Jump to content

Faster Light and added popups


Recommended Posts

I have a brand new Laptop and have been infected wiht Faster Light and possibly other malware.  Laptop came with McAfeee installed and it is running .  Added Malwarebytes free and it is running.  Get almost constant site blocked notices from MWB.  MWB will perrodiically block a list of processs but the faster light comes back and others follow.  Downloaded and ran the MBAM rootkit program and It found nothing.   Popups are killing me need a solution.

mbam-log-2015-01-05 (06-30-34).xml

protection-log-2015-01-05.xml

Link to post
Share on other sites

Hello and welome,

 

P2P/Piracy Warning:

 

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Kevin

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Open Malwarebytes Anti-Malware, from the Dashboard please Check for Updates by clicking the Update Now... link

When the update completes select > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

 

 

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

 

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

 

 

In most cases, a restart will be required.

 

 

Wait for the prompt to restart the computer to appear, then click on Yes.

 

 

When the scan is completed from the main GUI click on History > Application Logs. Find your scan log, the date when run will identify it. Checkmark "select" box > then hit the "view" button. The history log window will open. At the bottom of that window are two options, "Copy to clipboard" and "Export"

Select > "Copy to clipboard" that copies the full log to the windows clipboard, so at your reply you right click into the text field and select "Paste" the log is pasted (copied) to  your reply.

 

Or select "Export" you are given the option to export as a Text file (*.txt) or XML file (*.xml) Choose text file, save the exported file to a place of your choice. That file can be attached to your reply...

 

Next,

 

Download AdwCleaner by Xplode onto your Desktop.


Double click on Adwcleaner.exe to run the tool.
Click on Scan
Once the scan is done, click on the Clean button.
You will get a prompt asking to close all programs. Click OK.
Click OK again to reboot your computer.
A text file will open after the restart. Please post the content of that logfile in your reply.
You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number

 

Next,

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


Shut down your protection software now to avoid potential conflicts. (re-enable when done)
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

 

Next,

 

Download Microsoft's " Malicious Software Removal Tool" and save direct to the desktop

Ensure to get the correct version for your system....

32 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=AD724AE0-E72D-4F54-9AB3-75B8EB148356&displaylang=en

64 Bit version:

https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en'>https://www.microsoft.com/downloads/en/confirmation.aspx?FamilyId=585D2BDE-367F-495E-94E7-6349F4EFFC74&displaylang=en

 

Right click on the Tool, select “Run as Administrator” the tool will expand to the options Window

In the "Scan Type" window, select Quick Scan

Perform a scan and  Click Finish when the scan is done.

Retrieve the MSRT log as follows, and post it in your next reply:

 

1) Select the Windows key and R key together to open the "Run" function

2) Type or Copy/Paste the following command to the "Run Line" and Press Enter:

 

notepad c:\windows\debug\mrt.log

 

Let me see those logs, also give an update on any remaining issues or concerns...

 

Thanks,

 

Kevin....

 

 

 

Fixlist.txt

Link to post
Share on other sites

All tasks complete, logs follow.  As soon as I went to a website Faster light is back.

# AdwCleaner v4.106 - Report created 06/01/2015 at 10:08:02
# Updated 21/12/2014 by Xplode
# Database : 2015-01-03.1 [Live]
# Operating System : Windows 8.1  (64 bits)
# Username : Jim - JIMS_LAPTOP
# Running from : C:\Users\Jim\Downloads\AdwCleaner(2).exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jim\AppData\Local\CrashRpt

***** [ Scheduled Tasks ] *****

Task Deleted : ProPCCleaner_Start
Task Deleted : ProPCCleaner_Popup

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\AskPartnerNetwork

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v34.0.5 (x86 en-US)


*************************

AdwCleaner[R0].txt - [4643 octets] - [05/01/2015 19:14:30]
AdwCleaner[R1].txt - [1065 octets] - [06/01/2015 09:58:59]
AdwCleaner[s0].txt - [4609 octets] - [05/01/2015 19:20:09]
AdwCleaner[s1].txt - [945 octets] - [06/01/2015 10:08:02]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1004 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 x64
Ran by Jim on Tue 01/06/2015 at 10:18:17.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] "hkey_current_user\software\askpartnernetwork"



