User Tag List

Bad Image infection

This is a discussion on Bad Image infection within the Resolved HJT Threads forums, part of the Tech Support Forum category. I have been infected with a virus that keeps popping up boxes saying the I have a bad image and


 
 
Thread Tools Search this Thread
Old 04-01-2016, 11:45 AM   #1
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



I have been infected with a virus that keeps popping up boxes saying the I have a bad image and that a .dll is either not designed to run on windows or it contains an error. It pops about 20 times every time I try to load me emclient email client. Internet Explorer tries to open to show an unrecognized url, but only shows a blank screen.

I do have access to a windows 10 install disc created from an ISO

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by Bim at 14:37:06 on 2016-04-01
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.4040.2388 [GMT -4:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k apphost
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
C:\Program Files (x86)\USB Camera\VM331STI.EXE
C:\Users\Bim\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxps://search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
uProxyOverride = 192.168.*.*;*.local
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
uRun: [Dropbox Update] "C:\Users\Bim\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
uRun: [OneDrive] "C:\Users\Bim\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [BingSvc] C:\Users\Bim\AppData\Local\Microsoft\BingSvc\BingSvc.exe
uRun: [eM Client] "C:\Program Files (x86)\eM Client\MailClient.exe" /startup
mRun: [331BigDog] "C:\Program Files (x86)\USB Camera\VM331STI.EXE"
mRun: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe"
mRun: [YouCam Tray] "C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe" /s
mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Bim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bim\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\Bim\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\VOICEZ~1.LNK - C:\Program Files (x86)\VoiceZoneConnect\VoiceZoneConnect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\WDDMST~1.LNK - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
mPolicies-System: SoftwareSASGeneration = dword:1
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\OFFICE11\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: NameServer = 209.18.47.62 209.18.47.61
TCP: Interfaces\{2022bb95-d545-437e-aa8b-68b59ad49780} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{2022bb95-d545-437e-aa8b-68b59ad49780} : DHCPNameServer = 209.18.47.62 209.18.47.61
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.110\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [IgfxTray] "C:\WINDOWS\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\WINDOWS\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\WINDOWS\System32\igfxpers.exe"
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-mPolicies-System: SoftwareSASGeneration = dword:1
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126\
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\WINDOWS\System32\drivers\aswRvrt.sys [2016-3-30 74544]
R0 aswVmm;avast! VM Monitor;C:\WINDOWS\System32\drivers\aswVmm.sys [2016-3-30 287016]
R0 fbfmon;fbfmon;C:\WINDOWS\System32\drivers\fbfmon.sys [2012-8-15 57952]
R0 LHDmgr;LHDmgr;C:\WINDOWS\System32\drivers\LhdX64.sys [2012-8-15 39008]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 aswSnx;aswSnx;C:\WINDOWS\System32\drivers\aswSnx.sys [2016-3-30 1070904]
R1 aswSP;aswSP;C:\WINDOWS\System32\drivers\aswSP.sys [2016-3-30 463744]
R1 BPntDrv;BPntDrv;C:\WINDOWS\System32\drivers\BPntDrv.sys [2012-8-15 13408]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-30 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2016-3-2 83768]
R2 aswHwid;avast! HardwareID;C:\WINDOWS\System32\drivers\aswHwid.sys [2016-3-30 37656]
R2 aswMonFlt;aswMonFlt;C:\WINDOWS\System32\drivers\aswMonFlt.sys [2016-3-30 107792]
R2 aswStm;aswStm;C:\WINDOWS\System32\drivers\aswStm.sys [2016-3-30 165344]
R2 avast! Antivirus;Avast Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2016-3-30 237096]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\WINDOWS\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\WINDOWS\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2012-8-14 317440]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2015-10-30 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2015-8-7 44192]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 vm331avs;Digital Camera 1;C:\WINDOWS\System32\drivers\vm331avs.sys [2015-6-12 802312]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2016-3-18 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 EsgScanner;EsgScanner;C:\WINDOWS\System32\drivers\EsgScanner.sys [2016-3-29 22704]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 htcnprot;HTC NDIS Protocol Driver;C:\WINDOWS\System32\drivers\htcnprot.sys [2013-10-17 36928]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2013-6-22 27008]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [2016-3-24 192216]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2016-3-24 65408]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\WINDOWS\System32\drivers\RtsUVStor.sys [2012-12-20 299520]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-30 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-30 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-30 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-30 694784]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 wsvd;wsvd;C:\WINDOWS\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-18 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-3-18 29696]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 HPSIService;HP SI Service;C:\WINDOWS\System32\HPSIsvc.exe [2013-4-6 126880]
S4 HTCMonitorService;HTCMonitorService;C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-11-18 87368]
S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2016-3-24 1514464]
S4 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2016-3-24 1136608]
S4 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S4 Motorola Device Manager;Motorola Device Manager Service;C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [2013-11-15 137528]
S4 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2013-10-17 166912]
S4 PST Service;PST Service;C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [2013-5-25 65657]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-2-18 315488]
S4 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-9-12 247968]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-8-14 2656280]
S4 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [2010-9-8 288256]
S4 WDFME;WD File Management Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [2010-9-8 1034752]
