 2 only make connections through iexplore.exe or windows media player. I know you said that connections are common place and I know that, but I don't think these connections are good especially when so many jump at once and slow my computer down to the point of internet explorer stops responding.


Amazon Web Services: https://en.wikipedia.org/wiki/Amazon_Web_Services
Amazon CloudFront: https://en.wikipedia.org/wiki/Amazon_CloudFront

Reading these two Wikipedia articles should help you understand why programs and services are connecting to these kind of addresses, because they are connecting to servers hosted on the AWS and CF platforms. Even Microsoft have servers there, so it's normal for Windows Media Player and Internet Explorer to connect to them.

You never said anything about your computer being slow and Internet Explorer stopping to respond. Can you give me more details on these two issues? How is your computer slow? How is Internet Explorer crashing?

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#9 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 11 February 2016 - 03:06 PM

Ok thanks for the info, I understand. Here are the pics of fr.a2dfp net listening I was wrong about winlogon.exe I thought I saw it there too but there is nothing in that TCP/IP view,  and I don't know if the last one is suspicious but the remote connections are all unknown. How is 'fr.a2dfp net' able to bypass my host file? This is how I installed it ( http://winhelp2002.mvps.org/hostswin8.htm).

Attached File  F1.PNG   7.89KB   0 downloads

Attached File  F2.PNG   12.05KB   0 downloads

Attached File  F3.PNG   11.81KB   0 downloads

Attached File  F4.PNG   8.22KB   0 downloads

Attached File  F5.PNG   9.14KB   0 downloads

Attached File  F6.PNG   8.63KB   0 downloads

Attached File  F7.PNG   11.39KB   0 downloads

Attached File  F8.PNG   10.57KB   0 downloads

Attached File  F9.PNG   7.94KB   0 downloads

Attached File  maybe.PNG   15.33KB   0 downloads



#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 12 February 2016 - 06:19 AM

Now I understand, thanks. This isn't an issue, this is something that is caused by using the MVPS Hosts File for Windows 8, like explained in this thread on their forums.

https://www.dslreports.com/forum/r29282391-MVP-Hosts-mix-up

It's a normal behavior, and you aren't actually resolving to any of these addresses, they are just pointing to 0.0.0.0 which is a special address that isn't routable.

http://www.howtogeek.com/225487/what-is-the-difference-between-127.0.0.1-and-0.0.0.0/

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 13 February 2016 - 05:45 PM

Wow, your killing me. Thank You, Thank You, Thank you, etc... Ever since I saw 'fr.a2dfp net' LISTENING in Process Explorer's TCP/IP view, and all the others. I've been losing my mind thinking I have a bunch of jerks using my computer for bit coining, porn storage, using my computer to infected other computers and so on. I've also been beating myself up thinking how could I have been so stupid to get my computer infected all over again and with such a massive amount of malware. Thank you so much for setting me straight, I truly do appreciate what you've done for me. I hope you don't mind, but I would like to do one last check that the malware is gone. One of the previous problems I had with malware before the reset was adware. It wasn't just on websites, it also exploited the advertising permissions in my free apps. Super Anti-Spyware was the only scanner I found that could remove the tracking cookies that were always being dropped on my computer, but it couldn't find the source. So as soon as I reconnected to the internet again the cookies came right back. the reason I didn't bother with it before was because I thought the other stuff was more important to deal with than tracking cookies. I'll let you know if that problem still exists. Also, even though those sites aren't malicious they are still a nuisance. There are way to many of them connecting at once and a lot of them are the same site with multiple connections established. Is there some way I can limit the number of connections made or limit the amount of my computers resources they can use. I can't keep my computer connected to the internet or open more than 3 tabs because they pile up and redline CPU & Disk in the high 90's and  68% of memory. So they end up slowing down and freezing my computer, but not to the point of forcing a restart but it's highly aggravating having to wait for services.exe, 2 svchost.exe and system to stop running so high. Norton also pops-up with a warning about the high usage of service host processes, which is annoying because I can't do anything about it. The other processes that seem to pop-up a lot around the same time are Tiworker, TrustedInstaller, and msiexec. When they add on I have to pull the cord out of my modem, just to be able to type. I added the pics so you can see how many can pop-up at once and in separate iexplore tabs at the same time.

Attached File  Remove1.PNG   35.11KB   0 downloads

Attached File  Capture.PNG   80.37KB   0 downloads

 

  



#12 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 13 February 2016 - 06:26 PM

I downloaded the app Magic Jigsaw Puzzle and so far I don't see any of those flashing, shaking, you have a message, ads in it. So I guess the reset really did do the trick. Just out of curiosity when you asked what way did I reset my computer. Does it make a diffenrece if it's a HP recovery or Windows reset, and if it were you how would you reset your computer?



#13 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 14 February 2016 - 10:11 AM

No problem Caramello, you're welcome :)

Also you're right, cookies aren't malicious at all, and personally, I do not consider them a nuisance. Every websites pretty much work with cookies, this is what allows them to save your browsing settings when you go on them (how you want a certain picture to be displayed, in what chronological orders you want the articles to be displayed, automatically connect your account once you reach the website, etc). This is why, when you clear the cookies in your web browsers, you have the impression that websites shows differently than before, because they have been "reset". They lost the information about your browsing habits, and therefore they'll have to learn it again, using cookies. If anything, dealing with cookies would fall under the "privacy" category, but even there, it isn't as much as a big deal as everyone makes of it. Without cookies, the web would be way less dynamic and quite boring if you ask me.