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Jim\documents\propccleaner"



~~~ FireFox

Successfully deleted the following from C:\Users\Jim\AppData\Roaming\mozilla\firefox\profiles\rmbmqaji.default\prefs.js

user_pref("extensions.ARSSP2-MED.pref_tab_close", "[{\"title\":\"\",\"url\":\"hxxp://cts.adssend.net/countingimpression?sdata=140bfa103ad17dc1e003ebcd4d4c397005fd4f0618bda1dae



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/06/2015 at 10:24:17.58
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Dec 26 04:28:37 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Failed to submit clean hearbeat MAPS report: 0x80072EE7
Microsoft Windows Malicious Software Removal Tool Finished On Fri Dec 26 04:34:23 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 06:56:54 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 06:59:34 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 07:08:39 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 07:09:54 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 08:23:32 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 08:24:50 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 08:34:21 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 08:34:28 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 08:54:23 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 08:54:46 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 09:22:52 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 09:24:04 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Dec 30 14:10:47 2014

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Dec 30 14:13:20 2014


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 09:32:00 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 09:54:34 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 09:55:13 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 10:11:57 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 10:11:58 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 10:17:06 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 10:17:07 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 12:09:34 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 12:09:38 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 12:44:43 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 12:44:45 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 16:17:16 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 16:17:26 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Thu Jan 01 16:22:15 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Thu Jan 01 16:22:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 05:25:01 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 05:25:24 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 07:03:14 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 07:03:40 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 07:17:47 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 07:17:52 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 13:09:27 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Fri Jan 02 13:13:55 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Fri Jan 02 13:14:04 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 09:11:05 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 09:11:23 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 09:28:08 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 09:28:11 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 13:02:37 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 13:02:42 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 13:07:08 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 13:07:10 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 21:27:41 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 21:28:34 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sat Jan 03 21:32:42 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sat Jan 03 21:32:44 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sun Jan 04 03:36:35 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 04 03:36:49 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sun Jan 04 09:00:21 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 04 09:00:29 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sun Jan 04 09:08:29 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 04 09:08:30 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Sun Jan 04 10:25:05 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Sun Jan 04 10:25:07 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 08:19:19 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 08:22:19 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 10:52:02 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 10:52:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 10:56:28 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 10:56:29 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 12:50:24 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 12:50:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 12:54:56 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 12:54:57 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 13:30:57 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Results Summary:
----------------
No infection found.
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 13:38:12 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 13:43:03 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 13:43:05 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 18:16:05 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 18:16:17 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Mon Jan 05 19:00:57 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Mon Jan 05 19:01:02 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Jan 06 07:32:18 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 06 07:32:26 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Jan 06 09:50:38 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Jan 06 10:46:22 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0
Microsoft Windows Malicious Software Removal Tool Finished On Tue Jan 06 10:47:27 2015


Return code: 0 (0x0)

---------------------------------------------------------------------------------------
Microsoft Windows Malicious Software Removal Tool v5.19, December 2014 (build 5.19.10902.0)
Started On Tue Jan 06 10:47:38 2015

Engine: 1.1.11202.0
Signatures: 1.189.872.0

Link to post
Share on other sites

51a612a8b27e2-Zoek.pngScan with ZOEK

 

Please download ZOEK by Smeenk from here: http://hijackthis.nl/smeenk/ and save it to your desktop (preferred version is the *.exe one)

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

 


Right-click on 51a612a8b27e2-Zoek.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
Wait patiently until the main console will appear, it may take a minute or two.
In the main box please paste in the following script:

 

services_list;standardsearch;autoclean;emptyclsid;emptyfolderscheck;deleteiedefaults;firefoxlook;chromelook;FFdefaults;

 

 


Make sure that Scan All Users option is checked.
Push Run Script and wait patiently. The scan may take a couple of minutes.
When the scan completes, a zoek-results logfile should open in notepad.
If a reboot is needed, it will be opened after it. You may also find it at your main drive (usually C:\ drive)

 

Please include its content in your next reply. Don't forget to re-enable security software!

 

Let me know if the issue is cleared...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

As soon as I clicked on Drudge Report I got Faster Light back.  Had to break the Zoek log into two parts, second follows

Zoek.exe v5.0.0.0 Updated 31-12-2014
Tool run by Jim on Tue 01/06/2015 at 14:46:13.02.
Microsoft Windows 8.1 6.3.9600  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jim\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

1/6/2015 2:48:08 PM Zoek.exe System Restore Point Created Succesfully.

==== Running Processes ======================

C:\Windows\SysWOW64\tbaseprovisioning.exe
C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
C:\Program Files (x86)\Synology\Assistant\DSAssistant.exe
C:\Windows\sysWow64\SearchProtocolHost.exe
C:\Users\Jim\Downloads\zoek.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 5056 MB
CPU Info: AMD A8-6410 APU with AMD Radeon R5 Graphics
CPU Speed: 2036.5 MHz
Sound Card: Speaker/HP (Realtek High Defini |
Display Adapters: AMD Radeon R5 Graphics | AMD Radeon R5 Graphics
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1600 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Wi-Fi Direct Virtual Adapter #2 | Realtek RTL8188EE 802.11 b/g/n Wi-Fi Adapter | Realtek PCIe FE Family Controller
CD / DVD Drives: 1x (E: | ) E: hp      DVDRW  DU8A5SHL
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 16 Button Wheel Mouse Present
Hard Disks: C:  906.2GB | D:  24.3GB
Hard Disks - Free: C:  758.1GB | D:  2.4GB
Manufacturer *: American Megatrends Inc.
BIOS Info: AT/AT COMPATIBLE |  | HPQOEM - 1072009
Time Zone: Central Standard Time
Motherboard *: Hewlett-Packard 226A
Country: United States
Language: ENU

==== System Specs (Software) ======================

Anti-Virus: McAfee Anti-Virus and Anti-Spyware On-access scanning disabled (Outdated)
Anti-Virus: Windows Defender On-access scanning disabled (Outdated)
Anti-Spyware: McAfee Anti-Virus and Anti-Spyware disabled (Outdated)
Anti-Spyware: Windows Defender disabled (Outdated)
Firewall: McAfee Firewall disabled
Default Browser: Firefox    34.0.5
Internet Explorer Version: 11.0.9600.17498
Mozilla Firefox version: 34.0.5 (x86 en-US)
Flash Player version: 16.0.0.235
Shockwave Player version: 12.0.4r144
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2014-12-25 15:12:02    ACDBE1ED38167C8B01B8F63161BB2CEA    2374784    ----a-w-    C:\Windows\explorer.exe
====== C:\Users\Jim\AppData\Local\Temp ====
2015-01-06 16:18:03    E0DC8C6BBC787B972A9A468648DBFD85    1008128    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\libiconv2.dll
2015-01-06 16:18:03    D202BAA425176287017FFE1FB5D1B77C    103424    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\libintl3.dll
2015-01-06 16:18:03    57CAC848FA14AE38F14F9441F8933282    140288    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\pcre3.dll
2015-01-06 16:18:03    547C43567AB8C08EB30F6C6BACB479A3    79360    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\regex2.dll
2015-01-06 16:18:03    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-12-26 14:24:30    02E324E880F6E54187A2B3C9F53DD70E    12730880    ----a-w-    C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-12-26 14:24:11    AA3E2CEECFCD89D49FF902ECAD197946    2071552    ----a-w-    C:\Windows\SysWOW64\d3d10warp.dll
2014-12-26 14:24:11    495B4CA2AF924CE5C08BBC9D5E7E1103    2145472    ----a-w-    C:\Windows\SysWOW64\mfcore.dll
2014-12-26 14:24:02    69567319D077611FFF5A07BDCDF2A400    889344    ----a-w-    C:\Windows\SysWOW64\Windows.Media.dll
2014-12-26 14:23:58    E011C6CA6921FAC88F8B163C68E554BF    2410976    ----a-w-    C:\Windows\SysWOW64\WMVDECOD.DLL
2014-12-26 14:23:55    0C666352A0F9C61AB07019D3928463ED    391000    ----a-w-    C:\Windows\SysWOW64\netcfgx.dll
2014-12-26 14:23:54    D39BD0DB9D91A4376F759282B2C276AE    1057792    ----a-w-    C:\Windows\SysWOW64\printui.dll
2014-12-26 14:23:54    0120A5300040B9A1E459A03B364A74D5    1741824    ----a-w-    C:\Windows\SysWOW64\SRH.dll
2014-12-26 14:23:52    3362D78214C5B0A5CAE9E5C1692FA12B    474112    ----a-w-    C:\Windows\SysWOW64\AppxPackaging.dll
2014-12-26 14:23:51    86A8EEFADBDDA52474456818D76DFAAA    302080    ----a-w-    C:\Windows\SysWOW64\wlanmsm.dll
2014-12-26 14:23:51    427A26A303BBF3736B054244EAFFAA4D    439296    ----a-w-    C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-12-26 14:23:51    3C120DEE84D42246A17A917B2B934A36    513544    ----a-w-    C:\Windows\SysWOW64\locale.nls
2014-12-26 14:23:50    F7A00AA3EA30F2F923C1F8A0DE76A113    180720    ----a-w-    C:\Windows\SysWOW64\mftranscode.dll
2014-12-26 14:23:50    B393F30C63DCD1A0D6977A8E27A42A57    707536    ----a-w-    C:\Windows\SysWOW64\mfplat.dll
2014-12-26 14:23:50    9D75171689317D82FBF8B155FCF34AE8    371712    ----a-w-    C:\Windows\SysWOW64\winspool.drv
2014-12-26 14:23:47    FB970EC73EAB710FE1F529C139E258A0    477200    ----a-w-    C:\Windows\SysWOW64\SHCore.dll
2014-12-26 14:23:37    6ADEF3CCE9788849FA7F8D28A85B2833    540672    ----a-w-    C:\Windows\SysWOW64\comdlg32.dll
2014-12-26 14:23:33    3EAE3411A4A492C253A88534209E3045    355800    ----a-w-    C:\Windows\SysWOW64\mfreadwrite.dll
2014-12-26 14:23:31    FEC1F6C1F496944BC40D995957D971CF    1404416    ----a-w-    C:\Windows\SysWOW64\storagewmi.dll
2014-12-26 14:23:31    95719EC346E3A9FDD87662BE886EB200    1817088    ----a-w-    C:\Windows\SysWOW64\Display.dll
2014-12-26 14:23:31    7BB5166433C5319CED9E8D05A0C5F7E8    230400    ----a-w-    C:\Windows\SysWOW64\wlanapi.dll
2014-12-26 14:23:30    19C5844B56BCA187625D2CFA9A7C1144    127544    ----a-w-    C:\Windows\SysWOW64\winmmbase.dll
2014-12-26 14:23:29    190228E527C47A96D9B865F07BF2EC19    889856    ----a-w-    C:\Windows\SysWOW64\aclui.dll
2014-12-26 14:23:28    0F3DF44347B0051D30B23EED12973D8C    210944    ----a-w-    C:\Windows\SysWOW64\wisp.dll
2014-12-26 14:23:25    8A5A7AB46513F9FA75E7223471084645    667136    ----a-w-    C:\Windows\SysWOW64\wuapi.dll
2014-12-26 14:23:23    F19F4DF5361132D5E19FBE1A0DCDC80B    335680    ----a-w-    C:\Windows\SysWOW64\bcryptprimitives.dll
2014-12-26 14:23:21    8FC068ACF45786301D04CED5B58A13E3    1319936    ----a-w-    C:\Windows\SysWOW64\wsecedit.dll
2014-12-26 14:23:21    704AA3D6466B2070D321C63C99368448    95232    ----a-w-    C:\Windows\SysWOW64\AppxSip.dll
2014-12-26 14:23:19    E5FB6044A36E74484DA958AC17FA9504    1290752    ----a-w-    C:\Windows\SysWOW64\XpsPrint.dll
2014-12-26 14:23:19    21A13082B44A898B8DCC54972B2B5C31    128568    ----a-w-    C:\Windows\SysWOW64\winmm.dll
2014-12-26 14:23:17    D9ABDEC0BDCD1FE7391EF756A2A9107B    180208    ----a-w-    C:\Windows\SysWOW64\SndVol.exe
2014-12-26 14:23:16    E1F38BF986C7285AB13FB369243A41E0    448000    ----a-w-    C:\Windows\SysWOW64\VAN.dll
2014-12-26 14:23:16    42A350B81E0E9A427D7366E1E8BFBADC    198656    ----a-w-    C:\Windows\SysWOW64\WebClnt.dll
2014-12-26 14:23:16    2F6410A7641BE1196DC423025F208285    98048    ----a-w-    C:\Windows\SysWOW64\dwmapi.dll
2014-12-26 14:23:13    05B976CBCB4ADE4D3F4E75DAD196EECD    313856    ----a-w-    C:\Windows\SysWOW64\clusapi.dll
2014-12-26 14:23:11    DA5AD8EA1331015BCC2FCFB1B7EE4EBC    168960    ----a-w-    C:\Windows\SysWOW64\iasnap.dll
2014-12-26 14:23:10    FC36740153F03C81ADA5B5EEF22C8064    1048064    ----a-w-    C:\Windows\SysWOW64\gpedit.dll
2014-12-26 14:23:10    EBA5466233255ADAF7D5501F0CC2B9CF    189016    ----a-w-    C:\Windows\SysWOW64\rsaenh.dll
2014-12-26 14:23:06    1CD80290AEB1DA851B6AA9B9822F25F2    779264    ----a-w-    C:\Windows\SysWOW64\osk.exe
2014-12-26 14:23:05    D32E7F10D61EFF5A26FB806934FB1088    1029632    ----a-w-    C:\Windows\SysWOW64\mispace.dll