S4 WDSC;WD File Management Shadow Engine;C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [2010-9-8 485376]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: opera.exe: open="C:\Program Files (x86)\Opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2016-03-30 17:34:49 -------- d-----w- C:\Program Files\iPod
2016-03-30 17:34:49 -------- d-----w- C:\Program Files (x86)\iTunes
2016-03-30 17:34:48 -------- d-----w- C:\Program Files\iTunes
2016-03-30 17:32:05 -------- d-----w- C:\Program Files\Bonjour
2016-03-30 17:32:05 -------- d-----w- C:\Program Files (x86)\Bonjour
2016-03-30 16:59:09 37144 ----a-w- C:\WINDOWS\System32\drivers\aswKbd.sys
2016-03-30 15:47:28 -------- d-----w- C:\Users\Bim\AppData\Roaming\AVAST Software
2016-03-30 15:45:35 74544 ----a-w- C:\WINDOWS\System32\drivers\aswRvrt.sys
2016-03-30 15:45:35 37656 ----a-w- C:\WINDOWS\System32\drivers\aswHwid.sys
2016-03-30 15:45:35 287016 ----a-w- C:\WINDOWS\System32\drivers\aswVmm.sys
2016-03-30 15:45:35 165344 ----a-w- C:\WINDOWS\System32\drivers\aswStm.sys
2016-03-30 15:45:35 107792 ----a-w- C:\WINDOWS\System32\drivers\aswMonFlt.sys
2016-03-30 15:45:35 1070904 ----a-w- C:\WINDOWS\System32\drivers\aswSnx.sys
2016-03-30 15:45:35 103064 ----a-w- C:\WINDOWS\System32\drivers\aswRdr2.sys
2016-03-30 15:44:47 52184 ----a-w- C:\WINDOWS\avastSS.scr
2016-03-30 15:43:08 -------- d-----w- C:\Program Files\AVAST Software
2016-03-30 13:44:05 -------- d-----w- C:\Program Files\Common Files\McAfee
2016-03-30 13:44:05 -------- d-----w- C:\Program Files (x86)\Common Files\McAfee
2016-03-30 12:16:27 11686560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{352B997F-20F0-4DC8-80A5-A9DACE5454C2}\mpengine.dll
2016-03-30 03:39:52 -------- d-sh--w- C:\BOOT
2016-03-30 03:31:45 22704 ----a-w- C:\WINDOWS\System32\drivers\EsgScanner.sys
2016-03-30 02:21:11 11686560 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2016-03-30 01:11:50 -------- d-----w- C:\Program Files (x86)\eM Client
2016-03-30 00:16:55 -------- d-s---w- C:\WINDOWS\SysWow64\Microsoft
2016-03-29 13:54:58 -------- d-----w- C:\EEK
2016-03-25 02:36:56 -------- d-----w- C:\Program Files (x86)\Avira
2016-03-25 01:29:50 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-03-25 01:29:11 65408 ----a-w- C:\WINDOWS\System32\drivers\mwac.sys
2016-03-25 01:29:11 140672 ----a-w- C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-03-25 01:29:11 -------- d---a-w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-25 00:18:14 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2016-03-24 21:31:10 -------- d-----w- C:\ProgramData\dllescort
2016-03-24 21:30:37 -------- d---a-w- C:\Program Files (x86)\DLLEscort
2016-03-24 21:18:17 -------- d-----w- C:\WINDOWS\en
2016-03-24 21:13:57 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\126a41f91d1861201\DSETUP.dll
2016-03-24 21:13:57 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\126a41f91d1861201\DXSETUP.exe
2016-03-24 21:13:57 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\126a41f91d1861201\dsetup32.dll
2016-03-24 20:34:37 -------- d-----w- C:\Users\Bim\AppData\Local\Comms
2016-03-24 20:21:34 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\NisBackup\gapaengine.dll
2016-03-24 20:21:28 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8E3ABC2E-6BE8-4A6E-9A82-4AB097BA2603}\gapaengine.dll
2016-03-18 08:24:30 -------- dc----w- C:\WINDOWS\Panther
2016-03-18 08:19:37 -------- d-----w- C:\Windows.old
2016-03-18 08:16:54 931328 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL
2016-03-18 08:15:56 621568 ----a-w- C:\WINDOWS\System32\wbiosrvc.dll
2016-03-18 08:08:32 -------- d-----w- C:\WINDOWS\System32\Microsoft
2016-03-18 08:05:11 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2016-03-18 08:05:11 -------- d-----w- C:\WINDOWS\System32\msmq
2016-03-18 08:05:11 -------- d-----w- C:\WINDOWS\System32\BestPractices
2016-03-18 08:05:10 -------- d-----w- C:\inetpub
2016-03-18 08:04:12 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2016-03-18 08:04:12 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2016-03-18 08:04:11 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2016-03-18 08:04:06 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2016-03-18 08:04:06 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2016-03-18 08:04:06 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2016-03-18 08:03:45 304752 ----a-w- C:\WINDOWS\System32\systemreset.exe
2016-03-18 08:03:45 277856 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys
2016-03-18 08:03:45 185184 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys
2016-03-18 08:03:45 1087488 ----a-w- C:\WINDOWS\System32\reseteng.dll
2016-03-18 05:22:25 -------- d-----w- C:\Users\Bim\AppData\Local\ActiveSync
2016-03-18 05:17:20 -------- d-sh--we C:\ProgramData\Documents
2016-03-18 0512 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2016-03-18 05:02:12 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2016-03-18 05:02:11 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2016-03-18 04:46:41 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2016-03-18 04:46:33 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2016-03-18 04:37:26 -------- d-----w- C:\Program Files (x86)\USB Camera
2016-03-18 04:36:58 -------- d-----w- C:\Program Files\Synaptics
2016-03-18 04:36:11 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2016-03-18 04:32:42 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2016-03-18 04:29:45 -------- d-sh--w- C:\found.001
2016-03-18 03:26:52 232832 ----a-w- C:\WINDOWS\System32\WDMBL_AP1NC_2_2_0.dll
.
==================== Find3M ====================
.
2016-03-18 08:16:54 785088 ----a-w- C:\WINDOWS\System32\evr.dll
2016-03-18 08:15:56 5242496 ----a-w- C:\WINDOWS\SysWow64\windows.storage.dll
2016-03-18 08:05:05 96768 ----a-w- C:\WINDOWS\SysWow64\mqoa.tlb
2016-03-18 08:05:05 91136 ----a-w- C:\WINDOWS\SysWow64\mqoa30.tlb
2016-03-18 08:05:05 55808 ----a-w- C:\WINDOWS\SysWow64\mqoa20.tlb
2016-03-18 08:05:05 37376 ----a-w- C:\WINDOWS\SysWow64\mqoa10.tlb
2016-03-18 08:05:04 635904 ----a-w- C:\WINDOWS\SysWow64\mqsnap.dll
2016-03-18 08:05:03 14848 ----a-w- C:\WINDOWS\SysWow64\mqcertui.dll
2016-03-18 08:05:02 56320 ----a-w- C:\WINDOWS\System32\admwprox.dll
2016-03-18 08:05:02 53248 ----a-w- C:\WINDOWS\System32\ahadmin.dll
2016-03-18 08:05:02 202240 ----a-w- C:\WINDOWS\System32\iisRtl.dll
2016-03-18 08:05:02 19456 ----a-w- C:\WINDOWS\System32\iisreset.exe
2016-03-18 08:05:02 15360 ----a-w- C:\WINDOWS\System32\wamregps.dll
2016-03-18 08:05:02 13312 ----a-w- C:\WINDOWS\System32\iisrstap.dll
2016-03-18 08:05:00 175616 ----a-w- C:\WINDOWS\System32\drivers\mqac.sys
2016-03-10 18:08:54 27008 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys
2016-03-08 07:12:26 829944 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2016-03-08 07:12:26 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2014-02-25 04:47:10 49940480 ----a-w- C:\Program Files (x86)\GUT5C55.tmp
.
============= FINISH: 14:39:04.93 ===============
Attached Files
File Type: txt attach.txt (21.5 KB, 42 views)
luteplayers is offline  
Sponsored Links
Advertisement
 