If you are worried about the number of connections you have when you browse the web (and this is entirely normal), why don't you use extensions such as Ghostery and Adblock (or uBlock Origin if you use Google Chrome and Mozilla Firefox) to help you limit these kind of connections? This is what I would do. I'm currently running Google Chrome with Ghostery and uBlock Origin (which is more than an adblocker, it's a multi-purpose blocker) and I can tell you that the only connections made on a website are the ones required for it to work properly.

I'll tell you this from experience, but Norton is known to be quite the resource hog on a system. I've seen it send these kind of pop-ups a lot and in the end, Norton was the culprit for the high resources usage on a system. This is one of the main reason I don't recommend using it, but that's just my personal opinion.

As for TIWorker, TrustedInstaller, msiexec, svchost, etc. using a lot of CPU and RAM, I would say that it's normal after a Reset. That is because your system is probably looking for Windows Updates to install. Once your system is fully updated, they'll stop using so much resources and get back to normal. The same can be achieved by disabling the BITS, wuauserv, SuperFetch, etc. services, but I do not recommend it since these are essentials for the well being of your system.

And yes, the way you do a reset makes a difference on how your system ends up configured after it. But using the Recovery discs from HP and using the Reset feature in Windows 8 are both good methods. And if it was me, under Windows 8, 8.1 and 10, I would reset my system using the Reset option of Windows. If it fails, and I have the Recovery discs, I would use them. And if it would fail as well, I would do a clean installation. I also prefer clean installations over resets, but this might just be me liking to start from scratch and configure everything to my own preferences. Even though I do that kind of thing multiple times a day as part of my job, I can't get enough of it :P

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#14 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 148 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:14 AM

Posted 14 February 2016 - 12:56 PM

Thank you for all the information it's been very enlightening. I guess all my previous trials and tribulations with malware in the past and all the articles I've read on how stealthy it can be, have left me paranoid. It's also made me afraid of wiping the sweat off my forehead and believing it's gone. So everything I see that doesn't make sense to me I feel like "AHA! I Gotcha, and I'm Finally Gonna Rid Myself of You." Meanwhile I probably glitched my computer by going into manual delete & scan frenzies continuing the cycle of suspicious/abnormal computer behavior causing myself to go even more looney tunes, lol. Since I was silly enough to do that I've read a clean install can fix corrupt data issues no matter the cause user or malware? And is reset and clean install the same? Last, I was told a while back that if I truly feel that I have a deeply rooted infection on my computer that I should create a bootable CD/DVD of a multi anti-virus rescue scanners such as Sarducd.it (be sure to refuse the dreaded delta search) or Hiren's Boot cd. I never did it because I was confused about how it's done and if I had to download software to turn an ISO file into a burnable disc format. I was wondering if you know of an article that gives easy step by step instructions on to choose the correct anti-virus scanners and utilities for my computer that I can update periodically and keep to the side on a usb flash incase of an emergency?



#15 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:14 AM

Posted 15 February 2016 - 09:00 AM

Since I was silly enough to do that I've read a clean install can fix corrupt data issues no matter the cause user or malware?


A clean install means that you're completely wiping the partition on which Windows is installed, and then you install a brand new, fresh copy on it. So of course, since you delete everything, there can't possible be any corrupt data left behind :) So yes, a real clean install will get rid of any malware, unless the infection is present at another level, like an infected USB Flash Drive, external hard drive, etc.
 

And is reset and clean install the same?


You could say that they are similar, but they aren't the same. A Reset will pretty much restore an image on the system by overwriting the current system installed on the partition, while a clean install makes you delete everything on that partition, and then install a new image. It really depends on how the reset is done. Some manufacturers format the Windows partition during the reset, while others simply restore an image on it.
 

Last, I was told a while back that if I truly feel that I have a deeply rooted infection on my computer that I should create a bootable CD/DVD of a multi anti-virus rescue scanners such as Sarducd.it (be sure to refuse the dreaded delta search) or Hiren's Boot cd. I never did it because I was confused about how it's done and if I had to download software to turn an ISO file into a burnable disc format. I was wondering if you know of an article that gives easy step by step instructions on to choose the correct anti-virus scanners and utilities for my computer that I can update periodically and keep to the side on a usb flash incase of an emergency?


Personally, I'm not a fan of live CD/DVD, but I know what you're talking about. They can have their use, it's true, but I would feel more comfortable using other methods like playing in the Recovery PE and/or attaching the hard drive on another computer and scan it from there than using a live CD of an Antivirus/Antimalware scanner. However, this is what I do as a job, so I'm more used to it than the average user. Also, pretty much every Antivirus/Antimalware live CD can be burned to a CD or DVD using a standard burning software (like ImgBurn), or put on a USB using a tool like Universal USB Installer. From there, all you have to do is to boot from it, and follow the instructions specific to that live CD to run your scans.

If you have any more questions of that sort (related to computer security, Antivirus, Antimalware, etc.) I suggest you to create a new thread in the General Security section and ask them there. You'll get far more replies and opinions that way :) This being said, since your system is clean to me, is there anything else that needs to be addressed, or is it all? :)

animinionsmalltext.gif
unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users