2014-12-26 14:23:05    CB587DCB837D0367B43584855BD22F25    432128    ----a-w-    C:\Windows\SysWOW64\Windows.Networking.dll
2014-12-26 14:23:04    0836AC3FEF8E7380D1973E6DB14E31A7    459264    ----a-w-    C:\Windows\SysWOW64\SettingSync.dll
2014-12-26 14:23:03    F7CA5639A235A1E2071500B4D1FCC6F8    51200    ----a-w-    C:\Windows\SysWOW64\wshbth.dll
2014-12-26 14:23:02    F1FCD3780D71FD21EAA2A42D3A924B1F    832512    ----a-w-    C:\Windows\SysWOW64\ActionCenter.dll
2014-12-26 14:23:02    14D03A4F5F0AFCDB93CAFB68B77ACDB6    288768    ----a-w-    C:\Windows\SysWOW64\stobject.dll
2014-12-26 14:23:01    FE166ADB02C1E146005789C17E065143    8192    ----a-w-    C:\Windows\SysWOW64\KBDRUM.DLL
2014-12-26 14:23:01    DA84B73474C3D02B453E6FAC0F38DBFB    26112    ----a-w-    C:\Windows\SysWOW64\wups.dll
2014-12-26 14:23:01    8A073508726DE4A69ED702A7A6082808    1351168    ----a-w-    C:\Windows\SysWOW64\GdiPlus.dll
2014-12-26 14:22:59    0A6ABB521CDCE96D3A50939CF7964E24    206336    ----a-w-    C:\Windows\SysWOW64\powercfg.cpl
2014-12-26 14:22:58    FB38126A24BDC4912C175C4C430E911C    7168    ----a-w-    C:\Windows\SysWOW64\KBDRU1.DLL
2014-12-26 14:22:58    A40516F4443996DC92350D6890546E4A    7168    ----a-w-    C:\Windows\SysWOW64\KBDYAK.DLL
2014-12-26 14:22:58    44AABDB92C816F112E054FC3523B51E8    7168    ----a-w-    C:\Windows\SysWOW64\KBDBASH.DLL
2014-12-26 14:22:58    35D1AA379B4C2873F1DD62EDCA740C19    6656    ----a-w-    C:\Windows\SysWOW64\KBDRU.DLL
2014-12-26 14:22:54    594CEF2E9CD8A5BB8310B3844614C127    7168    ----a-w-    C:\Windows\SysWOW64\KBDTAT.DLL
2014-12-26 14:22:53    7D6731C5BA01769612A3EDC42A7C931B    79872    ----a-w-    C:\Windows\SysWOW64\BluetoothApis.dll
2014-12-26 14:22:49    CA16D3794D44C57CBFBE0CE5530FFED8    80896    ----a-w-    C:\Windows\SysWOW64\wudriver.dll
2014-12-26 14:22:48    DB46A1A84AEC3A7F0FBA4E20320F3159    7168    ----a-w-    C:\Windows\SysWOW64\KBDTT102.DLL
2014-12-26 13:16:10    E3B655AABA7A38E2190514EC0F1A3BE4    106976    ----a-w-    C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-26 13:16:10    BBD2925C4F2E027254F2420963D4A174    714720    ----a-w-    C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-25 23:23:35    9587324703A72D20E6EAA5159991F102    73216    ----a-w-    C:\Windows\SysWOW64\OVDecode.dll
2014-12-25 23:23:34    01BA3C736A05B3B5805ED7A5B190C7DC    83456    ----a-w-    C:\Windows\SysWOW64\OpenVideo.dll
2014-12-25 23:23:33    ED335FA4A6F319E8F10388C99BD8DBFA    99008    ----a-w-    C:\Windows\SysWOW64\atiu9pag.dll
2014-12-25 23:23:33    93D30313979A8076BDB9A2B25F4DE3D2    6715752    ----a-w-    C:\Windows\SysWOW64\atiumdag.dll
2014-12-25 23:23:33    52BC0EFF5A0D29CB819D8BD21CFB91D7    3471376    ----a-w-    C:\Windows\SysWOW64\atiumdva.cap
2014-12-25 23:23:32    FC296E0F4B363C981812284DC9F23938    22860800    ----a-w-    C:\Windows\SysWOW64\atioglxx.dll
2014-12-25 23:23:32    42DD66C106E5B27B5289A86A90C0DF30    80896    ----a-w-    C:\Windows\SysWOW64\atisamu32.dll
2014-12-25 23:23:30    5714D09494A2BCAF73D8751954615F67    71704    ----a-w-    C:\Windows\SysWOW64\atimpc32.dll
2014-12-25 23:23:29    CC673161CB61915C763EFB8234A0A85E    133120    ----a-w-    C:\Windows\SysWOW64\atigktxx.dll
2014-12-25 23:23:29    A05B477EB8C3D419EE68F6BB91BD045A    69632    ----a-w-    C:\Windows\SysWOW64\atiglpxx.dll
2014-12-25 23:23:28    D713CCDD20BCDEF4C609B5C58417A517    14302208    ----a-w-    C:\Windows\SysWOW64\aticaldd.dll
2014-12-25 23:23:28    D62FF54F45C3D81F1F970F4EC603F26B    58880    ----a-w-    C:\Windows\SysWOW64\OpenCL.dll
2014-12-25 23:23:28    C9ED150630945E8EF5C1E0DE7E66A8C7    52224    ----a-w-    C:\Windows\SysWOW64\aticalrt.dll
2014-12-25 23:23:28    9F66FC6F3A6C9C55666146E1C4384F5A    870912    ----a-w-    C:\Windows\SysWOW64\atiadlxy.dll
2014-12-25 23:23:28    6BD9080EE785D101B7C13D7DA61B9E04    588464    ----a-w-    C:\Windows\SysWOW64\atiapfxx.blb
2014-12-25 23:23:28    1AA996F171738B5F6FAE16DFDE757D4B    49152    ----a-w-    C:\Windows\SysWOW64\aticalcl.dll
2014-12-25 23:23:27    E7570EF5038EDCB6FC8324754B585DDF    71704    ----a-w-    C:\Windows\SysWOW64\amdpcom32.dll
2014-12-25 23:23:27    CB1031637FD830AC1D622FA7110BB8EE    23905280    ----a-w-    C:\Windows\SysWOW64\amdocl.dll
2014-12-25 23:23:27    063D495737B23558CD8C25E29B1CE88A    35840    ----a-w-    C:\Windows\SysWOW64\amdmmcl.dll
2014-12-25 23:23:25    839BF9E615A917238B05DED93E5B851A    117560    ----a-w-    C:\Windows\SysWOW64\amdhcp32.dll
2014-12-25 23:23:25    833DBDF3E57CAA666E4B5A850216FDB2    90112    ----a-w-    C:\Windows\SysWOW64\amdave32.dll
2014-12-25 23:23:25    0B58227F5750A18B02CEF31E486A4536    123392    ----a-w-    C:\Windows\SysWOW64\amdhdl32.dll
2014-12-25 23:23:14    D05EBF747A46135B641BC1FDF3C50070    99840    ----a-w-    C:\Windows\SysWOW64\tbaseregistry32.dll
2014-12-25 23:23:13    B44BA313E03607A2A0984E60BB936062    12288    ----a-w-    C:\Windows\SysWOW64\t-base_client_api.dll
2014-12-25 23:23:13    8DE3CCA7C8BB6377C02654C5A7666366    59392    ----a-w-    C:\Windows\SysWOW64\amdumcsp.dll
2014-12-25 23:19:39    5F333FDBF392850373C89BDA31EBEC1B    1346048    ----a-w-    C:\Windows\SysWOW64\user32.dll
2014-12-25 23:19:38    3B45EA6108E48406828D4E015FF41DD0    12800    ----a-w-    C:\Windows\SysWOW64\winshfhc.dll
2014-12-25 15:22:33    BC426A818B7F3DB5F509BC1B62FF1501    357376    ----a-w-    C:\Windows\SysWOW64\schannel.dll
2014-12-25 15:22:32    B2AC9E081A847ACBD5B62BE25AF39DA1    88800    ----a-w-    C:\Windows\SysWOW64\ncryptsslp.dll
2014-12-25 15:20:45    2C01D8EA2B0FA834597FCD96AAAE4F52    406400    ----a-w-    C:\Windows\SysWOW64\dxgi.dll
2014-12-25 15:19:40    128EC9879D462F89829E663417FE5DBD    710144    ----a-w-    C:\Windows\SysWOW64\rpcrt4.dll
2014-12-25 15:13:16    A22688490DCC2DA19441CA09EF7299BF    736768    ----a-w-    C:\Windows\SysWOW64\adtschema.dll
2014-12-25 15:13:16    791BDC9FD3C95F92C7DB2162132C8645    324096    ----a-w-    C:\Windows\SysWOW64\certcli.dll
2014-12-25 15:13:15    DDAAC7C966436938526D4CF4C6042A5C    154112    ----a-w-    C:\Windows\SysWOW64\msaudite.dll
2014-12-25 15:12:13    DBC4D46A7DDC14D1D1ED4B613F9E41A4    1064448    ----a-w-    C:\Windows\SysWOW64\gdi32.dll
2014-12-25 15:12:10    DB3ED0BA26D7C598481A23E7D06A370E    2344448    ----a-w-    C:\Windows\SysWOW64\Wpc.dll
2014-12-25 15:12:02    195822ACCDAA2B4815DD01BAFC335595    2084520    ----a-w-    C:\Windows\SysWOW64\explorer.exe
2014-12-25 15:12:01    1E4CD5DB4F61DF2A9053C8B9A46B4013    50176    ----a-w-    C:\Windows\SysWOW64\UXInit.dll
2014-12-25 15:11:58    CB90D56DB19B8213CF5F7CB789C1C778    3117568    ----a-w-    C:\Windows\SysWOW64\msi.dll
2014-12-25 15:11:58    C49344C2F399A22704C682C5E18B8DF2    2321920    ----a-w-    C:\Windows\SysWOW64\authui.dll
2014-12-25 15:11:56    F8D0951A75826AD557CFAC323A936AA6    281088    ----a-w-    C:\Windows\SysWOW64\msihnd.dll
2014-12-25 15:11:34    E86549FED3008360730A6B722079D537    756224    ----a-w-    C:\Windows\SysWOW64\WSShared.dll
2014-12-25 15:11:32    DA65F1320538BC417B8FAE0BCAC330A0    265216    ----a-w-    C:\Windows\SysWOW64\SkyDriveShell.dll
2014-12-25 15:11:24    7BEE9E040222E7033A820780E1A61204    5777408    ----a-w-    C:\Windows\SysWOW64\mstscax.dll
2014-12-25 15:11:24    074BF061D97E49AAF04F2FAF46409A14    5902848    ----a-w-    C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-12-25 15:11:20    A4E624F7658D08C1717542FA10E0A973    1467384    ----a-w-    C:\Windows\SysWOW64\ntdll.dll
2014-12-25 15:11:20    76831C139BD9E227712B283A6A5ABBA8    840192    ----a-w-    C:\Windows\SysWOW64\SearchFolder.dll
2014-12-25 15:11:19    DBA00F3FC75495058A25B24906C24599    1205976    ----a-w-    C:\Windows\SysWOW64\propsys.dll
2014-12-25 15:11:19    BFC6F7889A9CFF451A418862444B9F63    321024    ----a-w-    C:\Windows\SysWOW64\Wldap32.dll
2014-12-25 15:11:19    24B30DB8D1F8CF0F8C1AAAE319BC508E    838144    ----a-w-    C:\Windows\SysWOW64\KernelBase.dll
2014-12-25 15:11:16    1FA2D34A17E366C269FBE94DE06B177F    855552    ----a-w-    C:\Windows\SysWOW64\rdvidcrl.dll
2014-12-25 15:11:03    75D0FAD0165770819770628239BF57DB    602768    ----a-w-    C:\Windows\SysWOW64\oleaut32.dll
2014-12-25 15:10:42    5D2C15BDAD48646C8CBC83903252D87C    514048    ----a-w-    C:\Windows\SysWOW64\rastls.dll
2014-12-25 15:10:24    38045850ACB96313A1983A8803302906    35480    ----a-w-    C:\Windows\SysWOW64\TsWpfWrp.exe
2014-12-25 15:09:53    949E0E42DAAD0418513B44C31A697CA5    1797896    ----a-w-    C:\Windows\SysWOW64\d3d9.dll
2014-12-25 15:09:47    E28501E3A241DDC5DC65382E55661B1D    285696    ----a-w-    C:\Windows\SysWOW64\dhcpcore.dll
2014-12-25 15:09:46    EA15CC7B75A2DE287E3B0C266A35490C    235008    ----a-w-    C:\Windows\SysWOW64\framedynos.dll
2014-12-25 15:09:46    E4783EB6A6B2D04F3B541B378E843617    229888    ----a-w-    C:\Windows\SysWOW64\dhcpcore6.dll
2014-12-25 15:09:45    0CCDFED2DFCD4FBA73EE989249379458    52736    ----a-w-    C:\Windows\SysWOW64\ncobjapi.dll
2014-12-25 15:09:44    4E07710A2C9EA43E7509BF7D0452430E    106496    ----a-w-    C:\Windows\SysWOW64\Robocopy.exe
2014-12-25 15:09:43    BEA7A26C2C22381B6DD88758352B9D9B    62976    ----a-w-    C:\Windows\SysWOW64\dhcpcsvc.dll
2014-12-25 15:09:43    BA6E52B0D82682EDE4B49D9CCC7D529B    207360    ----a-w-    C:\Windows\SysWOW64\framedyn.dll
2014-12-25 15:09:43    57E0A896C38C41C8B5B7F3127F8FD0D9    56320    ----a-w-    C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-12-25 15:09:41    191B7F25BE13D9F9E56B2B4EA595AC62    11776    ----a-w-    C:\Windows\SysWOW64\d3d8thk.dll
2014-12-25 15:09:27    3BF6BEBD0A5666BDB426A734A4578D9B    1346048    ----a-w-    C:\Windows\SysWOW64\msxml3.dll
2014-12-25 15:09:26    FACBA112943A89FBB8AC25085521924F    344536    ----a-w-    C:\Windows\SysWOW64\AUDIOKSE.dll
2014-12-25 15:09:26    61F5222289E052C40274ECD182A8AA99    98816    ----a-w-    C:\Windows\SysWOW64\drvinst.exe
2014-12-25 15:09:26    22B2920A0857BDD61B1331C30AD76F30    424544    ----a-w-    C:\Windows\SysWOW64\AudioEng.dll
2014-12-25 15:09:26    0CBA301F325F922FAFB3B83AD3337BB2    370424    ----a-w-    C:\Windows\SysWOW64\AudioSes.dll
2014-12-25 15:09:25    D1A07DE4DC408E5AA5CFBAE261919BDC    72192    ----a-w-    C:\Windows\SysWOW64\packager.dll
2014-12-25 15:09:24    65FCEABE3128592F84B60140F814BDDB    1509888    ----a-w-    C:\Windows\SysWOW64\DWrite.dll
2014-12-25 15:09:23    A9B598B04606F9869C42728FE95CBC7C    1489072    ----a-w-    C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-25 15:09:14    684CF6A72A8DF7D66D262AC4A6E07845    270848    ----a-w-    C:\Windows\SysWOW64\DaOtpCredentialProvider.dll
2014-12-25 15:08:58    0A9EB3956BCB7E5CDE15AF987BD81543    488960    ----a-w-    C:\Windows\SysWOW64\qedit.dll
2014-12-25 15:08:51    7EAC336CFB845753DE556D8EEDD8BD58    129536    ----a-w-    C:\Windows\SysWOW64\poqexec.exe
2014-12-25 15:08:42    F25284C763E728E4DAC248C211D1FC5B    76288    ----a-w-    C:\Windows\SysWOW64\mshtmled.dll
2014-12-25 15:08:41    F34F6DC38A21FCDBB50CDD1EE97B1EA3    1307136    ----a-w-    C:\Windows\SysWOW64\urlmon.dll
2014-12-25 15:08:41    D7A98A4CEA2E89F544065A00BF37FC10    688640    ----a-w-    C:\Windows\SysWOW64\msfeeds.dll
2014-12-25 15:08:41    713407DA59A9DBE5BD64A17D7A267DA1    326656    ----a-w-    C:\Windows\SysWOW64\iedkcs32.dll
2014-12-25 15:08:41    69AC6FD5B0B4DC963723E1EBDEE10A2C    285696    ----a-w-    C:\Windows\SysWOW64\dxtrans.dll
2014-12-25 15:08:41    45CDC0E37774D30BEE8C5F62CE30D599    1042944    ----a-w-    C:\Windows\SysWOW64\actxprxy.dll
2014-12-25 15:08:41    220505B0B3E96C857DD01729AF0CD369    19749376    ----a-w-    C:\Windows\SysWOW64\mshtml.dll
2014-12-25 15:08:39    8FC2FB51EB90E6AA582BDBA39C1935FD    620032    ----a-w-    C:\Windows\SysWOW64\jscript9diag.dll
2014-12-25 15:08:39    543ADCEA31CF9C2B4EEB900D4AAFD0F9    2052096    ----a-w-    C:\Windows\SysWOW64\inetcpl.cpl
2014-12-25 15:08:39    01777AB557997E98691E322225314E57    2277888    ----a-w-    C:\Windows\SysWOW64\iertutil.dll
2014-12-25 15:08:38    B59E370277EDB6643083B62297175628    12836864    ----a-w-    C:\Windows\SysWOW64\ieframe.dll
2014-12-25 15:08:38    7BCC24D058205664BD700D272B169AEC    418304    ----a-w-    C:\Windows\SysWOW64\dxtmsft.dll
2014-12-25 15:08:36    F728E7E9937117E0F32F39840EB6D737    4299264    ----a-w-    C:\Windows\SysWOW64\jscript9.dll
2014-12-25 15:08:36    41AFA61E061E98E97272AC02184C8C2C    710144    ----a-w-    C:\Windows\SysWOW64\ieapfltr.dll
2014-12-25 15:08:35    5E4E0E43E0A5BF9F089696DFA7A3D677    1888256    ----a-w-    C:\Windows\SysWOW64\wininet.dll
2014-12-25 15:08:30    C6941899E6B0A1893D2D5A89241A43B6    661504    ----a-w-    C:\Windows\SysWOW64\jscript.dll
2014-12-25 15:08:30    98F2784FC4A4A80CE20016C6281834EE    880128    ----a-w-    C:\Windows\SysWOW64\inetcomm.dll
2014-12-25 15:08:30    37F078B5B435AFC6BF316F2AD14B469A    501248    ----a-w-    C:\Windows\SysWOW64\vbscript.dll
2014-12-25 15:08:29    FCAF49AE2E10EF3823262D10E7F2D0DE    60416    ----a-w-    C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-25 15:08:28    EF7A48E5955736BEECF0B0ABB478E90E    478208    ----a-w-    C:\Windows\SysWOW64\ieui.dll
2014-12-25 15:08:28    BE5EDCACB9E83C3695F650094367740C    99328    ----a-w-    C:\Windows\SysWOW64\hlink.dll
2014-12-25 15:08:28    86181845803967FC51B64119E80FC18C    340992    ----a-w-    C:\Windows\SysWOW64\html.iec
2014-12-25 15:08:28    476900A8699F5C3D954ADD4A35D33F89    230400    ----a-w-    C:\Windows\SysWOW64\webcheck.dll
2014-12-25 15:08:28    236AD481F1632F4CE7E9835FFD4AF41D    168960    ----a-w-    C:\Windows\SysWOW64\msrating.dll
2014-12-25 15:08:27    ED5A4451A1A2777C6C5DB4238FD09078    115712    ----a-w-    C:\Windows\SysWOW64\ieUnatt.exe
2014-12-25 15:08:27    DCFF6E5356CFF5B50BBA0FAAE01A0412    90624    ----a-w-    C:\Windows\SysWOW64\iesysprep.dll
2014-12-25 15:08:27    615D259116D1B331911CE28C8CD1CCF3    73216    ----a-w-    C:\Windows\SysWOW64\tdc.ocx
2014-12-25 15:08:27    1D391C687102569FD1EA154F0C1A4CE8    91136    ----a-w-    C:\Windows\SysWOW64\inseng.dll
2014-12-25 15:08:27    0E4D9A13C7C6C8FC3ACCF1C8C28DE200    128000    ----a-w-    C:\Windows\SysWOW64\iepeers.dll
2014-12-25 15:08:26    FC51834D5057B9D7847666AE88BC981C    130048    ----a-w-    C:\Windows\SysWOW64\occache.dll
2014-12-25 15:08:26    F1313045CDCBBC4C90C34AEF67CEE088    112128    ----a-w-    C:\Windows\SysWOW64\IEAdvpack.dll
2014-12-25 15:08:26    EF7B7299A1D6604AD3CA2CE1BEF8C8F3    30720    ----a-w-    C:\Windows\SysWOW64\iernonce.dll
2014-12-25 15:08:26    A66A88FFE53BBB9DDAACE0110A8232EC    137728    ----a-w-    C:\Windows\SysWOW64\wextract.exe
2014-12-25 15:08:26    8D1E12756ED6F1FDB026AD3CF264F90C    40448    ----a-w-    C:\Windows\SysWOW64\imgutil.dll
2014-12-25 15:08:26    59607FB7C6B84860CE2D1C5F7C57E052    47616    ----a-w-    C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-25 15:08:26    3C544C566EE7091AC52D4D9156C62687    235520    ----a-w-    C:\Windows\SysWOW64\url.dll
2014-12-25 15:08:26    316280CC22CBB15271A91D83CDFB73C3    27136    ----a-w-    C:\Windows\SysWOW64\licmgr10.dll
2014-12-25 15:08:26    29CED1A4777A43526A4ED8A7B6936883    64000    ----a-w-    C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-25 15:08:26    26F4BDB6EA83011885E217A51A4A3E68    62464    ----a-w-    C:\Windows\SysWOW64\iesetup.dll