Old 04-08-2016, 06:43 AM   #2
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



Bumping
luteplayers is offline  
Old 04-09-2016, 08:04 PM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Clean
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 04-10-2016, 02:26 PM   #4
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



# AdwCleaner v5.110 - Logfile created 10/04/2016 at 17:01:23
# Updated 10/04/2016 by Xplode
# Database : 2016-04-10.3 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Bim - LENOVO
# Running from : C:\Users\Bim\Desktop\AdwCleaner (1).exe
# Option : Clean
# Support : ToolsLib - Forum: Ask for help or share your experience.

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
[-] Folder Deleted : C:\ProgramData\Network Acceleration
[-] Folder Deleted : C:\ProgramData\Partner
[-] Folder Deleted : C:\ProgramData\SoftSafe
[-] Folder Deleted : C:\ProgramData\9b46cc31ed53ef7a
[-] Folder Deleted : C:\ProgramData\BesTSAveFoorrYou
[-] Folder Deleted : C:\ProgramData\NewoSauver
[-] Folder Deleted : C:\ProgramData\ReemaovETheAudApp
[-] Folder Deleted : C:\ProgramData\RoboSavoer
[#] Folder Deleted : C:\ProgramData\Application Data\Network Acceleration
[#] Folder Deleted : C:\ProgramData\Application Data\Partner
[#] Folder Deleted : C:\ProgramData\Application Data\SoftSafe
[#] Folder Deleted : C:\ProgramData\Application Data\9b46cc31ed53ef7a
[#] Folder Deleted : C:\ProgramData\Application Data\BesTSAveFoorrYou
[#] Folder Deleted : C:\ProgramData\Application Data\NewoSauver
[#] Folder Deleted : C:\ProgramData\Application Data\ReemaovETheAudApp
[#] Folder Deleted : C:\ProgramData\Application Data\RoboSavoer
[-] Folder Deleted : C:\Users\Bim\AppData\Roaming\NCdownloader

***** [ Files ] *****

[-] File Deleted : C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126\invalidprefs.js

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd
[-] Key Deleted : HKLM\SOFTWARE\SP Global
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Data Restored : HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\Software\Microsoft\Internet Explorer\Main [Search Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]

***** [ Web browsers ] *****

[-] [C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126\prefs.js] [Preference] Deleted : user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1459823452);
[-] [C:\Users\Bim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : bopakagnckmlgajfccecajhnimjiiedh
[-] [C:\Users\Bim\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : fcfenmboojpjinhpgggodefccipikbpd

*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3133 bytes] - [10/04/2016 17:01:23]
C:\AdwCleaner\AdwCleaner[S1].txt - [3470 bytes] - [10/04/2016 16:54:49]
C:\AdwCleaner\AdwCleaner[S2].txt - [3470 bytes] - [10/04/2016 16:55:11]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3352 bytes] ##########
=
luteplayers is offline  
Old 04-10-2016, 02:32 PM   #5
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-04-2016
Ran by Bim (administrator) on LENOVO (10-04-2016 17:14:08)
Running from C:\Users\Bim\Desktop
Loaded Profiles: Bim (Available Profiles: Bim & Administrator & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Dropbox, Inc.) C:\Users\Bim\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo) C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Bim\Desktop\FRST64 (1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9753024 2012-08-15] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5908928 2012-08-15] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-09-12] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [561672 2015-06-12] (Vimicro)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332_STI.EXE
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2010-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2011-01-28] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe [228448 2011-01-28] (CyberLink Corp.)
HKLM-x32\...\Run: [VeriFaceManager] => C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe [329056 2012-08-15] (Lenovo)
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-30] (AVAST Software)
HKLM-x32\...\Run: [WD Quick View] => C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5564784 2015-02-12] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1160536 2015-02-22] (Ruiware LLC)
HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\...\Run: [Dropbox Update] => C:\Users\Bim\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.)
HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\...\Run: [BingSvc] => C:\Users\Bim\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-12-01] ( 2015 Microsoft Corporation)
HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\...\Run: [eM Client] => C:\Program Files (x86)\eM Client\MailClient.exe [15698792 2016-02-29] (eM Client s.r.o.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-30] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [VeriFace Enc] -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll [2012-08-15] ()
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Bim\AppData\Roaming\Dropbox\bin\DropboxExt.34.dll [2016-03-11] (Dropbox, Inc.)
Startup: C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2016-03-24]
ShortcutTarget: Dropbox.lnk -> C:\Users\Bim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\VoiceZoneConnect.lnk [2016-02-13]
ShortcutTarget: VoiceZoneConnect.lnk -> C:\Program Files (x86)\VoiceZoneConnect\VoiceZoneConnect.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{2022bb95-d545-437e-aa8b-68b59ad49780}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{2022bb95-d545-437e-aa8b-68b59ad49780}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-2522751667-1833762692-3581250442-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN_enUS510
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-30] (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-30] (AVAST Software)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2522751667-1833762692-3581250442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()

FireFox:
========
FF ProfilePath: C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://www.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_197.dll [2016-03-30] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_197.dll [2016-03-30] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-03-24] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2522751667-1833762692-3581250442-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Bim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-12-17] (Unity Technologies ApS)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL [2007-03-22] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Extension: Bing Search - C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126\Extensions\[email protected] [2015-11-24]
FF Extension: Adblock Plus - C:\Users\Bim\AppData\Roaming\Mozilla\Firefox\Profiles\fm3lk5bj.default-1371903701126\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-28]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-30]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-30]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

Chrome:
=======
CHR Profile: C:\Users\Bim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Chrome Web Store Payments) - C:\Users\Bim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-10]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-30] (AVAST Software)
S4 HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [87368 2013-11-18] (Nero AG)
S4 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
S4 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S4 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
S4 PST Service; C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe [65657 2011-09-02] (Motorola) [File not signed]
S4 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [49136 2015-05-15] ()
S4 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-09-12] (Synaptics Incorporated)
S4 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-09-08] (WDC) [File not signed]
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [302968 2015-02-12] (Western Digital Technologies, Inc.)
S4 WDFME; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe [1034752 2010-09-08] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S4 WDSC; C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe [485376 2010-09-08] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-30] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-30] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-30] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-30] (AVAST Software)
R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-29] ()
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-30] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-09-12] (Synaptics Incorporated)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [802312 2015-06-12] (Vimicro Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 17:14 - 2016-04-10 17:15 - 00020188 _____ C:\Users\Bim\Desktop\FRST.txt
2016-04-10 17:12 - 2016-04-10 17:14 - 00000000 ____D C:\FRST
2016-04-10 16:57 - 2016-04-10 16:57 - 02375168 _____ (Farbar) C:\Users\Bim\Downloads\FRST64 (1).exe
2016-04-10 16:57 - 2016-04-10 16:57 - 02375168 _____ (Farbar) C:\Users\Bim\Desktop\FRST64 (1).exe
2016-04-10 16:53 - 2016-04-10 17:01 - 00000000 ____D C:\AdwCleaner
2016-04-10 16:52 - 2016-04-10 16:52 - 03465280 _____ C:\Users\Bim\Downloads\AdwCleaner (1).exe
2016-04-10 16:52 - 2016-04-10 16:52 - 03465280 _____ C:\Users\Bim\Desktop\AdwCleaner (1).exe
2016-04-01 16:07 - 2016-04-04 22:44 - 00003257 _____ C:\Users\Bim\Desktop\April2016Bills.txt
2016-04-01 15:54 - 2016-04-01 15:54 - 00000000 ____D C:\Users\Bim\Downloads\WD_Quick_View_Setup_for_Windows
2016-04-01 15:33 - 2016-04-01 15:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2016-04-01 15:31 - 2016-04-01 15:31 - 04341113 _____ C:\Users\Bim\Downloads\WD_Quick_View_Setup_for_Windows.zip
2016-04-01 15:28 - 2016-04-01 15:28 - 71601392 _____ C:\Users\Bim\Downloads\mc_windows_setup.exe
2016-04-01 15:12 - 2016-04-01 15:15 - 3618963456 _____ C:\Users\Bim\Downloads\Windows.iso
2016-04-01 14:51 - 2016-04-01 14:51 - 18447464 _____ (Microsoft Corporation) C:\Users\Bim\Downloads\MediaCreationTool.exe
2016-04-01 14:51 - 2016-04-01 14:51 - 00000000 ___HD C:\$Windows.~WS
2016-04-01 14:34 - 2016-03-29 16:06 - 00688992 ____R (Swearware) C:\Users\Bim\Desktop\dds.scr
2016-03-30 14:07 - 2016-03-30 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-03-30 14:06 - 2016-03-30 14:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-03-30 13:35 - 2016-03-30 13:35 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-03-30 13:35 - 2016-03-30 13:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-03-30 13:34 - 2016-03-30 13:35 - 00000000 ____D C:\Program Files\iTunes
2016-03-30 13:34 - 2016-03-30 13:34 - 00000000 ____D C:\Program Files\iPod
2016-03-30 13:34 - 2016-03-30 13:34 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-03-30 13:32 - 2016-03-30 13:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-30 13:32 - 2016-03-30 13:32 - 00000000 ____D C:\Program Files\Bonjour
2016-03-30 13:32 - 2016-03-30 13:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-03-30 13:32 - 2016-03-30 13:32 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-30 12:59 - 2016-03-30 12:59 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-30 11:49 - 2016-03-30 11:45 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-30 11:47 - 2016-03-30 11:47 - 00000000 ____D C:\Users\Bim\AppData\Roaming\AVAST Software
2016-03-30 11:46 - 2016-03-30 11:46 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
2016-03-30 11:46 - 2016-03-30 11:46 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2016-03-30 11:45 - 2016-03-30 13:02 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-30 11:45 - 2016-03-30 11:46 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-30 11:45 - 2016-03-30 11:46 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-30 11:45 - 2016-03-30 11:46 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-30 11:45 - 2016-03-30 11:46 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-30 11:45 - 2016-03-30 11:45 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-03-30 11:45 - 2016-03-30 11:45 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-03-30 11:45 - 2016-03-30 11:45 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-30 11:45 - 2016-03-30 11:45 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-30 11:44 - 2016-03-30 11:44 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-30 11:43 - 2016-03-30 12:59 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-30 11:41 - 2016-03-30 11:41 - 05066104 _____ (AVAST Software) C:\Users\Bim\Downloads\avast_free_antivirus_setup_online_cnet2.exe
2016-03-30 11:41 - 2016-03-30 11:41 - 05066104 _____ (AVAST Software) C:\Users\Bim\Downloads\avast_free_antivirus_setup_online_cnet2 (1).exe
2016-03-30 10:28 - 2016-03-30 10:28 - 02622304 _____ (Kaspersky Lab) C:\Users\Bim\Downloads\kss16.0.0.1344en_9702.exe
2016-03-30 10:14 - 2016-03-30 10:14 - 02374144 _____ (Farbar) C:\Users\Bim\Downloads\FRST64.exe
2016-03-30 10:13 - 2016-03-30 10:13 - 03102208 _____ C:\Users\Bim\Downloads\AdwCleaner.exe
2016-03-30 10:05 - 2016-03-30 10:06 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_n0f-LrirV0baqmdFpEBTBA2_key.exe
2016-03-30 09:48 - 2016-03-30 09:48 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\mcafee_Setup_serial_2lV5mqz2ioVSFYqUZQ_9cw2_key.exe
2016-03-30 09:44 - 2016-03-30 12:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-30 09:43 - 2016-03-30 09:43 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_MFQhLkARp5np3yvypxD7jA2_key.exe
2016-03-29 23:32 - 2016-03-29 23:32 - 00000000 _____ C:\autoexec.bat
2016-03-29 23:31 - 2016-03-29 23:31 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Bim\Downloads\SpyHunter-Installer.exe
2016-03-29 23:31 - 2016-03-29 23:31 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-03-29 21:11 - 2016-03-29 21:11 - 15564800 _____ C:\Users\Bim\Downloads\setup(2).msi
2016-03-29 21:11 - 2016-03-29 21:11 - 00001035 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eM Client.lnk
2016-03-29 21:11 - 2016-03-29 21:11 - 00000000 ____D C:\Program Files (x86)\eM Client
2016-03-29 21:01 - 2016-03-29 21:02 - 00000000 ____D C:\Users\Bim\Documents\eM Client
2016-03-29 20:39 - 2016-03-29 20:39 - 55550688 _____ (Microsoft Corporation) C:\Users\Bim\Downloads\Windows-KB890830-x64-V5.34.exe
2016-03-29 20:34 - 2016-03-29 20:34 - 02097152 _____ C:\Users\Bim\Downloads\msert.exe
2016-03-29 16:18 - 2016-03-29 16:18 - 00388608 _____ (Trend Micro Inc.) C:\Users\Bim\Downloads\HijackThis.exe
2016-03-29 16:12 - 2016-04-01 14:39 - 00031505 _____ C:\Users\Bim\Desktop\dds.txt
2016-03-29 16:12 - 2016-04-01 14:39 - 00022012 _____ C:\Users\Bim\Desktop\attach.txt
2016-03-29 16:05 - 2016-03-29 16:06 - 00688992 ____R (Swearware) C:\Users\Bim\Downloads\dds.scr
2016-03-29 15:21 - 2016-03-29 15:21 - 02870984 _____ (ESET) C:\Users\Bim\Downloads\esetsmartinstaller_enu (3).exe
2016-03-29 10:23 - 2016-03-29 10:23 - 02870984 _____ (ESET) C:\Users\Bim\Downloads\esetsmartinstaller_enu (2).exe
2016-03-29 10:23 - 2016-03-29 10:23 - 02870984 _____ (ESET) C:\Users\Bim\Downloads\esetsmartinstaller_enu (1).exe