2014-12-25 15:08:26    159199095C9959BE75E61C0FF947708F    152064    ----a-w-    C:\Windows\SysWOW64\iexpress.exe
2014-12-25 15:08:26    0FEEFF4B96CA5972121F59525142A14E    52736    ----a-w-    C:\Windows\SysWOW64\msfeedsbs.dll
2014-12-25 15:08:26    0812A503FF349D1DCEEB820B2E4FEE15    57344    ----a-w-    C:\Windows\SysWOW64\pngfilt.dll
2014-12-25 15:08:26    02FF387F6228169EDDCB41F5E4B1A4E4    47104    ----a-w-    C:\Windows\SysWOW64\jsproxy.dll
2014-12-25 15:08:25    3FA76B67F25D84B3C2A4E8A8C0919E6E    12800    ----a-w-    C:\Windows\SysWOW64\mshta.exe
2014-12-25 15:08:25    1BD4CD20A25B4A3A5F7BAAC25E9D9202    11264    ----a-w-    C:\Windows\SysWOW64\msfeedssync.exe
2014-12-25 15:08:16    66F97677CC13F7B9E2408CC75750A389    208896    ----a-w-    C:\Windows\SysWOW64\pku2u.dll
2014-12-25 15:08:16    4CD4C8D34213975444643A5F9594E363    806400    ----a-w-    C:\Windows\SysWOW64\kerberos.dll
2014-12-25 15:08:13    1FB4389CA807D59B105B0827FCC8F768    11820544    ----a-w-    C:\Windows\SysWOW64\twinui.dll
2014-12-25 15:08:12    CA23E168518460519DC8D49EC6AD9550    18723112    ----a-w-    C:\Windows\SysWOW64\shell32.dll
2014-12-25 15:08:03    1793FC07D568C930C04F9FF40FFF9A69    799744    ----a-w-    C:\Windows\SysWOW64\MFMediaEngine.dll
2014-12-25 15:08:02    CDB3123A2ABB34B830224B986568F4D4    626688    ----a-w-    C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-25 15:08:02    0EEE3F2278E447498B2CDBDF34C63C91    670384    ----a-w-    C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-12-25 15:08:00    C1AD30D5E28B4291D4A16BC6944ABC0C    2030592    ----a-w-    C:\Windows\SysWOW64\WsmSvc.dll
2014-12-25 15:08:00    A208DEE0CD61E24817C26D5A05503DA7    334336    ----a-w-    C:\Windows\SysWOW64\puiobj.dll
2014-12-25 15:08:00    710A55B8443155F1FF09E07C2E44D79D    200192    ----a-w-    C:\Windows\SysWOW64\DafPrintProvider.dll
2014-12-25 15:07:59    A0E20B50D66FDF786BC2324499F7C482    195584    ----a-w-    C:\Windows\SysWOW64\prnntfy.dll
2014-12-25 15:07:59    558838A9A51259F3E76030E3E997A72A    162816    ----a-w-    C:\Windows\SysWOW64\puiapi.dll
2014-12-25 15:07:58    46C1902654FF54C835E4C4E8C14B7F2A    239104    ----a-w-    C:\Windows\SysWOW64\FXSAPI.dll
2014-12-25 15:07:58    17FC09725FEE2546B96A938288509719    485376    ----a-w-    C:\Windows\SysWOW64\untfs.dll
2014-12-25 15:07:16    4C48253C6A21CCEBA071B58A5CDF17C1    875688    ----a-w-    C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-12-25 15:06:36    4B7FA0A3D7B9D316BC6B2A409701E47D    828928    ----a-w-    C:\Windows\SysWOW64\twinui.appcore.dll
2014-12-23 23:48:36    7753FC56F9CAC4B5AFDA3196DB654F21    144664    ----a-w-    C:\Windows\SysWOW64\secman.dll
 

Link to post
Share on other sites

====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-02 17:20:53    B1202AEAD557FCAB4B326D11A47D0A60    87600    ----a-w-    C:\Windows\Sysnative\cpwmon64.dll
2014-12-26 14:24:35    49EEC8569BF200C95A38D00766AFB830    16874496    ----a-w-    C:\Windows\Sysnative\Windows.UI.Xaml.dll
2014-12-26 14:24:18    CC59B18DEC31120F9957ABA55EC49FAC    2389504    ----a-w-    C:\Windows\Sysnative\d3d10warp.dll
2014-12-26 14:24:12    AD3137A754F60D369C176EF4DD5084A0    2141920    ----a-w-    C:\Windows\Sysnative\mfcore.dll
2014-12-26 14:24:09    69DB09F0263C637DA8568D404842466A    1261056    ----a-w-    C:\Windows\Sysnative\gpsvc.dll
2014-12-26 14:24:08    61BF52E9FFAB27A0B6D621BE26088373    1600000    ----a-w-    C:\Windows\Sysnative\workfolderssvc.dll
2014-12-26 14:24:08    3F5EF31C6AA204B099EE76497DF80A26    1532416    ----a-w-    C:\Windows\Sysnative\wlansvc.dll
2014-12-26 14:24:06    11FA35E24D76F62BD3E64D43B12656EF    1231872    ----a-w-    C:\Windows\Sysnative\Windows.Media.dll
2014-12-26 14:24:00    AEAD37FA03D6E90638D8A4DC30E50408    2050560    ----a-w-    C:\Windows\Sysnative\SRH.dll
2014-12-26 14:24:00    8200B4C323229AA1F47C87EB37207E36    2574208    ----a-w-    C:\Windows\Sysnative\WMVDECOD.DLL
2014-12-26 14:24:00    17E700D2F6671196D0512BF806BB6435    1182208    ----a-w-    C:\Windows\Sysnative\printui.dll
2014-12-26 14:23:59    D24002EB2F4A8A04897703067E81CC5D    3465216    ----a-w-    C:\Windows\Sysnative\wuaueng.dll
2014-12-26 14:23:57    A9C015F01499761908DE61F172FAF65D    486744    ----a-w-    C:\Windows\Sysnative\netcfgx.dll
2014-12-26 14:23:57    4301A4D673F1ACB195C4F30B306B70B9    1992192    ----a-w-    C:\Windows\Sysnative\XpsPrint.dll
2014-12-26 14:23:55    B2C26168E74EA51BF65518A309B08C19    770048    ----a-w-    C:\Windows\Sysnative\WorkfoldersControl.dll
2014-12-26 14:23:55    0A7F97DE49DB63E01CBCA067F4DA7AB8    544768    ----a-w-    C:\Windows\Sysnative\AppxPackaging.dll
2014-12-26 14:23:54    BF6897E960C08E9FDD41B80726C61C2F    371200    ----a-w-    C:\Windows\Sysnative\wlanmsm.dll
2014-12-26 14:23:52    793EACA6BAE9F481C2059BCB3743EB4A    324096    ----a-w-    C:\Windows\Sysnative\srvsvc.dll
2014-12-26 14:23:52    42FEA9E0BA9761D9E65A4F167D91515B    795136    ----a-w-    C:\Windows\Sysnative\spoolsv.exe
2014-12-26 14:23:51    79EFAEE6FBD8ABC066B944E1A7A605BB    645592    ----a-w-    C:\Windows\Sysnative\SHCore.dll
2014-12-26 14:23:51    3C120DEE84D42246A17A917B2B934A36    513544    ----a-w-    C:\Windows\Sysnative\locale.nls
2014-12-26 14:23:50    7740658736BD07FC121EACB3CA7C9194    2397184    ----a-w-    C:\Windows\Sysnative\storagewmi.dll
2014-12-26 14:23:49    FF1CB6C5D9288DAAA0DADAD6B1E35085    205512    ----a-w-    C:\Windows\Sysnative\mftranscode.dll
2014-12-26 14:23:49    C40DE04CE3A8905EB8048B5CE0951DF0    882136    ----a-w-    C:\Windows\Sysnative\mfplat.dll
2014-12-26 14:23:47    D0AD65EE089F735BF546ABFE28D192C0    621056    ----a-w-    C:\Windows\Sysnative\comdlg32.dll
2014-12-26 14:23:44    0FA02FD5BEF2B8FBA63B40746360E9C6    828416    ----a-w-    C:\Windows\Sysnative\wuapi.dll
2014-12-26 14:23:42    D01BA613D268DAD03DD32A0DC5FD24DF    287232    ----a-w-    C:\Windows\Sysnative\usbmon.dll
2014-12-26 14:23:41    40CC457FB140B509B50F96DAD9D8F80B    1660048    ----a-w-    C:\Windows\Sysnative\winload.efi
2014-12-26 14:23:40    70696A95F26778CFCB106ECEAA40F4D9    1519560    ----a-w-    C:\Windows\Sysnative\winload.exe
2014-12-26 14:23:38    D249C3A58A4FCF755EF4C94F7047E015    449536    ----a-w-    C:\Windows\Sysnative\defragsvc.dll
2014-12-26 14:23:38    835261C17478103B73F4FFB8454AF849    268288    ----a-w-    C:\Windows\Sysnative\wisp.dll
2014-12-26 14:23:37    C80D4D7AF450F7CAD615FF1D7B40D7AD    1488008    ----a-w-    C:\Windows\Sysnative\winresume.efi
2014-12-26 14:23:37    5B6B32E83E371739B13AA67E260DC5C4    487936    ----a-w-    C:\Windows\Sysnative\winspool.drv
2014-12-26 14:23:36    A4CF0D2FF18BF8D128389AF26410FD8B    1018368    ----a-w-    C:\Windows\Sysnative\aclui.dll
2014-12-26 14:23:35    FE7E47BE6E0D9EF4F24D81381A829CEC    1463808    ----a-w-    C:\Windows\Sysnative\wsecedit.dll
2014-12-26 14:23:35    3663F0BB881A16A689F33A21C1A3C76B    1356840    ----a-w-    C:\Windows\Sysnative\winresume.exe
2014-12-26 14:23:34    8DC2979BC54C585BA5A4C9E6FABCD1B4    360480    ----a-w-    C:\Windows\Sysnative\mfreadwrite.dll
2014-12-26 14:23:33    9D50C0B29FB20DF0A8FD197B332894B7    160600    ----a-w-    C:\Windows\Sysnative\winmmbase.dll
2014-12-26 14:23:33    693CC2794DEFB8493ABFF68D509DACC4    127488    ----a-w-    C:\Windows\Sysnative\WiFiDisplay.dll
2014-12-26 14:23:33    618A19EB31ECA7B7F2AA0207BAF598A5    84480    ----a-w-    C:\Windows\Sysnative\wpdbusenum.dll
2014-12-26 14:23:32    EA10272605422080EE2FAB142A75120D    356864    ----a-w-    C:\Windows\Sysnative\conhost.exe
2014-12-26 14:23:31    CD8CA57C36E596875865F451393C7C66    576512    ----a-w-    C:\Windows\Sysnative\SettingSync.dll
2014-12-26 14:23:31    793DE7C6B82804D5973C43484F527849    117248    ----a-w-    C:\Windows\Sysnative\AppxSip.dll
2014-12-26 14:23:31    1C683FB45C6CE0BB8A74BB0B1392599D    505344    ----a-w-    C:\Windows\Sysnative\VAN.dll
2014-12-26 14:23:30    F8A869262251B011A21DEC79AC1F3F5D    1844224    ----a-w-    C:\Windows\Sysnative\Display.dll
2014-12-26 14:23:30    D62B6C0A254EADB94C138600E6DB6048    388608    ----a-w-    C:\Windows\Sysnative\WUSettingsProvider.dll
2014-12-26 14:23:30    8EE8CA953542A8E70A841C453BC15196    427008    ----a-w-    C:\Windows\Sysnative\clusapi.dll
2014-12-26 14:23:30    2C38FF9DE23A3BB335A95099622AB603    65536    ----a-w-    C:\Windows\Sysnative\WorkFoldersGPExt.dll
2014-12-26 14:23:29    9A3AF816758D144B097AE477D99F7D79    834560    ----a-w-    C:\Windows\Sysnative\osk.exe
2014-12-26 14:23:29    02FE7859AD2DEAD7E9E3C7BF5F484204    211216    ----a-w-    C:\Windows\Sysnative\SndVol.exe
2014-12-26 14:23:25    504DDEF8526CECAAD886D5AC5656DF1A    387896    ----a-w-    C:\Windows\Sysnative\bcryptprimitives.dll
2014-12-26 14:23:24    83E7C4DA3BF4A21C3F809A506245CAEF    233888    ----a-w-    C:\Windows\Sysnative\mfps.dll
2014-12-26 14:23:22    CCC106273D4265A9091AA7B619DCC5DA    595456    ----a-w-    C:\Windows\Sysnative\Windows.Networking.dll
2014-12-26 14:23:22    A6CB3CBF88DF671AC85FA9AABC33137F    125472    ----a-w-    C:\Windows\Sysnative\dwmapi.dll
2014-12-26 14:23:22    7DEAD28D8FB9BCAE4A153A57338315E7    123920    ----a-w-    C:\Windows\Sysnative\winmm.dll
2014-12-26 14:23:22    1922AAE64BCD761A0377F6981FC67736    721408    ----a-w-    C:\Windows\Sysnative\twinapi.dll
2014-12-26 14:23:21    20657ACF2AE5B2E25EEFC597A34AFDED    1705472    ----a-w-    C:\Windows\Sysnative\wucltux.dll
2014-12-26 14:23:21    1A5835F2E6B49A83F0AEAD17B4537AF7    1656832    ----a-w-    C:\Windows\Sysnative\GdiPlus.dll
2014-12-26 14:23:20    97F24AEACAD9C9038BEC5B2BA1ADA94C    187392    ----a-w-    C:\Windows\Sysnative\WorkFoldersShell.dll
2014-12-26 14:23:19    FD807B56AECFD89E4A46960C261D78BF    1089024    ----a-w-    C:\Windows\Sysnative\gpedit.dll
2014-12-26 14:23:18    EF1F8B57323E5D3FC6A0A25F98F90DBC    220160    ----a-w-    C:\Windows\Sysnative\profsvc.dll
2014-12-26 14:23:18    572EBBCDBBA56736F4C0B5487AE7BFA5    220160    ----a-w-    C:\Windows\Sysnative\iasnap.dll
2014-12-26 14:23:17    91B18D7A1702ED589E67C6C81052B955    226816    ----a-w-    C:\Windows\Sysnative\WebClnt.dll
2014-12-26 14:23:15    CCD0DF268D9C9F5287B66565B4258FD6    59392    ----a-w-    C:\Windows\Sysnative\wups.dll
2014-12-26 14:23:15    0A3E1B697F6ACB7BC1C898DC14A96EC7    1287680    ----a-w-    C:\Windows\Sysnative\mispace.dll
2014-12-26 14:23:12    FA86C3F979EF9CCCCED109B05DEBDD46    432640    ----a-w-    C:\Windows\Sysnative\wwanconn.dll
2014-12-26 14:23:12    6ECFFE49AA43A74DC15701EFE6355621    92160    ----a-w-    C:\Windows\Sysnative\dab.dll
2014-12-26 14:23:12    31C2E53FE0C039C1BF0F15154D8596E7    53248    ----a-w-    C:\Windows\Sysnative\AppxSysprep.dll
2014-12-26 14:23:12    2B1C2CB5C97962C521CD806F0C86D2FE    102912    ----a-w-    C:\Windows\Sysnative\wcmcsp.dll
2014-12-26 14:23:12    28E8D340402C130427F2901004B7FA99    321536    ----a-w-    C:\Windows\Sysnative\stobject.dll
2014-12-26 14:23:12    0AB5085FE30F8F6942A2126BCFC1A606    263400    ----a-w-    C:\Windows\Sysnative\SystemSettingsAdminFlows.exe
2014-12-26 14:23:11    3AB9868E0E78AD9CD501B83D7C293125    54752    ----a-w-    C:\Windows\Sysnative\wuauclt.exe
2014-12-26 14:23:10    B540693968BCA57F595A7B08DB4B46C3    216368    ----a-w-    C:\Windows\Sysnative\rsaenh.dll
2014-12-26 14:23:10    53F4FC66B94804BBF2016922CD826891    878592    ----a-w-    C:\Windows\Sysnative\ActionCenter.dll
2014-12-26 14:23:09    AEDF08DDF4EA929FEDBC0A1CCF01F287    296960    ----a-w-    C:\Windows\Sysnative\wlanapi.dll
2014-12-26 14:23:06    1E01725D557B5325E8C99F712E7D4A7E    50688    ----a-w-    C:\Windows\Sysnative\wups2.dll
2014-12-26 14:23:05    69AF7212845FFCD0AA1F0FC5D51FB809    63488    ----a-w-    C:\Windows\Sysnative\wshbth.dll
2014-12-26 14:23:03    A7762A36F92E57E41B0356EF5C672473    659968    ----a-w-    C:\Windows\Sysnative\Windows.Devices.Bluetooth.dll
2014-12-26 14:23:03    3A80675FF8524B09817000B6A2E35B7A    18432    ----a-w-    C:\Windows\Sysnative\wlansvcpal.dll
2014-12-26 14:23:03    041A999E4FF9A7CDBE67357751881FB8    134144    ----a-w-    C:\Windows\Sysnative\browser.dll
2014-12-26 14:23:02    EB2BB6EC7AEBBDD04FAB8E8D6FCEDAA6    183808    ----a-w-    C:\Windows\Sysnative\Defrag.exe
2014-12-26 14:23:02    CB9CEAB473897BE1E8C827D4F4EB1311    207360    ----a-w-    C:\Windows\Sysnative\powercfg.cpl
2014-12-26 14:23:01    2067AF0531ACD5D28BD49DB30DF109CE    8192    ----a-w-    C:\Windows\Sysnative\KBDRUM.DLL
2014-12-26 14:22:59    6A9650BDC13F1A770F20E7B99D29EE3D    6656    ----a-w-    C:\Windows\Sysnative\KBDRU.DLL
2014-12-26 14:22:59    454A0735E836FBC31C064FED6C120B46    7168    ----a-w-    C:\Windows\Sysnative\KBDRU1.DLL
2014-12-26 14:22:59    3429360674DA1E70F638924A6D5985CC    7168    ----a-w-    C:\Windows\Sysnative\KBDYAK.DLL
2014-12-26 14:22:59    0AC5A816A01D0115588D4B997842780E    7168    ----a-w-    C:\Windows\Sysnative\KBDBASH.DLL
2014-12-26 14:22:58    A4DE7868879498A4E4CBB12788FAA3E8    105472    ----a-w-    C:\Windows\Sysnative\BluetoothApis.dll
2014-12-26 14:22:54    997E5E28492F02036E5C7BA6DB66ABDC    7168    ----a-w-    C:\Windows\Sysnative\KBDTAT.DLL
2014-12-26 14:22:54    933C63C9003379F56BA4AF4149440FC8    226304    ----a-w-    C:\Windows\Sysnative\SndVolSSO.dll
2014-12-26 14:22:54    4F6203CBBEFB9FBFA859246682849A24    1144320    ----a-w-    C:\Windows\Sysnative\wwanmm.dll
2014-12-26 14:22:52    A5141DD172927F04732F5B6BFBE49C15    443904    ----a-w-    C:\Windows\Sysnative\wlansec.dll
2014-12-26 14:22:51    B279922BCFD0E178068B159D85C5CDBE    2100736    ----a-w-    C:\Windows\Sysnative\SystemSettingsAdminFlowUI.dll
2014-12-26 14:22:50    D8683834163E00E252CAC57BB6025036    93696    ----a-w-    C:\Windows\Sysnative\wudriver.dll
2014-12-26 14:22:49    68270DE9415C8F8139242D38417B49BE    7168    ----a-w-    C:\Windows\Sysnative\KBDTT102.DLL
2014-12-26 10:28:08    A6D61CD951FB0057933FD2D2D8CDBC0B    112710672    ----a-w-    C:\Windows\Sysnative\MRT.exe
2014-12-25 23:50:33    A86AC71927A43009053573288ABCDBE1    2833112    ----a-w-    C:\Windows\Sysnative\RtPgEx64.dll
2014-12-25 23:50:31    B207B16C832F24D105F659CE0E9BA40D    1022168    ----a-w-    C:\Windows\Sysnative\RtkApi64.dll
2014-12-25 23:50:31    623E65A199555DDF81BBE723D60500B4    628952    ----a-w-    C:\Windows\Sysnative\RtDataProc64.dll
2014-12-25 23:50:27    F3ED09B3F2D930022B3E470BACB686DA    2797784    ----a-w-    C:\Windows\Sysnative\RltkAPO64.dll
2014-12-25 23:50:21    5D263FF1B4BA4D67A6BFEFE3FB52EE15    948440    ----a-w-    C:\Windows\Sysnative\RCoInstII64.dll
2014-12-25 23:50:21    41A63DCA824739CD7050F5F5B4CA7FFA    58487808    ----a-w-    C:\Windows\Sysnative\RCoRes64.dat
2014-12-25 23:23:51    DD4B1773CB86ECC2476AEEDDFA7CEFF3    110080    ----a-w-    C:\Windows\Sysnative\DelayAPO.dll
2014-12-25 23:23:35    4A73F582CEAE065C7049D7D79FE4355D    98816    ----a-w-    C:\Windows\Sysnative\OpenVideo64.dll
2014-12-25 23:23:35    395411C4AC60842911CB6487B1EF78C8    86528    ----a-w-    C:\Windows\Sysnative\OVDecode64.dll
2014-12-25 23:23:33    DBF2DA0741A22356B69521CA3378A0F1    230912    ----a-w-    C:\Windows\Sysnative\clinfo.exe
2014-12-25 23:23:33    DA82B8DCC0213D1076147C48212F4A0F    234804    ----a-w-    C:\Windows\Sysnative\ativvaxy_cik.dat