2016-03-29 09:54 - 2016-03-29 10:20 - 00000000 ____D C:\EEK
2016-03-29 08:34 - 2016-03-29 08:34 - 02622792 _____ (Kaspersky Lab) C:\Users\Bim\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328 (1).exe
2016-03-29 08:32 - 2016-03-29 08:32 - 02870984 _____ (ESET) C:\Users\Bim\Downloads\esetsmartinstaller_enu.exe
2016-03-29 08:28 - 2016-03-29 08:28 - 02622792 _____ (Kaspersky Lab) C:\Users\Bim\Downloads\kss16.0.0.1344en_ru_de_fr_es_pt_it_zh-hans_nl_pl_tr_cs_ko_id_vi_ar_fa_zh-hant_9328.exe
2016-03-25 00:19 - 2016-03-29 09:19 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-25 00:15 - 2016-03-29 09:23 - 00641222 _____ C:\WINDOWS\ntbtlog.txt
2016-03-25 00:13 - 2016-03-25 00:13 - 00002394 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-25 00:13 - 2016-03-25 00:13 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-03-25 00:08 - 2016-03-25 00:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-03-25 00:08 - 2016-03-25 00:08 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-03-25 00:02 - 2016-03-25 00:02 - 00000000 ____D C:\Users\Administrator\AppData\Local\Western Digital
2016-03-25 00:00 - 2016-03-25 00:00 - 00000000 ____D C:\Users\Administrator\AppData\Local\ActiveSync
2016-03-24 23:59 - 2016-03-24 23:59 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-03-24 23:57 - 2016-03-25 00:01 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-03-24 23:57 - 2016-03-24 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-03-24 23:57 - 2016-03-24 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-03-24 23:57 - 2016-03-24 23:57 - 00000000 ____D C:\Users\Administrator\AppData\Local\Google
2016-03-24 23:56 - 2016-03-25 00:13 - 00000000 ____D C:\Users\Administrator
2016-03-24 23:56 - 2016-03-25 00:02 - 00002046 _____ C:\Users\Administrator\Desktop\OneKey Recovery.lnk
2016-03-24 23:56 - 2016-03-25 00:02 - 00001122 _____ C:\Users\Administrator\Desktop\Cyberlink Power2Go.lnk
2016-03-24 23:56 - 2016-03-25 00:02 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-24 23:56 - 2016-03-24 23:56 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-03-24 23:56 - 2016-03-24 23:56 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-03-24 23:56 - 2016-03-24 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-03-24 23:56 - 2016-03-24 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-03-24 23:56 - 2016-03-24 23:56 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-03-24 23:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Media Center Programs
2016-03-24 23:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-03-24 23:56 - 2010-12-19 01:31 - 00000189 _____ C:\Users\Administrator\Desktop\Lenovo Telephony Start Now.url
2016-03-24 22:36 - 2016-03-29 20:01 - 00000000 ____D C:\Program Files (x86)\Avira
2016-03-24 22:34 - 2016-03-24 22:35 - 04733568 _____ (Avira Operations GmbH & Co. KG) C:\Users\Bim\Downloads\avira_en_av_56f4a3505f85f__ws.exe
2016-03-24 21:29 - 2016-03-30 11:56 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-24 21:29 - 2016-03-24 21:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-24 21:29 - 2016-03-24 21:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-24 21:29 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-24 21:29 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-24 21:26 - 2016-03-24 21:27 - 22851472 _____ (Malwarebytes ) C:\Users\Bim\Downloads\mbam-setup-2.2.1.1043.exe
2016-03-24 20:18 - 2016-03-24 20:18 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-24 17:37 - 2016-03-24 17:37 - 02788573 _____ C:\Users\Bim\Downloads\mshtml.zip
2016-03-24 17:31 - 2016-03-29 20:21 - 00000000 ____D C:\ProgramData\dllescort
2016-03-24 17:30 - 2016-03-29 20:24 - 00000000 ____D C:\Program Files (x86)\DLLEscort
2016-03-24 17:30 - 2016-03-24 17:30 - 00001092 _____ C:\Users\Public\Desktop\DLLEscort.lnk
2016-03-24 17:30 - 2016-03-24 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLL Escort 2014
2016-03-24 17:26 - 2016-03-24 17:27 - 08778293 _____ ( ) C:\Users\Bim\Downloads\DLLEscort_Setup.exe
2016-03-24 17:18 - 2016-03-24 17:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-03-24 17:18 - 2016-03-24 17:18 - 00000000 ____D C:\WINDOWS\en
2016-03-24 17:17 - 2016-03-24 17:17 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2016-03-24 17:17 - 2016-03-24 17:17 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2016-03-24 17:16 - 2016-03-24 17:16 - 00000000 ____D C:\Program Files\Windows Live
2016-03-24 17:14 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2016-03-24 17:14 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2016-03-24 17:14 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2016-03-24 17:14 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2016-03-24 17:14 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2016-03-24 17:14 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2016-03-24 17:14 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2016-03-24 17:14 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2016-03-24 17:14 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2016-03-24 17:14 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2016-03-24 17:14 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2016-03-24 17:13 - 2016-03-24 17:13 - 01239752 _____ (Microsoft Corporation) C:\Users\Bim\Downloads\wlsetup-web (2).exe
2016-03-24 17:12 - 2016-03-24 17:12 - 01239752 _____ (Microsoft Corporation) C:\Users\Bim\Downloads\wlsetup-web (1).exe
2016-03-24 17:08 - 2016-03-24 17:08 - 01239752 _____ (Microsoft Corporation) C:\Users\Bim\Downloads\wlsetup-web.exe
2016-03-24 16:57 - 2016-03-24 17:01 - 15564800 _____ C:\Users\Bim\Downloads\setup (1).msi
2016-03-24 16:34 - 2016-03-24 16:34 - 00000000 ____D C:\Users\Bim\AppData\Local\Comms
2016-03-24 16:14 - 2016-03-24 16:14 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-24 16:03 - 2016-03-24 16:03 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-03-18 04:24 - 2016-04-01 15:19 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-18 04:19 - 2016-03-18 04:19 - 00000000 ____D C:\Windows.old
2016-03-18 04:17 - 2016-03-18 04:17 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-03-18 04:17 - 2016-03-18 04:17 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-18 04:17 - 2016-03-18 04:17 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-18 04:17 - 2016-03-18 04:17 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-18 04:17 - 2016-03-18 04:17 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-18 04:17 - 2016-03-18 04:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-03-18 04:17 - 2016-03-18 04:17 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-03-18 04:17 - 2016-03-18 04:17 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-18 04:17 - 2016-03-18 04:17 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-03-18 04:17 - 2016-03-18 04:17 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-03-18 04:17 - 2016-03-18 04:17 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-03-18 04:17 - 2016-03-18 04:17 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-18 04:17 - 2016-03-18 04:17 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-03-18 04:16 - 2016-03-18 04:16 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-03-18 04:16 - 2016-03-18 04:16 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-03-18 04:16 - 2016-03-18 04:16 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-03-18 04:16 - 2016-03-18 04:16 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-18 04:16 - 2016-03-18 04:16 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-03-18 04:16 - 2016-03-18 04:16 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-18 04:16 - 2016-03-18 04:16 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-03-18 04:16 - 2016-03-18 04:16 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-03-18 04:16 - 2016-03-18 04:16 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
Attached Files
File Type: txt Addition.txt (61.5 KB, 26 views)
luteplayers is offline  
Old 04-10-2016, 02:34 PM   #6
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



2016-03-18 04:16 - 2016-03-18 04:16 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-18 04:16 - 2016-03-18 04:16 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-03-18 04:16 - 2016-03-18 04:16 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-03-18 04:16 - 2016-03-18 04:16 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-03-18 04:16 - 2016-03-18 04:16 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-03-18 04:16 - 2016-03-18 04:16 - 00000000 _____ C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-18 04:15 - 2016-03-18 04:15 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-18 04:15 - 2016-03-18 04:15 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-03-18 04:15 - 2016-03-18 04:15 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-03-18 04:15 - 2016-03-18 04:15 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-18 04:15 - 2016-03-18 04:15 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-03-18 04:15 - 2016-03-18 04:15 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-03-18 04:08 - 2016-03-18 04:08 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\Program Files\MSBuild
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-18 04:05 - 2016-03-18 04:05 - 00000000 ____D C:\inetpub
2016-03-18 04:04 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-18 04:04 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-18 04:04 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-18 04:04 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-18 04:04 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-18 04:04 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-18 04:03 - 2016-03-18 04:03 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-18 04:03 - 2016-03-18 04:03 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-18 04:03 - 2016-03-18 04:03 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-18 04:03 - 2016-03-18 04:03 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-18 03:54 - 2016-03-18 03:54 - 00000000 ____H C:\$WINRE_BACKUP_PARTITION.MARKER
2016-03-18 01:22 - 2016-03-18 01:22 - 00000000 ____D C:\Users\Bim\AppData\Local\ActiveSync
2016-03-18 01:19 - 2016-03-18 01:19 - 00000020 ___SH C:\Users\Bim\ntuser.ini
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-18 01:17 - 2016-03-18 01:17 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-18 01:10 - 2016-04-10 17:03 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-18 00:56 - 2016-03-18 00:56 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-03-18 00:56 - 2016-03-18 00:56 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-03-18 00:46 - 2016-03-18 00:59 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-03-18 00:46 - 2016-03-18 00:46 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-03-18 00:43 - 2016-03-30 12:59 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-18 00:43 - 2016-03-30 12:53 - 00000000 ____D C:\Users\Bim
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\Bim\My Documents
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\Bim\Documents\My Videos
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\Bim\Documents\My Pictures
2016-03-18 00:43 - 2016-03-18 00:43 - 00000000 _SHDL C:\Users\Bim\Documents\My Music
2016-03-18 00:42 - 2016-04-10 16:50 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-18 00:42 - 2016-03-18 00:42 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-18 00:37 - 2016-03-18 00:37 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-03-18 00:37 - 2016-03-18 00:37 - 00000000 ____D C:\Program Files (x86)\USB Camera
2016-03-18 00:36 - 2016-03-18 00:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-03-18 00:36 - 2016-03-18 00:36 - 00000000 ____D C:\Program Files\Synaptics
2016-03-18 00:36 - 2015-10-30 03:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-03-18 00:31 - 2016-03-18 01:00 - 00285472 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-18 00:29 - 2016-03-18 00:29 - 00000000 __SHD C:\found.001
2016-03-17 23:26 - 2016-03-17 23:26 - 00232832 _____ (Western Digital Technologies, Inc.) C:\WINDOWS\system32\WDMBL_AP1NC_2_2_0.dll
2016-03-17 22:12 - 2016-03-18 00:44 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-17 22:12 - 2016-02-13 13:35 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2016-03-17 22:12 - 2015-08-07 00:29 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-03-17 22:12 - 2012-08-15 00:28 - 00002104 _____ C:\Users\DefaultAppPool\Desktop\OneKey Recovery.lnk
2016-03-17 22:12 - 2012-08-15 00:14 - 00001140 _____ C:\Users\DefaultAppPool\Desktop\Cyberlink Power2Go.lnk
2016-03-17 22:12 - 2010-12-19 01:31 - 00000189 _____ C:\Users\DefaultAppPool\Desktop\Lenovo Telephony Start Now.url
2016-03-17 22:10 - 2016-03-30 12:23 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-10 17:11 - 2012-11-16 00:28 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-10 17:07 - 2012-11-15 22:27 - 00000000 ___RD C:\Dropbox
2016-04-10 17:07 - 2012-11-15 22:24 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Dropbox
2016-04-10 17:06 - 2012-08-15 00:21 - 00000000 ____D C:\ProgramData\VeriFace
2016-04-10 17:05 - 2012-08-15 00:28 - 00427985 _____ C:\WINDOWS\system32\fastboot.set
2016-04-10 17:05 - 2012-08-15 00:27 - 00000904 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-10 17:03 - 2012-11-14 21:37 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-10 17:02 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-10 16:55 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-10 16:55 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-10 16:50 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-04 23:17 - 2015-06-18 21:06 - 00000910 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2522751667-1833762692-3581250442-1000UA.job
2016-04-04 22:17 - 2015-06-18 21:06 - 00000858 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-2522751667-1833762692-3581250442-1000Core.job
2016-04-01 17:19 - 2013-07-01 05:54 - 00000000 ____D C:\Users\Bim\Desktop\Bills
2016-04-01 17:02 - 2016-02-12 23:25 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-01 15:33 - 2012-11-15 00:20 - 00000000 ____D C:\Program Files (x86)\Western Digital
2016-04-01 15:33 - 2012-11-14 23:37 - 00000000 ____D C:\ProgramData\Western Digital
2016-04-01 14:44 - 2015-05-14 20:51 - 00000000 ____D C:\Users\Bim\AppData\Roaming\eM Client
2016-04-01 11:47 - 2014-01-17 22:46 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-01 11:47 - 2014-01-17 22:46 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-30 15:48 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-30 15:47 - 2014-01-11 14:34 - 00000000 ____D C:\Users\Bim\AppData\Local\ElevatedDiagnostics
2016-03-30 14:10 - 2012-11-16 00:28 - 00003804 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2016-03-30 13:34 - 2015-03-07 17:08 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2016-03-30 13:34 - 2013-12-18 09:03 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-03-30 13:32 - 2013-12-18 09:04 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-30 12:59 - 2012-11-16 00:03 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-30 12:23 - 2014-06-04 22:11 - 00003940 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1385322849
2016-03-30 12:23 - 2013-02-07 21:48 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-30 12:09 - 2015-04-07 20:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-03-30 12:09 - 2012-11-14 21:40 - 00001282 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-03-30 12:09 - 2012-11-14 21:40 - 00001270 _____ C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
2016-03-30 12:06 - 2015-03-07 19:11 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-03-30 09:47 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-30 09:44 - 2012-08-15 00:16 - 00000000 ____D C:\ProgramData\McAfee
2016-03-29 22:21 - 2013-12-29 10:36 - 00000000 ____D C:\Users\Bim\AppData\Local\Packages
2016-03-29 20:40 - 2012-11-15 00:54 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-29 20:01 - 2012-08-15 00:27 - 00000000 ____D C:\Program Files\Google
2016-03-29 20:01 - 2012-08-15 00:27 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-29 19:40 - 2012-07-15 09:59 - 00000000 ____D C:\IncredibleRoot
2016-03-29 16:20 - 2012-11-14 20:42 - 00000000 ____D C:\Users\Bim\AppData\Local\VirtualStore
2016-03-29 15:59 - 2012-11-14 20:43 - 00000000 ____D C:\Users\Bim\AppData\Local\Google
2016-03-29 15:59 - 2012-08-15 00:27 - 00000000 ____D C:\ProgramData\Google
2016-03-29 15:50 - 2015-12-15 18:12 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-29 10:19 - 2014-01-30 23:56 - 00000000 ____D C:\ProgramData\jldonpdpandolojibfiblfnkhpalcdgb
2016-03-29 08:33 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-24 23:58 - 2015-08-07 06:53 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-24 22:20 - 2012-08-15 00:27 - 00003966 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-03-24 22:20 - 2012-08-15 00:27 - 00003734 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-03-24 22:20 - 2012-08-15 00:27 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-24 22:18 - 2014-01-30 23:56 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-24 22:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\IME
2016-03-24 22:15 - 2013-03-14 23:21 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2016-03-24 22:15 - 2013-03-14 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-03-24 21:29 - 2013-06-22 08:40 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-24 21:29 - 2013-06-22 08:40 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Malwarebytes