2014-12-25 23:23:33    A70A8C050E01EEE771B6F84BA020F374    233008    ----a-w-    C:\Windows\Sysnative\ativvaxy_cik_nd.dat
2014-12-25 23:23:33    6EDCDF536DED4B0852118432A0336D01    826368    ----a-w-    C:\Windows\Sysnative\coinst_13.352.dll
2014-12-25 23:23:33    5E40164F011CB1CBC87231FF835E37E1    3437632    ----a-w-    C:\Windows\Sysnative\atiumd6a.cap
2014-12-25 23:23:33    599530DDCDE1BF977D53BD9272279F0F    38544    ----a-w-    C:\Windows\Sysnative\kapp_si.sbin
2014-12-25 23:23:33    1457F8EABE03B099F0E904EACFF4EBC0    190976    ----a-w-    C:\Windows\Sysnative\atitmm64.dll
2014-12-25 23:23:33    0DA265AB9BD5EC07792D20048E2093B9    82112    ----a-w-    C:\Windows\Sysnative\ativce02.dat
2014-12-25 23:23:33    01A59B8A463C943ECBC7A0A020A2EE56    42544    ----a-w-    C:\Windows\Sysnative\kapp_ci.sbin
2014-12-25 23:23:32    C580A5825847C97D55D7445272DDF2F7    89088    ----a-w-    C:\Windows\Sysnative\atisamu64.dll
2014-12-25 23:23:32    5806986926FDCE163C650EC198C0E637    27186176    ----a-w-    C:\Windows\Sysnative\atio6axx.dll
2014-12-25 23:23:31    F764D40E591EA74DD31C30C38B40FB79    31232    ----a-w-    C:\Windows\Sysnative\atimuixx.dll
2014-12-25 23:23:31    1D0F4D31E9C9408F05717337482F4BF8    78432    ----a-w-    C:\Windows\Sysnative\atimpc64.dll
2014-12-25 23:23:29    A335F8D3600DDCEBAB2373FAEC1DE388    442368    ----a-w-    C:\Windows\Sysnative\atidemgy.dll
2014-12-25 23:23:29    A05B477EB8C3D419EE68F6BB91BD045A    69632    ----a-w-    C:\Windows\Sysnative\atiglpxx.dll
2014-12-25 23:23:29    79CE6B29CE0F7856C5EA549E6B03BDD3    75264    ----a-w-    C:\Windows\Sysnative\atig6pxx.dll
2014-12-25 23:23:29    75D17E8C4040BADCF83FEF15CDC587DF    586240    ----a-w-    C:\Windows\Sysnative\atieclxx.exe
2014-12-25 23:23:29    3B1FFE3DBB343C78AE21492E22B20EDF    62464    ----a-w-    C:\Windows\Sysnative\aticalrt64.dll
2014-12-25 23:23:29    1EBCFCD3A7852A6D7E109C3A45000F8F    240128    ----a-w-    C:\Windows\Sysnative\atiesrxx.exe
2014-12-25 23:23:28    FE2CF716EEF3E7729617D28CD14033C7    372736    ----a-w-    C:\Windows\Sysnative\atiapfxx.exe
2014-12-25 23:23:28    F2042764C9625529A2E1F6A76A7185AB    65024    ----a-w-    C:\Windows\Sysnative\OpenCL.dll
2014-12-25 23:23:28    6BD9080EE785D101B7C13D7DA61B9E04    588464    ----a-w-    C:\Windows\Sysnative\atiapfxx.blb
2014-12-25 23:23:28    56E44C6CC9DA3E69B85FF0FD1CBEC40D    15716352    ----a-w-    C:\Windows\Sysnative\aticaldd64.dll
2014-12-25 23:23:28    31AE64F3828CDCD0E2AF1CB1116A5833    55808    ----a-w-    C:\Windows\Sysnative\aticalcl64.dll
2014-12-25 23:23:27    97A06638B0BA55ED52CBDED299BE4A02    415232    ----a-w-    C:\Windows\Sysnative\amdmiracast.dll
2014-12-25 23:23:27    25C6175958F1F0561800394F349BBB61    78432    ----a-w-    C:\Windows\Sysnative\amdpcom64.dll
2014-12-25 23:23:27    033850A44D94575ED6F04A6A9B430FA8    44544    ----a-w-    C:\Windows\Sysnative\amdmmcl6.dll
2014-12-25 23:23:25    FC3179CDDB758C42EFF9F6E1C661B7E6    95744    ----a-w-    C:\Windows\Sysnative\amdave64.dll
2014-12-25 23:23:25    D78F4D58864AF9DF77DB9CE3F49AE161    127872    ----a-w-    C:\Windows\Sysnative\amdhcp64.dll
2014-12-25 23:23:25    B40DDF25F6E3B4234117B3355A8EA994    134144    ----a-w-    C:\Windows\Sysnative\amdhdl64.dll
2014-12-25 23:23:14    C87EFDB561C3C7ED2BEAE33CE5BA18B2    120320    ----a-w-    C:\Windows\Sysnative\tbaseregistry64.dll
2014-12-25 23:23:13    A52FB3A4F1CE56CB18E25E01180F458F    77824    ----a-w-    C:\Windows\Sysnative\amdumcsp.dll
2014-12-25 23:23:13    A0705D9136DD8420D382E05BA2279BF1    16384    ----a-w-    C:\Windows\Sysnative\t-base_client_api.dll
2014-12-25 23:23:13    2B017D5460E635311F66224CF2403B67    102400    ----a-w-    C:\Windows\Sysnative\pspcoins.dll
2014-12-25 23:19:44    E09BF40AA766B183F0F385C96B37D9E5    299520    ----a-w-    C:\Windows\Sysnative\WSDMon.dll
2014-12-25 23:19:44    DA947D89F64B72A40F678AAAE76F7564    205824    ----a-w-    C:\Windows\Sysnative\tcpmon.dll
2014-12-25 23:19:40    F0A117D19873FCDF801F082F33BFBB6C    1519488    ----a-w-    C:\Windows\Sysnative\user32.dll
2014-12-25 23:19:38    668417ED63F9FBE7DD8D7A54B04279DA    14336    ----a-w-    C:\Windows\Sysnative\winshfhc.dll
2014-12-25 15:22:33    F0CE4A653EEBA09509EAF93AE2226FA9    426496    ----a-w-    C:\Windows\Sysnative\schannel.dll
2014-12-25 15:22:33    6DE50D5592C6EE18C87B0C2EEEDC1621    185856    ----a-w-    C:\Windows\Sysnative\dpapisrv.dll
2014-12-25 15:22:32    622928F5A8045F8122F10561D6C35ED0    104336    ----a-w-    C:\Windows\Sysnative\ncryptsslp.dll
2014-12-25 15:20:45    59EAFAE3A34B4925990A2E679CA91C5B    517528    ----a-w-    C:\Windows\Sysnative\dxgi.dll
2014-12-25 15:20:44    454978FB3D24DE5C4199162D5F81FBEE    2133504    ----a-w-    C:\Windows\Sysnative\dwmcore.dll
2014-12-25 15:19:40    1BB9CC78C91536CBA7B04B61ED0F85C4    1273184    ----a-w-    C:\Windows\Sysnative\rpcrt4.dll
2014-12-25 15:13:17    949E590B76018E4523FC71CE510ED9ED    1441792    ----a-w-    C:\Windows\Sysnative\lsasrv.dll
2014-12-25 15:13:17    1D25CC0A9C480C5D56A5A6CF2B5DEB99    3547648    ----a-w-    C:\Windows\Sysnative\rdpcorets.dll
2014-12-25 15:13:16    91E59FCB3B32DD84E5DCDA2EA1583807    736768    ----a-w-    C:\Windows\Sysnative\adtschema.dll
2014-12-25 15:13:16    488CEA4F1B4D2446FFB7A94E3CB385FE    445440    ----a-w-    C:\Windows\Sysnative\certcli.dll
2014-12-25 15:13:15    D7B23B3154508256C9F434EF9B65B91D    131584    ----a-w-    C:\Windows\Sysnative\rdpudd.dll
2014-12-25 15:13:15    A8484FB640E044858BA19FB4F13DD4CE    154112    ----a-w-    C:\Windows\Sysnative\msaudite.dll
2014-12-25 15:13:15    3D2D2EA099D98FE6B94C7D8C7992C08C    40448    ----a-w-    C:\Windows\Sysnative\rfxvmt.dll
2014-12-25 15:12:13    87CEF71F9D5951C9379D2F956C07C37D    1336624    ----a-w-    C:\Windows\Sysnative\gdi32.dll
2014-12-25 15:12:11    E7DE316FEEFC79327CFAD8F527979CC0    3118080    ----a-w-    C:\Windows\Sysnative\Wpc.dll
2014-12-25 15:12:11    E2F4125BFAC99244088324A1841C0B83    3048880    ----a-w-    C:\Windows\Sysnative\WpcMon.exe
2014-12-25 15:12:10    6BC31FB4E24A962C98801D3687A984C0    2861056    ----a-w-    C:\Windows\Sysnative\WpcWebSync.dll
2014-12-25 15:12:06    00CD1254837739E310505EBCB19F7971    796672    ----a-w-    C:\Windows\Sysnative\uDWM.dll
2014-12-25 15:12:01    04AE20974DF91DC7B9075FC5A126B77C    68096    ----a-w-    C:\Windows\Sysnative\UXInit.dll
2014-12-25 15:11:58    A00B916CD6A67984257DC53052350219    2646016    ----a-w-    C:\Windows\Sysnative\authui.dll
2014-12-25 15:11:57    7667B9D81EA8FD6540E6CF72F92161A6    109568    ----a-w-    C:\Windows\Sysnative\appinfo.dll
2014-12-25 15:11:57    5DAA60A74D178525DC6ACF53ABE343D6    2779136    ----a-w-    C:\Windows\Sysnative\msi.dll
2014-12-25 15:11:57    10D8859CF01C1284603582ABD9B0482C    114520    ----a-w-    C:\Windows\Sysnative\consent.exe
2014-12-25 15:11:57    08914C8989AB93F5EC3A452D014E2C8D    356352    ----a-w-    C:\Windows\Sysnative\msihnd.dll
2014-12-25 15:11:34    30293301B14D0D11D086B09831F5FE0D    920064    ----a-w-    C:\Windows\Sysnative\WSShared.dll
2014-12-25 15:11:32    3014CE5846A486C624E3E2CEB8C3290C    286208    ----a-w-    C:\Windows\Sysnative\SkyDriveShell.dll
2014-12-25 15:11:27    66CBCDDEF429E5BA83C3288EEB0771A6    717824    ----a-w-    C:\Windows\Sysnative\SkyDriveTelemetry.dll
2014-12-25 15:11:27    57CA779C19C2F224BE0C5EFC40F54B60    4758528    ----a-w-    C:\Windows\Sysnative\SyncEngine.dll
2014-12-25 15:11:27    1676B06421492B439A9E60C55692A921    8757760    ----a-w-    C:\Windows\Sysnative\Windows.UI.Search.dll
2014-12-25 15:11:25    8A522BBE4E06586C57E5D9DC50FB88B0    6649344    ----a-w-    C:\Windows\Sysnative\mstscax.dll
2014-12-25 15:11:23    F58FBEA392B663B936E62939A877CA80    1120768    ----a-w-    C:\Windows\Sysnative\SkyDrive.exe
2014-12-25 15:11:23    37C1CBCB3F420C754E86E3EC313D436D    1112512    ----a-w-    C:\Windows\Sysnative\KernelBase.dll
2014-12-25 15:11:21    5053FE9043FB84D71B04EFC7D5DA13CF    1710184    ----a-w-    C:\Windows\Sysnative\ntdll.dll
2014-12-25 15:11:21    2ECA23663D13100032E09062C743C70D    1507648    ----a-w-    C:\Windows\Sysnative\propsys.dll
2014-12-25 15:11:21    10CE7F7704E293F6CC6E0AF51DBFD95A    1106432    ----a-w-    C:\Windows\Sysnative\SearchFolder.dll
2014-12-25 15:11:20    ACFEE9487693C2BD573DFCA71D98E17C    914432    ----a-w-    C:\Windows\Sysnative\iphlpsvc.dll
2014-12-25 15:11:20    ABB028BAB78E7B4AFE374F8246F6CCB6    359424    ----a-w-    C:\Windows\Sysnative\Wldap32.dll
2014-12-25 15:11:19    FD4EA8E9232ADD51DC31C295DDEF2768    287744    ----a-w-    C:\Windows\Sysnative\SystemEventsBrokerServer.dll
2014-12-25 15:11:18    E325BCD68EC0CF2E2EDD0AB7CC17C698    267776    ----a-w-    C:\Windows\Sysnative\bisrv.dll
2014-12-25 15:11:18    0DD29E5328436D51517316CD6D3BACCA    286208    ----a-w-    C:\Windows\Sysnative\pcsvDevice.dll
2014-12-25 15:11:17    73F269436228D5625E83A1EAF3549F58    118272    ----a-w-    C:\Windows\Sysnative\httpprxm.dll
2014-12-25 15:11:17    5D4A403DAE434FBA11779496EAFBDDE8    75776    ----a-w-    C:\Windows\Sysnative\adhsvc.dll
2014-12-25 15:11:17    36F977EDAE6CEE96CE6409B2B16765B4    290816    ----a-w-    C:\Windows\Sysnative\ProximityService.dll
2014-12-25 15:11:17    0B1A9F6F9D2891C0F8783C0444D27DD0    1057280    ----a-w-    C:\Windows\Sysnative\rdvidcrl.dll
2014-12-25 15:11:04    9A108C0A3092110F4651B3AFB9CC7B3D    789184    ----a-w-    C:\Windows\Sysnative\oleaut32.dll
2014-12-25 15:10:42    D3AE5DB16EAF913860EC28654CE00E6B    1212928    ----a-w-    C:\Windows\Sysnative\schedsvc.dll
2014-12-25 15:10:42    25EE65F2FA154EDED0E87354311FB1E2    590336    ----a-w-    C:\Windows\Sysnative\rastls.dll
2014-12-25 15:10:24    6DBE73C09215E281F4283641144110A5    35480    ----a-w-    C:\Windows\Sysnative\TsWpfWrp.exe
2014-12-25 15:09:53    C1E44A99F7CF8C3A08CD5ADDF451636C    2125344    ----a-w-    C:\Windows\Sysnative\d3d9.dll
2014-12-25 15:09:51    EA432A85ABF371E14FB364D5F4405897    403968    ----a-w-    C:\Windows\Sysnative\vpnike.dll
2014-12-25 15:09:51    98D0985521BF8F7086EA9C860898A1EE    721408    ----a-w-    C:\Windows\Sysnative\fveapi.dll
2014-12-25 15:09:51    05DE04005CE0D84D0E6AD21CAEB369C6    353280    ----a-w-    C:\Windows\Sysnative\dhcpcore.dll
2014-12-25 15:09:47    6B374D279DC423FE69DB8DD1401E84FC    301056    ----a-w-    C:\Windows\Sysnative\framedynos.dll
2014-12-25 15:09:46    E07C80468D0C599BFF01D9D4EC7AEDC3    339456    ----a-w-    C:\Windows\Sysnative\bdesvc.dll
2014-12-25 15:09:46    10AC9494ECE22A2362E4E4D98C528D01    271872    ----a-w-    C:\Windows\Sysnative\dhcpcore6.dll
2014-12-25 15:09:45    FBB1841434072FFA76E4AD287448E34A    262656    ----a-w-    C:\Windows\Sysnative\framedyn.dll
2014-12-25 15:09:45    20FB137ADDE1255F15F265A7BD9579BE    827392    ----a-w-    C:\Windows\Sysnative\BFE.DLL
2014-12-25 15:09:45    1824052F17B12B5D7B21445B869EE9F2    71168    ----a-w-    C:\Windows\Sysnative\ncobjapi.dll
2014-12-25 15:09:44    DEA76F90F9777E3427D70E380222B23B    1063424    ----a-w-    C:\Windows\Sysnative\IKEEXT.DLL
2014-12-25 15:09:44    D3883FBCA97D10C8A39632D6CDDC6E85    65024    ----a-w-    C:\Windows\Sysnative\dhcpcsvc6.dll
2014-12-25 15:09:44    7E1EBDB3424337ABB553F249A7811D94    87552    ----a-w-    C:\Windows\Sysnative\dhcpcsvc.dll
2014-12-25 15:09:44    2616E8E9C8B66A67CFB6197E9517A2F2    123392    ----a-w-    C:\Windows\Sysnative\Robocopy.exe
2014-12-25 15:09:43    CFD6DBED27511D7A5FBE33AFA7E6B669    76800    ----a-w-    C:\Windows\Sysnative\BulkOperationHost.exe
2014-12-25 15:09:42    71BAEAFD05B3040173F5BBEA2CFE9607    997888    ----a-w-    C:\Windows\Sysnative\reseteng.dll
2014-12-25 15:09:41    B7CC32E00C5C5152D221DF182827F58E    50745    ----a-w-    C:\Windows\Sysnative\srms.dat
2014-12-25 15:09:27    93645AEBE163230A2ED5050C14AE6603    2149376    ----a-w-    C:\Windows\Sysnative\msxml3.dll
2014-12-25 15:09:26    DFDFDE2EA4B5CD0606BA6E56ECEE502D    272248    ----a-w-    C:\Windows\Sysnative\audiodg.exe
2014-12-25 15:09:26    C0484CA5C7F87E38909746B63C7FC868    911360    ----a-w-    C:\Windows\Sysnative\audiosrv.dll
2014-12-25 15:09:26    BB7F878413AD3C2E7E89C96193D405DF    57856    ----a-w-    C:\Windows\Sysnative\drvcfg.exe
2014-12-25 15:09:26    9F87516BF76C40B41D831F7D729A6044    482872    ----a-w-    C:\Windows\Sysnative\AudioEng.dll
2014-12-25 15:09:26    9C88C9397B44B76E5C9A44B8E2CE53A1    500016    ----a-w-    C:\Windows\Sysnative\AudioSes.dll
2014-12-25 15:09:26    8E472AA2E916417B55BC1E6727957453    110592    ----a-w-    C:\Windows\Sysnative\drvinst.exe
2014-12-25 15:09:26    8085F95BB18A171E7221D2831BC08BC2    394120    ----a-w-    C:\Windows\Sysnative\AUDIOKSE.dll
2014-12-25 15:09:26    7F70B1044272982AAEA7C16E83424770    226304    ----a-w-    C:\Windows\Sysnative\AudioEndpointBuilder.dll
2014-12-25 15:09:25    BB93DAAAE9006598935192B9CB65E475    108432    ----a-w-    C:\Windows\Sysnative\EncDump.dll
2014-12-25 15:09:25    B31C4917EC5EADE24A90DDAF37EA00E0    4182016    ----a-w-    C:\Windows\Sysnative\win32k.sys
2014-12-25 15:09:25    84549E8C8BF76B293A7E625A98D4BCF9    81408    ----a-w-    C:\Windows\Sysnative\packager.dll
2014-12-25 15:09:24    CC8E86B9C18BCA38D3C467CFD661A466    1975296    ----a-w-    C:\Windows\Sysnative\DWrite.dll
2014-12-25 15:09:24    3FA6DC6B29717E32E211C1FD821F2C75    1345536    ----a-w-    C:\Windows\Sysnative\FntCache.dll
2014-12-25 15:09:23    418B5117F187DFFD96C52325CA0DF153    1762840    ----a-w-    C:\Windows\Sysnative\WindowsCodecs.dll
2014-12-25 15:09:15    B312E157D20E727F30EAB3A250441B6F    284672    ----a-w-    C:\Windows\Sysnative\WUDFHost.exe
2014-12-25 15:09:15    9CDC2059A23E3C9B57696178508777E7    99840    ----a-w-    C:\Windows\Sysnative\WUDFSvc.dll
2014-12-25 15:09:15    42D257559F97B30A94A027EB4555C62F    323584    ----a-w-    C:\Windows\Sysnative\DaOtpCredentialProvider.dll
2014-12-25 15:09:15    1A54E3DF2CBB8DBE8A17C87BB07E3A7E    209408    ----a-w-    C:\Windows\Sysnative\WUDFPlatform.dll
2014-12-25 15:09:15    08DCA300264238F9AE941302321F3D54    423768    ----a-w-    C:\Windows\Sysnative\hal.dll
2014-12-25 15:08:58    78FC2B2BA0E5E1C9249E3157D4EE9BC7    586240    ----a-w-    C:\Windows\Sysnative\qedit.dll
2014-12-25 15:08:51    E4A75F7BA48F4281405C782E3DB9F828    146432    ----a-w-    C:\Windows\Sysnative\poqexec.exe
2014-12-25 15:08:42    62D54F4673A6208C8CC147758122B3C3    2865152    ----a-w-    C:\Windows\Sysnative\actxprxy.dll
2014-12-25 15:08:41    C9AB2198141844D3DF96B4552CE9D5AB    77824    ----a-w-    C:\Windows\Sysnative\JavaScriptCollectionAgent.dll
2014-12-25 15:08:41    39B512C643812FC2D4843C0D4206C759    718848    ----a-w-    C:\Windows\Sysnative\ie4uinit.exe
2014-12-25 15:08:39    E7A2061ADF0F4D430FECDA1E8D6B7BA6    1548288    ----a-w-    C:\Windows\Sysnative\urlmon.dll
2014-12-25 15:08:39    DDE455CF1B9F43775A53A4E577DFDC54    373760    ----a-w-    C:\Windows\Sysnative\iedkcs32.dll
2014-12-25 15:08:38    14BA910E7731FC84EB85328BD0F1EE81    800768    ----a-w-    C:\Windows\Sysnative\msfeeds.dll
2014-12-25 15:08:38    0AF0AEF0BA9EF6169E61C78504DCAE55    316928    ----a-w-    C:\Windows\Sysnative\dxtrans.dll
2014-12-25 15:08:37    3FE71E2A5BD3EC652E64FC8BCEFEDD2C    2125312    ----a-w-    C:\Windows\Sysnative\inetcpl.cpl