2016-03-24 21:29 - 2013-06-22 08:40 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-24 19:10 - 2013-03-14 23:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-24 17:18 - 2014-06-14 08:53 - 00000000 ____D C:\Users\Bim\AppData\Local\Windows Live
2016-03-24 17:16 - 2012-08-15 00:25 - 00002354 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
2016-03-24 17:16 - 2012-08-15 00:25 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2016-03-24 17:16 - 2012-08-15 00:25 - 00000000 ____D C:\Program Files (x86)\Windows Live
2016-03-24 16:10 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-03-24 16:06 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-03-18 04:24 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-18 04:18 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-18 04:18 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-18 04:18 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-18 04:18 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-18 04:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-03-18 04:05 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-03-18 04:05 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-03-18 04:05 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-03-18 04:05 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-03-18 04:05 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-03-18 04:05 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-03-18 04:05 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-03-18 04:05 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-03-18 04:05 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-03-18 04:05 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-03-18 04:05 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-03-18 04:05 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-03-18 04:05 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-03-18 04:05 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-03-18 04:04 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-03-18 04:04 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-03-18 04:04 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-03-18 04:04 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-03-18 04:04 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-03-18 04:04 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-03-18 04:04 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-03-18 04:04 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-03-18 04:04 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-03-18 04:04 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-03-18 01:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-18 01:21 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-03-18 01:21 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-03-18 01:20 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-03-18 01:18 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-18 01:16 - 2015-08-06 23:43 - 00023784 _____ C:\WINDOWS\diagerr.xml
2016-03-18 01:16 - 2015-08-06 23:43 - 00022863 _____ C:\WINDOWS\diagwrn.xml
2016-03-18 01:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-18 01:14 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-18 01:12 - 2016-02-05 00:41 - 00003350 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-18 01:12 - 2015-08-07 00:45 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-18 01:12 - 2014-03-15 09:34 - 00002578 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Update
2016-03-18 01:12 - 2014-03-15 09:34 - 00002386 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Initial Update
2016-03-18 01:11 - 2014-03-15 09:34 - 00002560 _____ C:\WINDOWS\System32\Tasks\Motorola Device Manager Engine
2016-03-18 01:11 - 2013-01-12 11:41 - 00002966 _____ C:\WINDOWS\System32\Tasks\Run RoboForm TaskBar Icon
2016-03-18 01:10 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-18 01:10 - 2015-06-18 21:06 - 00003526 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2522751667-1833762692-3581250442-1000UA
2016-03-18 01:10 - 2015-06-18 21:06 - 00003254 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2522751667-1833762692-3581250442-1000Core
2016-03-18 01:10 - 2015-05-14 20:52 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-03-18 01:10 - 2013-11-28 14:27 - 00002672 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3050A J611 series
2016-03-18 01:10 - 2012-08-15 00:21 - 00002518 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-03-18 00:59 - 2015-12-15 18:09 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TVMC
2016-03-18 00:59 - 2015-06-10 22:43 - 00000000 ___HD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo ThinkVantage Tools
2016-03-18 00:59 - 2014-10-18 03:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-18 00:59 - 2014-04-17 19:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2016-03-18 00:59 - 2014-03-15 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Motorola Device Manager
2016-03-18 00:59 - 2014-01-11 22:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.1
2016-03-18 00:59 - 2013-12-18 09:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sharepod
2016-03-18 00:59 - 2013-11-07 22:59 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoffeeCup Software
2016-03-18 00:59 - 2013-07-12 22:29 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-03-18 00:59 - 2013-06-15 07:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD SmartWare
2016-03-18 00:59 - 2013-04-06 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2016-03-18 00:59 - 2013-02-02 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2016-03-18 00:59 - 2012-11-16 00:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yahoo! Messenger
2016-03-18 00:59 - 2012-11-16 00:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IrfanView
2016-03-18 00:59 - 2012-11-16 00:04 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AIM for Windows
2016-03-18 00:59 - 2012-11-15 00:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-18 00:59 - 2012-11-15 00:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
2016-03-18 00:59 - 2012-08-15 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo Games
2016-03-18 00:59 - 2012-08-15 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-18 00:59 - 2012-08-15 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2016-03-18 00:59 - 2012-08-14 23:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-18 00:59 - 2009-07-14 01:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-18 00:56 - 2015-07-10 05:05 - 00000000 ____D C:\Users\Default.migrated
2016-03-18 00:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-18 00:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-18 00:50 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-03-18 00:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-03-18 00:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-18 00:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-18 00:47 - 2015-10-30 05:07 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-18 00:47 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-18 00:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-03-18 00:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-18 00:47 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-03-18 00:47 - 2015-07-15 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2016-03-18 00:47 - 2013-12-18 11:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VOWSoft iPod Software
2016-03-18 00:47 - 2012-11-16 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OnTarget Software
2016-03-18 00:47 - 2012-08-15 00:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo
2016-03-18 00:47 - 2011-09-28 23:37 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-18 00:46 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-18 00:46 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-18 00:46 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-18 00:46 - 2015-08-07 00:16 - 00000000 ____D C:\Program Files\CONEXANT
2016-03-18 00:46 - 2014-05-04 05:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HTC
2016-03-18 00:46 - 2012-12-20 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Globalscape
2016-03-18 00:46 - 2012-08-14 23:55 - 00000000 ____D C:\Program Files (x86)\Intel
2016-03-18 00:46 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-03-18 00:46 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-18 00:45 - 2015-09-28 21:06 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
2016-03-18 00:45 - 2013-04-06 15:45 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HP
2016-03-18 00:45 - 2012-11-15 08:37 - 00000000 ____D C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2016-03-18 00:41 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-18 00:37 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\System
2016-03-18 00:31 - 2015-10-30 05:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-03-17 23:43 - 2015-10-30 05:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-17 23:09 - 2013-08-30 21:55 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-17 22:57 - 2015-11-24 00:20 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-17 22:06 - 2015-08-08 21:51 - 00002397 _____ C:\Users\Bim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-17 22:06 - 2015-08-08 21:51 - 00000000 ___RD C:\Users\Bim\OneDrive