2014-12-25 15:08:36    982B871A25B5078093FAD82D0AB0E3FC    2885120    ----a-w-    C:\Windows\Sysnative\iertutil.dll
2014-12-25 15:08:35    F79E5258AF040A8AD83C7C1273A071C3    54784    ----a-w-    C:\Windows\Sysnative\jsproxy.dll
2014-12-25 15:08:35    556D271F4243B273EDA353512BF3608A    14412800    ----a-w-    C:\Windows\Sysnative\ieframe.dll
2014-12-25 15:08:35    175C139D51F99099D1BDA17794B02191    490496    ----a-w-    C:\Windows\Sysnative\dxtmsft.dll
2014-12-25 15:08:34    DE58DE2C6C8439B7174D6D3568AA4A80    814080    ----a-w-    C:\Windows\Sysnative\jscript9diag.dll
2014-12-25 15:08:34    DB10D681314714E0D4623E4C0CF6654A    92160    ----a-w-    C:\Windows\Sysnative\mshtmled.dll
2014-12-25 15:08:33    EFBA893429814EA3244C87C2D1256618    800768    ----a-w-    C:\Windows\Sysnative\ieapfltr.dll
2014-12-25 15:08:33    8D64466AD12CA5677CD0099C43C58569    6039552    ----a-w-    C:\Windows\Sysnative\jscript9.dll
2014-12-25 15:08:33    4AF089160FE082E5EA5C4AA72782DCA2    2358272    ----a-w-    C:\Windows\Sysnative\wininet.dll
2014-12-25 15:08:32    D478A4CF07FB8ADF72FB16B88E8030B8    25059840    ----a-w-    C:\Windows\Sysnative\mshtml.dll
2014-12-25 15:08:31    E40D3696BE4852956669C285038B37A6    114688    ----a-w-    C:\Windows\Sysnative\ieetwcollector.exe
2014-12-25 15:08:30    507DC5EE1363EEB7D986B1026DF4E39D    1032704    ----a-w-    C:\Windows\Sysnative\inetcomm.dll
2014-12-25 15:08:30    1D294810D3A8A8F722E86AA001F54DCC    580096    ----a-w-    C:\Windows\Sysnative\vbscript.dll
2014-12-25 15:08:29    A41AC7E8D142FD0ECF6EF7F1BB63D478    812544    ----a-w-    C:\Windows\Sysnative\jscript.dll
2014-12-25 15:08:29    587DEBB59F5F14C9610966FB14A33607    633856    ----a-w-    C:\Windows\Sysnative\ieui.dll
2014-12-25 15:08:28    F0A53129AE95A895EC8C4DC36E1797A2    108544    ----a-w-    C:\Windows\Sysnative\hlink.dll
2014-12-25 15:08:28    D248949FCF2B72C1FD4EC15DA92065C0    262144    ----a-w-    C:\Windows\Sysnative\webcheck.dll
2014-12-25 15:08:28    62CFEE2A516C68540486EBF26F18ED4C    145408    ----a-w-    C:\Windows\Sysnative\iepeers.dll
2014-12-25 15:08:27    A348DEFC16B6FBC88B7D61C3B861BCB1    107520    ----a-w-    C:\Windows\Sysnative\inseng.dll
2014-12-25 15:08:27    8AE1AC97407CD82D8389390C21430579    111616    ----a-w-    C:\Windows\Sysnative\iesysprep.dll
2014-12-25 15:08:27    85E97591864F3125C5B08FB44E0E8078    60416    ----a-w-    C:\Windows\Sysnative\msfeedsbs.dll
2014-12-25 15:08:27    284070B045F8B11B4A1FB32F72023038    417280    ----a-w-    C:\Windows\Sysnative\html.iec
2014-12-25 15:08:27    1C3C54FA2D620DF3093F356A56EC5957    144384    ----a-w-    C:\Windows\Sysnative\ieUnatt.exe
2014-12-25 15:08:27    00FB2FB8C27C834CF575BC415B80F995    87552    ----a-w-    C:\Windows\Sysnative\tdc.ocx
2014-12-25 15:08:26    F54E1190251EB245183BF16D6C315613    237568    ----a-w-    C:\Windows\Sysnative\url.dll
2014-12-25 15:08:26    DD8FD33C108F14681A410067AB21DDF3    152064    ----a-w-    C:\Windows\Sysnative\occache.dll
2014-12-25 15:08:26    D66D11191B48007179B0A77DC0717267    33280    ----a-w-    C:\Windows\Sysnative\licmgr10.dll
2014-12-25 15:08:26    CDC8A85EB301A8CBE55A81A1D55AF5E5    132096    ----a-w-    C:\Windows\Sysnative\IEAdvpack.dll
2014-12-25 15:08:26    A7F53772ECAE2F44B455D14F71179940    48640    ----a-w-    C:\Windows\Sysnative\ieetwproxystub.dll
2014-12-25 15:08:26    6096209CB47D61499C3608B9C25B073C    64512    ----a-w-    C:\Windows\Sysnative\pngfilt.dll
2014-12-25 15:08:26    4B9C652BD0FD95A9E6123913C35519D6    143872    ----a-w-    C:\Windows\Sysnative\wextract.exe
2014-12-25 15:08:26    3721721151DB49457B0FD35E0C04594C    199680    ----a-w-    C:\Windows\Sysnative\msrating.dll
2014-12-25 15:08:26    17A157A4225CF562202AC71DB8103177    88064    ----a-w-    C:\Windows\Sysnative\MshtmlDac.dll
2014-12-25 15:08:26    161BC2E883A8D8759A4DCF2A85AF9128    51200    ----a-w-    C:\Windows\Sysnative\imgutil.dll
2014-12-25 15:08:25    E99E2E88BFE584184AE92B1F8995CE93    66560    ----a-w-    C:\Windows\Sysnative\iesetup.dll
2014-12-25 15:08:25    E77092C38028EB0A5C461B3436E0A6D5    4096    ----a-w-    C:\Windows\Sysnative\ieetwcollectorres.dll
2014-12-25 15:08:25    CA2F3153EF3BCB0BD3A8984C933DF604    167424    ----a-w-    C:\Windows\Sysnative\iexpress.exe
2014-12-25 15:08:25    A3871DED5ED88F59C0D1396761708F81    13824    ----a-w-    C:\Windows\Sysnative\mshta.exe
2014-12-25 15:08:25    6A7F8D139610E5F3F158182778EF9275    34304    ----a-w-    C:\Windows\Sysnative\iernonce.dll
2014-12-25 15:08:25    66585D645C4E23A0FD5124BD714AE020    12800    ----a-w-    C:\Windows\Sysnative\msfeedssync.exe
2014-12-25 15:08:19    F381B380B7B2704EA4C0F8D8C49C1C50    623616    ----a-w-    C:\Windows\Sysnative\MDMAgent.exe
2014-12-25 15:08:16    E87F8EC00FEEF700E61F6989D88A8BC2    991232    ----a-w-    C:\Windows\Sysnative\kerberos.dll
2014-12-25 15:08:16    788C7D910267DDCD675DF4AB01961265    259584    ----a-w-    C:\Windows\Sysnative\pku2u.dll
2014-12-25 15:08:11    C88B63FE96DB4BCED65DD442BC8E77F5    1053184    ----a-w-    C:\Windows\Sysnative\localspl.dll
2014-12-25 15:08:11    C4306ADC38939CAC60EA38AAD9F170C0    13424128    ----a-w-    C:\Windows\Sysnative\twinui.dll
2014-12-25 15:08:10    34B5290B8770A2FC578E3FEAD3FD7462    921600    ----a-w-    C:\Windows\Sysnative\MrmCoreR.dll
2014-12-25 15:08:09    1D303CE5BCBD5B80BBA08321F28A3F86    21197152    ----a-w-    C:\Windows\Sysnative\shell32.dll
2014-12-25 15:08:07    BCE66E78D388875B87286CA091E7075F    7484224    ----a-w-    C:\Windows\Sysnative\ntoskrnl.exe
2014-12-25 15:08:05    1907823D5ACFD75D1D8C0D4318299726    2714112    ----a-w-    C:\Windows\Sysnative\SettingsHandlers.dll
2014-12-25 15:08:03    CA729FCE295895515A09BD6FF7903DC8    836176    ----a-w-    C:\Windows\Sysnative\mfmp4srcsnk.dll
2014-12-25 15:08:03    A208498C5CD750A1743C1AC8162A810F    941568    ----a-w-    C:\Windows\Sysnative\MFMediaEngine.dll
2014-12-25 15:08:01    5416C603B6C85CF0698E8A2A1D28BAA2    448512    ----a-w-    C:\Windows\Sysnative\puiobj.dll
2014-12-25 15:08:01    50E96089F9BE352621997143A56C8E76    822272    ----a-w-    C:\Windows\Sysnative\win32spl.dll
2014-12-25 15:08:00    9CE162EB9057CF079736F4DD00FC0D6C    2480128    ----a-w-    C:\Windows\Sysnative\WsmSvc.dll
2014-12-25 15:08:00    12C0733F955E15C3C37DD24C9C7D796A    263680    ----a-w-    C:\Windows\Sysnative\DafPrintProvider.dll
2014-12-25 15:07:59    A8732AFE4DB47114355ABB285ED776D2    187392    ----a-w-    C:\Windows\Sysnative\puiapi.dll
2014-12-25 15:07:59    8CBF1E2761816CFD9D32F8B32531D0FB    118272    ----a-w-    C:\Windows\Sysnative\winbici.dll
2014-12-25 15:07:59    8758F5DEBD2B950B2D56ED11F9E0B38F    545792    ----a-w-    C:\Windows\Sysnative\untfs.dll
2014-12-25 15:07:59    118A11C89FAD244A2B85DA7EDC3E9683    215552    ----a-w-    C:\Windows\Sysnative\prnntfy.dll
2014-12-25 15:07:58    9C55CE9707B3CA29A6505BCDCC546390    275968    ----a-w-    C:\Windows\Sysnative\FXSAPI.dll
2014-12-25 15:07:58    6C118AEDD15FDBEAECC0E85C64B5B86B    615424    ----a-w-    C:\Windows\Sysnative\FXSCOMEX.dll
2014-12-25 15:07:58    6317C9DB4282CEAA3BAB131BC3839B2A    308736    ----a-w-    C:\Windows\Sysnative\compstui.dll
2014-12-25 15:07:45    52E94AE3C9FF1E18A1EA125C4FFB0EEC    2834944    ----a-w-    C:\Windows\Sysnative\wpccpl.dll
2014-12-25 15:07:16    8BB7548307EE6147137993A410D64387    869544    ----a-w-    C:\Windows\Sysnative\msvcr120_clr0400.dll
2014-12-25 15:06:37    9FA466A42109F408AC6C2848E851C38A    555736    ----a-w-    C:\Windows\Sysnative\twinapi.appcore.dll
2014-12-25 15:06:36    CCC6D7250D01DA7E5499B0722CF6CAE3    1054208    ----a-w-    C:\Windows\Sysnative\twinui.appcore.dll
2014-12-25 14:48:13    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\Windows\Sysnative\HP_ActiveX_Patch_NOT_DETECTED.txt
 

Link to post
Share on other sites

====== C:\Windows\Sysnative\drivers =====
2015-01-05 20:44:16    3B32CAA07D672F8A2E0DF5CB3A873F45    22704    ----a-w-    C:\Windows\Sysnative\drivers\EsgScanner.sys
2014-12-29 12:49:17    29F981739E50305128022CBE10B3659C    197704    ----a-w-    C:\Windows\Sysnative\drivers\HipShieldK.sys
2014-12-26 14:24:02    6416E79A58A8FCC33A447A4DDDD3BF04    412160    ----a-w-    C:\Windows\Sysnative\drivers\srv.sys
2014-12-26 14:23:59    038C77D577900EE39410662478BB0D50    2009920    ----a-w-    C:\Windows\Sysnative\drivers\ntfs.sys
2014-12-26 14:23:58    5BED3AB69797C8786EF70AEA8C33748B    674816    ----a-w-    C:\Windows\Sysnative\drivers\srv2.sys
2014-12-26 14:23:52    FF78D053A05E5A394F4E3C1816CC65A8    143680    -c--a-w-    C:\Windows\Sysnative\drivers\usbccgp.sys
2014-12-26 14:23:45    240C5C3793206725AA05665851E8C214    412992    -c--a-w-    C:\Windows\Sysnative\drivers\spaceport.sys
2014-12-26 14:23:36    64CA2B4A49A8EAF495E435623ECCE7DB    310080    -c--a-w-    C:\Windows\Sysnative\drivers\volsnap.sys
2014-12-26 14:23:34    D047CD668E6277FD80F0C613946F034C    246272    ----a-w-    C:\Windows\Sysnative\drivers\srvnet.sys
2014-12-26 14:23:34    26ACA481FAFEC59FE311D719E3027BBA    446976    ----a-w-    C:\Windows\Sysnative\drivers\nwifi.sys
2014-12-26 14:23:34    1DD05F4857C2188744B9E864658949DD    295424    ----a-w-    C:\Windows\Sysnative\drivers\ks.sys
2014-12-26 14:23:33    FEF0BC107812B36849741C3211BA6B60    419648    -c--a-w-    C:\Windows\Sysnative\drivers\usbhub.sys
2014-12-26 14:23:24    E4B4BE2D7750849C07589DA0B0AABA01    1118040    ----a-w-    C:\Windows\Sysnative\drivers\ndis.sys
2014-12-26 14:23:23    C910E5D18958914A66F0E45689D0B40A    206848    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb20.sys
2014-12-26 14:23:23    B1AA3B19A2E596A59224F893E01A5A75    126464    ----a-w-    C:\Windows\Sysnative\drivers\NdisImPlatform.sys
2014-12-26 14:23:22    D4B7ED39C7900384D9E5C1283F1E7926    76800    -c--a-w-    C:\Windows\Sysnative\drivers\hdaudbus.sys
2014-12-26 14:23:15    91ED124E261EA8FAA1C0FFDF2A71B0C4    280384    -c--a-w-    C:\Windows\Sysnative\drivers\pci.sys
2014-12-26 14:23:12    9C096BF5E10CA8BFA56F32522A89FAF1    79872    ----a-w-    C:\Windows\Sysnative\drivers\IPMIDrv.sys
2014-12-26 13:46:25    26C43960C99EE861A5D0EDC4DCF3B1C3    129752    ----a-w-    C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2014-12-26 13:39:51    CA43F8904E24BBE49982E4C0B29E6579    25816    ----a-w-    C:\Windows\Sysnative\drivers\mbam.sys
2014-12-26 13:39:51    9D7BFFDB5FA62B600DF1FCB4919D9D79    64216    ----a-w-    C:\Windows\Sysnative\drivers\mwac.sys
2014-12-26 13:39:51    478CC94C937D235CB0A96AB8F2359D81    93400    ----a-w-    C:\Windows\Sysnative\drivers\mbamchameleon.sys
2014-12-25 23:53:55    C59466B2D16EB041525C3ADBA6B981BE    3593432    ----a-w-    C:\Windows\Sysnative\drivers\rtwlane.sys
2014-12-25 23:50:32    44ED7064A8CFF33E6D2BCC81412145F7    3943384    ----a-w-    C:\Windows\Sysnative\drivers\RTKVHD64.sys
2014-12-25 23:50:30    581D3F7D3EB6DB8291C70CDC9B11490B    1011171    ----a-w-    C:\Windows\Sysnative\drivers\RTAIODAT.DAT
2014-12-25 23:23:50    517334A411CD079EE9AEF4C2167875A5    222720    ----a-w-    C:\Windows\Sysnative\drivers\AtihdWB6.sys
2014-12-25 23:23:50    4CEA306BAC2E3DCA0CD740003BC70B95    142848    ----a-w-    C:\Windows\Sysnative\drivers\amdacpksl.sys
2014-12-25 23:23:29    C28F48A1030B3F1D8CB77C10FC0091FB    13943296    ----a-w-    C:\Windows\Sysnative\drivers\atikmdag.sys
2014-12-25 23:23:29    62926583F72143241921D7DA78509CCA    630784    ----a-w-    C:\Windows\Sysnative\drivers\atikmpag.sys
2014-12-25 23:23:28    42DE03C865016E814A05AD2B6109AD61    43520    ----a-w-    C:\Windows\Sysnative\drivers\ati2erec.dll
2014-12-25 23:23:13    1EDE6ADCA69E2F44EE2628DD4DAA30C5    230088    ----a-w-    C:\Windows\Sysnative\drivers\amdpsp.sys
2014-12-25 23:23:11    02F26B62F44850545B78850B662C9EB5    85704    ----a-w-    C:\Windows\Sysnative\drivers\amdkmcsp.sys
2014-12-25 23:19:39    DE8D12B4C3F55FA2C5E9774314F6C58A    258368    ----a-w-    C:\Windows\Sysnative\drivers\WdFilter.sys
2014-12-25 23:19:39    4AD874CDC812EC156265E451B6B09DAB    114496    ----a-w-    C:\Windows\Sysnative\drivers\WdNisDrv.sys
2014-12-25 23:19:39    0359607177E5E9F6041136CC0A5CB0B6    35320    ----a-w-    C:\Windows\Sysnative\drivers\WdBoot.sys
2014-12-25 23:19:15    8DF1254093B5C354CE725EB6B9B0DE19    146752    ----a-w-    C:\Windows\Sysnative\drivers\msgpioclx.sys
2014-12-25 15:41:42    374E27295F0A9DCAA8FC96370F9BEEA5    563200    ----a-w-    C:\Windows\Sysnative\drivers\afd.sys
2014-12-25 15:20:44    313DCE665B57000B18CB26C6B6A10DFE    1557848    ----a-w-    C:\Windows\Sysnative\drivers\dxgkrnl.sys
2014-12-25 15:13:16    6D2EE96150E35B9EA49F2B481DE0369A    177472    ----a-w-    C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-12-25 15:13:16    4E1207CE16E615B0B7A70DC889F4500E    563976    ----a-w-    C:\Windows\Sysnative\drivers\cng.sys
2014-12-25 15:13:15    9F08A6608F98B5407E7DDBCF306573EF    27456    ----a-w-    C:\Windows\Sysnative\drivers\rdpvideominiport.sys
2014-12-25 15:12:09    182561A14F2E93E81E66FE3700D17A5A    55328    ----a-w-    C:\Windows\Sysnative\drivers\wpcfltr.sys
2014-12-25 15:11:30    65392F3F3F65E4C6CC82A0F4F8A0B051    468288    -c--a-w-    C:\Windows\Sysnative\drivers\USBHUB3.SYS
2014-12-25 15:11:17    E0927EFA25D473367C3341B9F5969779    115712    ----a-w-    C:\Windows\Sysnative\drivers\bridge.sys
2014-12-25 15:09:47    7A1A3F213CDB3363D179D5014272025D    402432    ----a-w-    C:\Windows\Sysnative\drivers\mrxsmb.sys
2014-12-25 15:09:45    674A4702E4E144E8710ED1A2EC6DD049    96768    ----a-w-    C:\Windows\Sysnative\drivers\agilevpn.sys
2014-12-25 15:09:44    65ED7B9CFEA893DF7748D5FF692690DE    38912    ----a-w-    C:\Windows\Sysnative\drivers\vwifimp.sys
2014-12-25 15:09:43    35BF5C5F5E3C9902C98978C7640574DA    71680    ----a-w-    C:\Windows\Sysnative\drivers\vwififlt.sys
2014-12-25 15:09:16    FE0ADF5028EB8C1339B66B3AEDE3FEF9    440664    -c--a-w-    C:\Windows\Sysnative\drivers\usbport.sys
2014-12-25 15:09:16    7CCBBCEE408A5DBE3FE47297DB5A6CFC    227840    ----a-w-    C:\Windows\Sysnative\drivers\WUDFRd.sys
2014-12-25 15:09:15    D79920BE4E6683D3AB50F71457A4F6C6    27480    -c--a-w-    C:\Windows\Sysnative\drivers\usbd.sys
2014-12-25 15:09:15    D537815E450A149752C15868392AD1F3    110592    ----a-w-    C:\Windows\Sysnative\drivers\WUDFPf.sys
2014-12-25 15:09:15    48BA326A3DBA5B5BEB5F2777F4618696    89944    -c--a-w-    C:\Windows\Sysnative\drivers\usbehci.sys
2014-12-25 15:09:15    064260B3A5868AC894A4943543BC7AB7    37376    -c--a-w-    C:\Windows\Sysnative\drivers\usbuhci.sys
2014-12-25 15:08:58    B02118A776C368F7EE1A8CC81378D265    153920    -c--a-w-    C:\Windows\Sysnative\drivers\dumpsd.sys
2014-12-25 15:08:58    A770340FC02B999EF0DE6C2A6BC8437C    39744    -c--a-w-    C:\Windows\Sysnative\drivers\intelpep.sys
2014-12-25 15:08:58    7B7C482CF48E6EE33664340D1A78E6FE    238912    -c--a-w-    C:\Windows\Sysnative\drivers\sdbus.sys
2014-12-25 15:08:58    24A8DFC07E4BAF29AEA26E383D4CC886    86336    ----a-w-    C:\Windows\Sysnative\drivers\pdc.sys
2014-12-25 15:08:10    CCB3A2BB60FE5073F2DEA63FE83CF8FE    2497344    ----a-w-    C:\Windows\Sysnative\drivers\tcpip.sys
2014-12-25 15:08:02    E3FCE2A6B3533D99A3B498504DF9CC47    474432    ----a-w-    C:\Windows\Sysnative\drivers\netio.sys
2014-12-25 15:07:59    7F23E38C5B6448F91439E4066645191E    428864    ----a-w-    C:\Windows\Sysnative\drivers\FWPKCLNT.SYS
2014-12-25 15:07:59    66732C13628BDB1AB0D6FD46027327C2    148800    -c--a-w-    C:\Windows\Sysnative\drivers\USBSTOR.SYS
2014-12-23 23:56:15    D41D8CD98F00B204E9800998ECF8427E    0    ---ha-w-    C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
====== C:\Windows\Tasks ======
2015-01-01 19:03:42    CF812560DDBA2A4EDDF5367673E261EE    3154    ----a-w-    C:\Windows\Sysnative\Tasks\HPCeeScheduleForJim
2015-01-01 19:03:41    E85E38F64D7E2FAF62618BCF7A8955DE    348    ----a-w-    C:\Windows\Tasks\HPCeeScheduleForJim.job
2014-12-26 14:01:08    5A4EE56BDCD9245663C1D9E85B60AE20    3120    ----a-w-    C:\Windows\Sysnative\Tasks\{96CECDE6-B333-4AC9-B0B1-049976EB5B50}
2014-12-23 22:04:36    4E4D9A1C6FA4E9C6098005D81F7C95DB    3718    ----a-w-    C:\Windows\Sysnative\Tasks\Adobe Flash Player Updater
2014-12-23 22:04:35    7BD412C5C446BC64CC8B0F230CCA7C09    830    ----a-w-    C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-23 00:07:26    B85AB99E62F5E31EF46781BA937868FE    3930    ----a-w-    C:\Windows\Sysnative\Tasks\User_Feed_Synchronization-{7B4AEFE6-BE5C-4489-BE05-077A24D87D40}
2014-12-23 00:06:36    58F4149A4EE0B4C9D0ECABE2A6A57273    3600    ----a-w-    C:\Windows\Sysnative\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2569095087-4095402281-4148464696-1002
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-05 20:43:55    --------    d-----w-    C:\Program Files\Enigma Software Group
2014-12-31 15:35:48    --------    d-----w-    C:\Program Files\Common Files\Macrovision Shared
2014-12-31 15:34:25    --------    d-----w-    C:\Program Files\Dassault Systemes
2014-12-23 18:55:15    --------    d-----w-    C:\Program Files\Microsoft Office
======= C:\PROGRA~2 =====
2015-01-05 19:46:47    --------    d-----w-    C:\PROGRA~2\ERUNT
2015-01-02 18:27:06    --------    d-----w-    C:\PROGRA~2\GPLGS
2015-01-02 17:20:52    --------    d-----w-    C:\PROGRA~2\Acro Software
2014-12-30 16:34:01    --------    d-----w-    C:\PROGRA~2\COMMON~1\DESIGNER
2014-12-30 16:32:03    --------    d-----w-    C:\PROGRA~2\Microsoft Visual Studio
2014-12-30 14:41:53    --------    d-----w-    C:\PROGRA~2\COMMON~1\SureThing Shared
2014-12-30 14:40:15    --------    d-----w-    C:\PROGRA~2\Roxio
2014-12-30 14:40:14    --------    d-----w-    C:\PROGRA~2\COMMON~1\Sonic Shared
2014-12-25 23:32:15    --------    d-----w-    C:\PROGRA~2\AMD AVT
2014-12-24 02:27:08    --------    d-----w-    C:\PROGRA~2\ImgBurn
2014-12-23 23:48:25    --------    d-----w-    C:\PROGRA~2\Samsung
2014-12-23 18:59:09    --------    d-----w-    C:\PROGRA~2\Microsoft Works
2014-12-23 00:22:18    --------    d-----w-    C:\PROGRA~2\Mozilla Thunderbird
2014-12-23 00:11:08    --------    d-----w-    C:\PROGRA~2\Mozilla Maintenance Service
======= C: =====
2015-01-05 20:47:06    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\autoexec.bat
====== C:\Users\Jim\AppData\Roaming ======
2015-01-06 19:51:13    --------    d-----w-    C:\Users\Jim\AppData\Local\CrashRpt
2015-01-05 20:46:28    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Enigma Software Group
2015-01-05 20:46:19    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-01-02 18:29:21    --------    d-----w-    C:\Users\Jim\AppData\Local\CutePDF Writer
2015-01-01 21:38:16    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Leadertech
2014-12-31 17:38:17    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Dassault Systemes
2014-12-31 15:44:13    --------    d-----w-    C:\Users\Jim\AppData\Local\Dassault Systemes
2014-12-31 15:34:52    --------    d-----w-    C:\Users\Jim\AppData\Roaming\DraftSight
2014-12-31 12:55:14    EB86F64D055659F655F814CE598440E0    128704    ----a-w-    C:\Users\Jim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-26 12:58:28    --------    d-----w-    C:\Users\Jim\AppData\Roaming\ImgBurn
2014-12-26 10:16:02    --------    d-----w-    C:\Users\Default\AppData\Local\Microsoft Help
2014-12-26 10:16:02    --------    d-----w-    C:\Users\Default User\AppData\Local\Microsoft Help
2014-12-25 23:25:39    --------    d-----w-    C:\Users\Jim\AppData\Roaming\ATI
2014-12-25 23:25:39    --------    d-----w-    C:\Users\Jim\AppData\Local\ATI
2014-12-24 02:26:31    --------    d-----w-    C:\Users\Jim\AppData\Local\Rainmaker_Software_Group_
2014-12-24 02:25:45    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Rainmaker Software Group LLC.?
2014-12-24 01:08:47    --------    d-s---w-    C:\Windows\sysWoW64\config\systemprofile\AppData\Locallow\Microsoft
2014-12-24 01:07:53    --------    d-----w-    C:\Users\Jim\AppData\Local\Programs
2014-12-24 00:00:02    --------    d-----w-    C:\Users\Jim\AppData\Local\MediaShow
2014-12-23 23:59:53    --------    d-----w-    C:\Users\Jim\AppData\Roaming\CyberLink
2014-12-23 23:48:36    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Samsung
2014-12-23 22:11:31    --------    d-----w-    C:\Users\Jim\AppData\Locallow\LastPass
2014-12-23 22:03:56    --------    d-----w-    C:\Users\Jim\AppData\Local\Adobe
2014-12-23 19:08:08    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Identities
2014-12-23 18:54:27    --------    d-----w-    C:\Users\Jim\AppData\Local\Microsoft Help
2014-12-23 12:54:26    --------    d-----w-    C:\Users\Jim\AppData\Local\ElevatedDiagnostics
2014-12-23 12:49:36    --------    d-----w-    C:\Users\Jim\AppData\Local\Diagnostics
2014-12-23 00:22:26    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Thunderbird
2014-12-23 00:22:26    --------    d-----w-    C:\Users\Jim\AppData\Local\Thunderbird
2014-12-23 00:11:16    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Mozilla
2014-12-23 00:11:16    --------    d-----w-    C:\Users\Jim\AppData\Local\Mozilla
2014-12-23 00:07:30    --------    d-sh--w-    C:\Users\Jim\AppData\Locallow\EmieUserList
2014-12-23 00:07:25    --------    d-sh--w-    C:\Users\Jim\AppData\Local\EmieUserList
2014-12-23 00:07:25    --------    d-sh--w-    C:\Users\Jim\AppData\Local\EmieSiteList
2014-12-23 00:07:17    --------    d-sh--w-    C:\Users\Jim\AppData\Locallow\EmieSiteList
2014-12-23 00:05:53    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Local\PnrpSqm
2014-12-23 00:04:59    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Hewlett-Packard
2014-12-23 00:03:49    --------    d-----w-    C:\Windows\serviceprofiles\Localservice\AppData\Roaming\PeerNetworking
2014-12-23 00:03:00    --------    d-----w-    C:\Users\Jim\AppData\Local\CyberLink
2014-12-23 00:02:00    --------    d-----w-    C:\Users\Jim\AppData\Local\Hewlett-Packard
2014-12-23 00:01:11    --------    d-----r-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-12-23 00:01:11    --------    d-----r-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-12-23 00:01:06    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Adobe
2014-12-23 00:01:05    --------    d-----w-    C:\Users\Jim\AppData\Local\VirtualStore
2014-12-23 00:00:47    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Synaptics
2014-12-23 00:00:43    --------    d-----w-    C:\Users\Jim\AppData\Local\Packages
2014-12-23 00:00:16    --------    d-s---w-    C:\Users\Jim\AppData\Locallow\Microsoft
2014-12-22 23:59:49    --------    d-s---w-    C:\Users\Jim\AppData\Roaming\Microsoft
2014-12-22 23:59:49    --------    d-----w-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-22 23:59:49    --------    d-----w-    C:\Users\Jim\AppData\Local\Temp
2014-12-22 23:59:49    --------    d-----w-    C:\Users\Jim\AppData\Local\Pokki
2014-12-22 23:59:49    --------    d-----w-    C:\Users\Jim\AppData\Local\Microsoft
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
====== C:\Users\Jim ======
2015-01-06 16:14:35    B9E1BF24EF01A82701B09BE75D294085    1707939    ----a-w-    C:\Users\Jim\Downloads\JRT.exe
2015-01-06 15:56:32    9208E5A0A844FCCB39B5252C07B4E860    2173952    ----a-w-    C:\Users\Jim\Downloads\AdwCleaner(2).exe
2015-01-06 01:11:29    9208E5A0A844FCCB39B5252C07B4E860    2173952    ----a-w-    C:\Users\Jim\Downloads\AdwCleaner.exe
2015-01-06 01:11:19    9208E5A0A844FCCB39B5252C07B4E860    2173952    ----a-w-    C:\Users\Jim\Downloads\AdwCleaner(1).exe
2015-01-05 20:43:03    B4CD9E8513C17C32224C70330A235296    3044736    ----a-w-    C:\Users\Jim\Downloads\SpyHunter-Installer.exe
2015-01-05 19:48:58    32EB5F0F9E58934FA5BE7AAAE56E7723    1061112    ----a-w-    C:\Users\Jim\Downloads\rkill64.exe
2015-01-05 19:47:32    2E0328F74F1760BEA974449DDBC3F94E    1940728    ----a-w-    C:\Users\Jim\Downloads\rkill.exe
2015-01-05 19:46:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2015-01-05 19:45:41    933169EEE58B90EB0900CD3B0AF02FD8    791393    ----a-w-    C:\Users\Jim\Downloads\erunt-setup.exe
2015-01-05 18:45:49    AA95D278EC9A7D49375FC0F0B4783E51    36904648    ----a-w-    C:\Users\Jim\Downloads\Windows-KB890830-x64-V5.19.exe
2015-01-05 16:13:16    20EC4DB7B188A15A8CF7A7D7B6692A6D    2123776    ----a-w-    C:\Users\Jim\Downloads\FRST64.exe
2015-01-05 13:44:00    F92CE6E6B3A0AB75E48D9A6BE9DDB550    16448208    ----a-w-    C:\Users\Jim\Downloads\mbar-1.08.2.1001.exe
2015-01-02 17:20:54    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
2015-01-02 17:19:33    69CF531E2F511D076CF32EBDD602AE2B    2395080    ----a-w-    C:\Users\Jim\Downloads\CuteWriter.exe
2014-12-31 15:47:49    --------    d-----w-    C:\ProgramData\FLEXnet
2014-12-31 15:35:19    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dassault Systemes
2014-12-31 15:34:25    --------    d-----w-    C:\ProgramData\Dassault Systemes
2014-12-31 15:18:43    2F0C735370440E19E865E7DE36BB9DFD    190106912    ----a-w-    C:\Users\Jim\Downloads\DraftSight64.exe
2014-12-30 14:41:57    --------    d-----w-    C:\ProgramData\InstallShield
2014-12-30 14:40:15    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Roxio
2014-12-26 13:38:54    3BD59D6C407AB1F6DDD7C5D9BD727469    20447072    ----a-w-    C:\Users\Jim\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-26 13:16:43    8E1B08222F20E45A3E8DB04C569F9CB7    8    --sha-r-    C:\ProgramData\ntuser.pol
2014-12-25 23:31:49    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-24 02:27:10    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-12-24 02:24:09    BC2CA51B80B1E3168F512800CC49083C    231920    ----a-w-    C:\Users\Jim\Downloads\SetupImgBurn_2.5.8.0.exe
2014-12-24 01:07:26    D4C48B02DBE272BD594A304652BD5A7B    96183    ----a-w-    C:\Users\Jim\Downloads\Windows Media Player [1].exe
2014-12-24 00:57:37    B4AAA542E11E3D63B69DCB98755D4069    766360    ----a-w-    C:\Users\Jim\Downloads\Windows Media Player.exe
2014-12-24 00:25:03    E1559110ECEE796DA327AADD4D58B145    2207368    ----a-w-    C:\Users\Jim\Downloads\DefaultPack.EXE
2014-12-23 23:56:16    --------    d-----w-    C:\ProgramData\Samsung
2014-12-23 23:51:31    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-12-23 23:47:02    7EBB9B149227862D55357C0F2892CFF2    42424368    ----a-w-    C:\Users\Jim\Downloads\Kies3Setup.exe
2014-12-23 18:59:51    --------    d-----w-    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-12-23 18:54:23    --------    d-----w-    C:\ProgramData\Microsoft Help
2014-12-23 06:49:45    --------    d--h--r-    C:\Users\Public\AccountPictures
2014-12-23 00:11:08    --------    d-----w-    C:\ProgramData\Mozilla
2014-12-23 00:03:06    --------    d---a-w-    C:\Users\Jim\OneDrive
2014-12-23 00:01:11    --------    d-----r-    C:\Users\Jim\Searches
2014-12-23 00:01:11    --------    d-----r-    C:\Users\Jim\Contacts
2014-12-23 00:00:14    6FC234AD3752E1267B34FB12BCD6718B    20    --sh--w-    C:\Users\Jim\ntuser.ini
2014-12-22 23:59:49    --------    d--h--w-    C:\Users\Jim\AppData
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Videos
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Saved Games
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Pictures
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Music
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Links
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Favorites
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Downloads
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Documents
2014-12-22 23:59:49    --------    d-----r-    C:\Users\Jim\Desktop
====== C: exe-files ==
2015-01-06 16:18:03    2E0323A94915FAAB10A25F3BABF82584    157696    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
2015-01-05 20:46:28    B4CD9E8513C17C32224C70330A235296    3044736    ----a-w-    C:\Users\Jim\AppData\Roaming\Enigma Software Group\sh_installer.exe
2015-01-05 20:44:27    5F5BC9FC260F181C0390C09B960BE1F4    14680    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\native.exe
2015-01-05 20:44:06    633BB002E3061041EE6B1D3136E773E7    7580544    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
2015-01-05 20:44:04    8621D971971592A27D80EA8A820A07CE    1025920    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
2015-01-05 13:47:49    FAB83053CAE661446491946824E843CC    821560    ----a-w-    C:\Users\Jim\Desktop\mbar\Plugins\fixdamage.exe
2015-01-05 13:47:49    EACCC127C05090878AC0153FA17C4E65    54072    ----a-w-    C:\Users\Jim\Desktop\mbar\mbamdor.exe
2015-01-05 13:47:49    2E65369E31EC7B7C95ABCD5516A06B5F    1216824    ----a-w-    C:\Users\Jim\Desktop\mbar\mbar.exe
2015-01-04 19:53:24    017074ACCA92304AB133FE39000C3D0D    43776    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\avg\Win\Tool\launch_is.exe
2015-01-04 19:53:23    BC32F498FCD41578413292B6CC4EE8C7    43776    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\avg\Win\Tool\launch_av.exe
2015-01-04 19:53:23    ABC1256D355E2E9181698982B6213320    43776    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\avg\Win\Tool\launch_fw.exe
2015-01-04 19:52:55    1455D96F29DCB645CD993EEB8BC406D1    45942928    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\setup_av_free.exe
2015-01-04 19:52:24    6AE625D478C96A378DFC9683F9DB34BA    6153352    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\mbam-setup-1.46(2).exe
2015-01-04 19:52:24    04D08BE5F163C108BAFE2988182F62C2    329728    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\netsetup.exe
2015-01-04 19:51:51    FB94F9A71494022C85EAAADDA3F319A9    5692032    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\Fab group\FirefoxGoogleToolbarSetup.exe
2015-01-04 19:51:49    022BD25FE0BDF547B256784891A8BD9B    7279912    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\Fab group\FastCAMMTO.exe
2015-01-04 19:51:48    04AD102C6AF084BC7AC640B2E3C5FF08    3229288    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\Fab group\DBsignWebSigner.exe
2015-01-04 19:51:47    BBD7AEEF76072B9D8C175E0B18F61758    42028382    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\NIS06900.exe
2015-01-02 18:27:06    49CA13C0D95491F2D6CABFD1D708FF7F    139264    ----a-w-    C:\Program Files (x86)\GPLGS\gswin32c.exe
2015-01-02 17:21:50    BB76E42611EEAA955BE832437B98F290    164248    ----a-w-    C:\FRST\Quarantine\C\Users\Jim\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
2015-01-02 17:21:50    8D94E3A6589C8AFC3CD952D4E4BE0C26    157080    ----a-w-    C:\FRST\Quarantine\C\Users\Jim\AppData\Local\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
2015-01-02 17:21:48    F99218793560B339C053484E4E05C326    156056    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\ChromeUtils\APNNativeMsgHost.exe
2015-01-02 17:21:48    EBA2B411BA32362652ABDA0810525AFA    391064    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\Toolbar.exe
2015-01-02 17:21:48    D918A8BD188C5D6D0F6645F53E734C9D    196504    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\VNT\vntldr.exe
2015-01-02 17:21:48    BB76E42611EEAA955BE832437B98F290    164248    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr_x64.exe
2015-01-02 17:21:48    93497AEF874804CBFB65A9EE6CF50ACB    115608    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\ServiceLocator.exe
2015-01-02 17:21:48    8D94E3A6589C8AFC3CD952D4E4BE0C26    157080    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\Updater\IDC\IdcLdr.exe
2015-01-02 17:21:48    5A9C64EEC3A7E738326FC106563474BD    166296    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\apnmcp.exe
2015-01-02 17:21:48    2A660D2A154DD2CF1241C75AABFFC1C9    2039192    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
2015-01-02 17:21:48    1E8D8A0D745D58C076B64F3C397FB1AC    106392    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\AskPartnerNetwork\Toolbar\UpdateManager.exe
2015-01-02 17:20:52    2C046C365F5A17FE3519B4ED8AF4960E    240688    ----a-w-    C:\Program Files (x86)\Acro Software\CutePDF Writer\CPWSave.exe
2015-01-02 17:20:52    0AE72A8AB129A145C0F8BCF11435D68E    28720    ----a-w-    C:\Program Files (x86)\Acro Software\CutePDF Writer\Setup64.exe
2015-01-02 17:20:33    025B4851EEF659BCF77018563908CB46    627608    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\APNSetup.exe
2015-01-01 18:55:39    E31E51C50E768B0F391DD532F30C9409    809528    ----a-w-    C:\SWSetup\sp68419\x86\setup.exe
2015-01-01 18:55:39    2D06D768383D1E0D1A00286A3EF0DDA2    1765432    ----a-w-    C:\SWSetup\sp68419\x86\OPSetup.exe
2015-01-01 18:55:39    1801436936E64598BAB5B87B37DC7F87    8990552    ----a-w-    C:\SWSetup\sp68419\x86\vcredist_x86.exe
2015-01-01 18:55:39    0776370846DFE1D108CBD098DB162F35    432040    ----a-w-    C:\SWSetup\sp68419\x86\OEMFiles\wyUpdate.exe
2015-01-01 18:55:29    F03B4798D4EF637603252419867212CC    1181752    ----a-w-    C:\SWSetup\sp68419\x64\setup.exe
2015-01-01 18:55:29    C9D9EEBCCEF20D637F193490CEC05E79    10274136    ----a-w-    C:\SWSetup\sp68419\x64\vcredist_x64.exe
2015-01-01 18:55:29    8CA571E0BC316368B67E65EB1B590E02    2390072    ----a-w-    C:\SWSetup\sp68419\x64\OPSetup.exe
2015-01-01 18:55:29    61A5FB191AE2AE876DB31DCCE75E4183    1822520    ----a-w-    C:\SWSetup\sp68419\x64\instmsiw.exe
2015-01-01 18:55:29    1801436936E64598BAB5B87B37DC7F87    8990552    ----a-w-    C:\SWSetup\sp68419\x64\vcredist_x86.exe
2015-01-01 18:55:29    0776370846DFE1D108CBD098DB162F35    432040    ----a-w-    C:\SWSetup\sp68419\x64\OEMFiles\wyUpdate.exe
2015-01-01 18:55:29    03D8E1FC34FCB81E741EF4FF4734026C    154168    ----a-w-    C:\SWSetup\sp68419\x64\OPEEInstall_64.exe
2015-01-01 18:55:27    F4BFCA228700282F7512786221CB0655    2071608    ----a-w-    C:\SWSetup\sp68419\LaunchSetup.exe
2014-12-31 15:35:48    668D43EFEB7F129584100CF6320E8A6F    1484080    ----a-w-    C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
=== C: other files ==
2015-01-06 16:18:03    F720D6634E048B0AD485CEEF55263E6B    191092    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\misc.bat
2015-01-06 16:18:03    F56A319979F631C141F5FF02DF87FDB1    43563    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\prelim.bat
2015-01-06 16:18:03    DD1E4D974B1672ABD09EFFB225791C4A    1230    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\TDL4.bat
2015-01-06 16:18:03    C4C784C659C27DB5ED395A7901611C71    14957    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\get.bat
2015-01-06 16:18:03    AD2F52DC72B10AF331692E4A4DD80DFC    18670    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\medfos.bat
2015-01-06 16:18:03    AA0C656F898523BEDF2DA6923197BB80    1264    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\surfvox.bat
2015-01-06 16:18:03    A3945FA06DB607245C6A1D0629CE737E    11057    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\runvalues.bat
2015-01-06 16:18:03    8E6020C14F982CF11B3FE7DBB0CB8EDE    24738    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\searchlnk.bat
2015-01-06 16:18:03    86707BCE5CBB65D9B1C41E249B4423BA    152733    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\firefox.bat
2015-01-06 16:18:03    83F691D8398F0E37E71E9355BF730DB9    719    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\ev_clear.bat
2015-01-06 16:18:03    38A0BDF322ACCC968B0A824C38D50157    29635    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\ask.bat
2015-01-06 16:18:03    335DFF8F23E5EC02B5426362F0F8509B    31401    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\iexplore.bat
2015-01-06 16:18:03    0C4649A62845AB5D5DBCC4998477FF6D    1813    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\delfolders.bat
2015-01-06 16:18:03    080CFDE64F31E7B50EECF4552033E84D    9937    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\mws.bat
2015-01-06 16:18:03    048407135C9B1FB6A355E256BD96160D    14192    ----a-w-    C:\Users\Jim\AppData\Local\Temp\jrt\chrome.bat
2015-01-05 20:47:06    D41D8CD98F00B204E9800998ECF8427E    0    ----a-w-    C:\autoexec.bat
2015-01-05 20:44:27    633BB002E3061041EE6B1D3136E773E7    7580544    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.com
2015-01-05 20:44:20    7AEC5E76816178BF6C543A155D8208B6    15920    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys
2015-01-05 20:44:16    3B32CAA07D672F8A2E0DF5CB3A873F45    22704    ----a-w-    C:\Windows\System32\drivers\EsgScanner.sys
2015-01-05 20:44:15    3B32CAA07D672F8A2E0DF5CB3A873F45    22704    ----a-w-    C:\Program Files\Enigma Software Group\SpyHunter\EsgScanner.sys
2015-01-04 19:55:28    BBA2046DD7FEA12843A17ADB73F67E2D    595534    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\jump 2\Data\Fab group\LTR--0001 (GrinderFiles).zip
2015-01-04 19:55:28    58326FDA6927713E93EACBE2CB8E16F8    2457    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\jump 2\Data\Fab group\LTR--0001 (Instructions).zip
2015-01-04 19:53:34    BBA2046DD7FEA12843A17ADB73F67E2D    595534    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\Data\Fab group\LTR--0001 (GrinderFiles).zip
2015-01-04 19:53:34    58326FDA6927713E93EACBE2CB8E16F8    2457    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Drive 2\Data\Fab group\LTR--0001 (Instructions).zip
2015-01-04 19:51:51    BBA2046DD7FEA12843A17ADB73F67E2D    595534    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\Fab group\LTR--0001 (GrinderFiles).zip
2015-01-04 19:51:51    58326FDA6927713E93EACBE2CB8E16F8    2457    ----a-w-    C:\Users\Jim\Documents\Documents\Jump Drive\Data\Fab group\LTR--0001 (Instructions).zip
2015-01-02 17:21:48    F8857BD1CA12032F5137EA7D3741F2A2    639342    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\appdata\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_ARSSP2-MED@apn.ask.com.xpi
2015-01-02 17:21:48    93A482D58F032B7B85570BDB95A9FCEE    251354    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\program files\VNT\content.zip
2015-01-02 17:21:48    7E9CC5B02CA29EA4F6A2AEFE2E99403B    396734    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\common appdata\AskPartnerNetwork\Toolbar\Shared\CRX\aaaaafpemdiekhmihehjbdlpjoldobnc.crx
2015-01-02 17:21:48    37C371E3F8B9EF577555188830289CA9    430931    ----a-w-    C:\FRST\Quarantine\C\Program Files (x86)\AskPartnerNetwork\Toolbar\ARSSP2-MED\Source\common appdata\AskPartnerNetwork\Toolbar\{PartnerID}\CRX\{Crx_Version}\Toolbar.crx
2014-12-31 20:24:13    30F29490C3DF9CAB0493E6336065002A    48991    ----a-w-    C:\Users\Jim\Downloads\PARTserver02014123121235517515275192d056f.zip

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-21-2569095087-4095402281-4148464696-1002\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcpltui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun"
"AccelerometerSysTrayApplet"="C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe"
"HPMessageService"="C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe"
"ISUSScheduler"="C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe -start"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"
"SimplePass"="C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe /hideui"
"OPBHOBroker"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe"
"OPBHOBrokerDesktop"="C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe Update"

==== Startup Folders ======================

2015-01-05 19:46:54    1127    ----a-w-    C:\Users\Jim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a-------- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [12/23/2014 04:04 PM]
C:\Windows\tasks\HPCeeScheduleForJim.job --a-------- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [07/15/2011 05:43 AM]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\HPCeeScheduleForJim" [C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{7B4AEFE6-BE5C-4489-BE05-077A24D87D40}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\YCMServiceAgent" [C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon" [C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\Update Check" [C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]
"C:\Windows\SysNative\tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan" [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe]

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default
user_pref("browser.startup.homepage", "http://www.bing.com");
user_pref("browser.search.selectedEngine", "Yahoo!");
user_pref("keyword.URL", "https://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=523482&ilc=12&p=");

==== Firefox Extensions ======================

ProfilePath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default
- Undetermined - {442ad619-2fad-4d96-9434-49e6d1c6e280}
- Undetermined - support@lastpass.com
- LastPass - %ProfilePath%\extensions\support@lastpass.com
- Faster Light 1.0.1 - %ProfilePath%\extensions\{442ad619-2fad-4d96-9434-49e6d1c6e280}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default
424899266BA430CCE5DDB6C1B4BE1B99    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll -    Shockwave Flash
0C0C5C207121C7A78414A8250E8E099A    - C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll -    Shockwave for Director / Shockwave for Director


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{9842D04A-F9C2-41CA-B7F1-45F1260A5BAB} Amazon Search Suggestions Url="http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Bing  Url="http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=HPNTDFJS"
{DCDD0EEA-D42A-45DF-89A2-D9C43971452A} Yahoo  Url="https://search.yahoo.com/search?ei=utf-8&fr=chr-greentree_ie&type=523482&ilc=12&p={searchTerms}"

==== HijackThis Entries ======================

F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe
O4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [iSUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Dragon Notes Core (DACoreService) - Nuance Communications, Inc. - C:\Program Files (x86)\Nuance\Dragon Notes\Core\DACore.exe
O23 - Service: DraftSight API Service - Dassault Systèmes - C:\Program Files\Dassault Systemes\DraftSight\bin\dsHttpApiService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem13.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service:  HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: tbaseprovisioning - Advanced Micro Devices, Inc. - C:\Windows\SysWOW64\tbaseprovisioning.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UsbClientService - Unknown owner - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on Tue 01/06/2015 at 14:57:28.51 ======================

Link to post
Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

 

Next,

 

Check Firefox see if Faster Light is gone, if not run the following:

 

Please download SystemLook from the following link below and save it to your Desktop. Use the correct version 32bit or 64bit.

 

http://jpshortstuff.247fixes.com/SystemLookHYPERLINK "http://jpshortstuff.247fixes.com/SystemLook_x64.exe"_x64.exe'>http://jpshortstuff.247fixes.com/SystemLookHYPERLINK "http://jpshortstuff.247fixes.com/SystemLook_x64.exe"_x64.exe     <<-   64 bit….

 

http://images.malwareremoval.com/jpshortstuff/SystemLook.exe'>http://images.malwareremoval.com/jpshortstuff/SystemLook.exe  <<-  32 bit

 


Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
 
:RegfindFaster Light*Faster Light*
 
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Fixlist.txt

Link to post
Share on other sites

No Faster light.  Thanks!

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 07-01-2015
Ran by Jim at 2015-01-07 07:13:59 Run:2
Running from C:\Users\Jim\Downloads
Loaded Profile: Jim (Available profiles: Jim)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
FF Extension: Faster Light 1.0.1 - C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default\Extensions\{442ad619-2fad-4d96-9434-49e6d1c6e280}.xpi [2014-12-23]
C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default\Extensions\{442ad619-2fad-4d96-9434-49e6d1c6e280}
EmptyTemp:
end



*****************

C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default\Extensions\{442ad619-2fad-4d96-9434-49e6d1c6e280}.xpi => Moved successfully.
"C:\Users\Jim\AppData\Roaming\Mozilla\Firefox\Profiles\rmbmqaji.default\Extensions\{442ad619-2fad-4d96-9434-49e6d1c6e280}" => File/Directory not found.
EmptyTemp: => Removed 388.4 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:14:33 ====

Link to post
Share on other sites

Thanks for the log and confirmation, if no remaining issues or concerns run the following:

 

Download "Delfix by Xplode" and save it to your desktop.

 

Or use the following if first link is down:

 

"Delfix link mirror"

 

Double Click to start the program. If you are using Vista or higher, please right-click and choose run as administrator

 

Make Sure the following items are checked:

 

 


    Activate UAC
    Remove disinfection tools
     Create registry backup
    Purge System Restore
    Reset system settings

 

Now click on "Run" and wait patiently until the tool has completed.

 

The tool will create a log when it has completed. We don't need you to post this.

 

Part of the routine will be to create a registry back up with ERUNT,  the back up will be created here:

 

C:\Windows\ERUNT

 

When all is known to be well with your system you can delete that back up folder if you consider it as not needed...

 

Any remnant files/logs from tools we have used can be deleted…

 

Next,

 

Read the following link to fully understand PC security and best practices, you may find it useful....

 

http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/#entry2316629

 

Let me know if we are ok to close out...

 

Thanks,

 

Kevin...

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.