==================== Files in the root of some directories =======

2014-02-25 00:47 - 2014-02-25 00:47 - 49940480 _____ () C:\Program Files (x86)\GUT5C55.tmp
2013-05-15 21:59 - 2015-01-05 00:06 - 0558080 _____ () C:\Users\Bim\AppData\Roaming\SharedSettings.ccs
2012-11-17 07:07 - 2014-12-21 10:11 - 0005632 _____ () C:\Users\Bim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-28 14:25 - 2013-11-28 14:25 - 0000057 _____ () C:\ProgramData\Ament.ini

Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Bim\AppData\Local\Temp\4vjqh1e3.dll
C:\Users\Bim\AppData\Local\Temp\avgnt.exe


Some zero byte size files/folders:
==========================
C:\Windows\SysWOW64\mshtml.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-29 19:44

==================== End of FRST.txt ============================

This file was too large and I had to break it in to two posts.
luteplayers is offline  
Old 04-10-2016, 06:09 PM   #7
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello luteplayers. Why do you have McAfee cracks on your machine?

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {0F1FACD5-4D03-4D45-A1C3-0AD301B57A58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {15736CF6-BB9A-43F9-A936-FA565CC81B53} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {2D6987F5-FA3B-4AAA-92E4-3308826A10D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {3DB7B21C-DB90-46CC-9E8D-F7FFB9C21A98} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {3F24E43D-E9BA-409A-A511-8AA6CE3E7CD8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {5DDDE37F-07E7-43C6-8020-12C7CD1105A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7C122281-23FE-4E73-97DD-EC7139E63FD6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {A59804D4-1FB6-4677-9C85-CC510B630260} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {BDC6D3EF-FB7A-4055-BAFA-2AE077A81441} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {E6ECDA05-9B20-43D3-8A38-B6F102374109} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {E702743A-6780-4D86-9312-58E40240D172} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    FirewallRules: [{6F5CC527-ADA3-46ED-B75D-1F086534E51C}] => (Allow) C:\Users\Bim\AppData\Local\Temp\7zS249C\EasyInst64.exe
    FirewallRules: [{E1C87A76-73DB-4AB3-AFBE-332CD06CB702}] => (Allow) C:\Users\Bim\AppData\Local\Temp\7zS249C\EasyInst64.exe
    CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    CHR HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-2522751667-1833762692-3581250442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
    Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
    Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
    Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
    Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
    C:\Windows\SysWOW64\mshtml.dll
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
    2016-03-30 10:05 - 2016-03-30 10:06 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_n0f-LrirV0baqmdFpEBTBA2_key.exe
    2016-03-30 09:48 - 2016-03-30 09:48 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\mcafee_Setup_serial_2lV5mqz2ioVSFYqUZQ_9cw2_key.exe
    2016-03-30 09:44 - 2016-03-30 12:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
    2016-03-30 09:43 - 2016-03-30 09:43 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_MFQhLkARp5np3yvypxD7jA2_key.exe
    2016-03-29 23:31 - 2016-03-29 23:31 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Bim\Downloads\SpyHunter-Installer.exe
    S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-29] ()
    S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Avira.ServiceHost" /f
    Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Avira SystrayStartTrigger" /f
    Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "avgnt" /f
    Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
    Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
    Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
    Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
    Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
    Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-16-2016, 04:35 AM   #8
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



Hi Chemist,

I have no what McAfee cracks is doing on this machine. The only time I have tried anything with McAfee was after I ran into this problem. I'm a Time Warner Cable customer and McAfee is provided free for us. I didn't have it installed, but tried too after this infection without success.

I am backing up and working on getting the script run.
luteplayers is offline  
Old 04-16-2016, 06:38 AM   #9
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



Here are the results of FRST64 fix.

Fix result of Farbar Recovery Scan Tool (x64) Version:10-04-2016
Ran by Bim (2016-04-16 09:15:06) Run:1
Running from C:\Users\Bim\Desktop
Loaded Profiles: Bim (Available Profiles: Bim & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {0F1FACD5-4D03-4D45-A1C3-0AD301B57A58} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {15736CF6-BB9A-43F9-A936-FA565CC81B53} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {2D6987F5-FA3B-4AAA-92E4-3308826A10D7} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3DB7B21C-DB90-46CC-9E8D-F7FFB9C21A98} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {3F24E43D-E9BA-409A-A511-8AA6CE3E7CD8} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5DDDE37F-07E7-43C6-8020-12C7CD1105A5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7C122281-23FE-4E73-97DD-EC7139E63FD6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A59804D4-1FB6-4677-9C85-CC510B630260} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BDC6D3EF-FB7A-4055-BAFA-2AE077A81441} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {E6ECDA05-9B20-43D3-8A38-B6F102374109} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E702743A-6780-4D86-9312-58E40240D172} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
FirewallRules: [{6F5CC527-ADA3-46ED-B75D-1F086534E51C}] => (Allow) C:\Users\Bim\AppData\Local\Temp\7zS249C\EasyInst64.exe
FirewallRules: [{E1C87A76-73DB-4AB3-AFBE-332CD06CB702}] => (Allow) C:\Users\Bim\AppData\Local\Temp\7zS249C\EasyInst64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
CHR HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKU\S-1-5-21-2522751667-1833762692-3581250442-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: mailto - {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
Handler-x32: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll [2016-03-18] ()
C:\Windows\SysWOW64\mshtml.dll
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
2016-03-30 10:05 - 2016-03-30 10:06 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_n0f-LrirV0baqmdFpEBTBA2_key.exe
2016-03-30 09:48 - 2016-03-30 09:48 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\mcafee_Setup_serial_2lV5mqz2ioVSFYqUZQ_9cw2_key.exe
2016-03-30 09:44 - 2016-03-30 12:13 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-03-30 09:43 - 2016-03-30 09:43 - 08204776 _____ (McAfee, Inc.) C:\Users\Bim\Downloads\Setup_serial_MFQhLkARp5np3yvypxD7jA2_key.exe
2016-03-29 23:31 - 2016-03-29 23:31 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\Bim\Downloads\SpyHunter-Installer.exe
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-03-29] ()
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Avira.ServiceHost" /f
Reg: reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Avira SystrayStartTrigger" /f
Reg: reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "avgnt" /f
Winsock: Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\napinsp.dll"
Winsock: Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\system32\pnrpnsp.dll"
Winsock: Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552 2015-10-30] (Microsoft Corporation)ATTENTION: LibraryPath should be "%SystemRoot%\System32\winrnr.dll"
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0F1FACD5-4D03-4D45-A1C3-0AD301B57A58}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0F1FACD5-4D03-4D45-A1C3-0AD301B57A58}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15736CF6-BB9A-43F9-A936-FA565CC81B53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15736CF6-BB9A-43F9-A936-FA565CC81B53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2D6987F5-FA3B-4AAA-92E4-3308826A10D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2D6987F5-FA3B-4AAA-92E4-3308826A10D7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3DB7B21C-DB90-46CC-9E8D-F7FFB9C21A98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3DB7B21C-DB90-46CC-9E8D-F7FFB9C21A98}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F24E43D-E9BA-409A-A511-8AA6CE3E7CD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F24E43D-E9BA-409A-A511-8AA6CE3E7CD8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5DDDE37F-07E7-43C6-8020-12C7CD1105A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DDDE37F-07E7-43C6-8020-12C7CD1105A5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7C122281-23FE-4E73-97DD-EC7139E63FD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C122281-23FE-4E73-97DD-EC7139E63FD6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A59804D4-1FB6-4677-9C85-CC510B630260}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A59804D4-1FB6-4677-9C85-CC510B630260}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BDC6D3EF-FB7A-4055-BAFA-2AE077A81441}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BDC6D3EF-FB7A-4055-BAFA-2AE077A81441}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E6ECDA05-9B20-43D3-8A38-B6F102374109}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E6ECDA05-9B20-43D3-8A38-B6F102374109}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E702743A-6780-4D86-9312-58E40240D172}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E702743A-6780-4D86-9312-58E40240D172}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6F5CC527-ADA3-46ED-B75D-1F086534E51C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E1C87A76-73DB-4AB3-AFBE-332CD06CB702} => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
HKU\S-1-5-21-2522751667-1833762692-3581250442-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
"HKCR\Wow6432Node\PROTOCOLS\Handler\about" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\javascript" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\mailto" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\res" => key removed successfully
"HKCR\Wow6432Node\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}" => key removed successfully
"HKCR\Wow6432Node\PROTOCOLS\Handler\vbscript" => key removed successfully
HKCR\Wow6432Node\CLSID\{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} => key not found.
C:\Windows\SysWOW64\mshtml.dll => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk" => key removed successfully
C:\Users\Bim\Downloads\Setup_serial_n0f-LrirV0baqmdFpEBTBA2_key.exe => moved successfully
C:\Users\Bim\Downloads\mcafee_Setup_serial_2lV5mqz2ioVSFYqUZQ_9cw2_key.exe => moved successfully
C:\Program Files\Common Files\McAfee => moved successfully
C:\Users\Bim\Downloads\Setup_serial_MFQhLkARp5np3yvypxD7jA2_key.exe => moved successfully
C:\Users\Bim\Downloads\SpyHunter-Installer.exe => moved successfully
EsgScanner => service removed successfully
McComponentHostService => service removed successfully

========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\Avira.ServiceHost" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services\SpyHunter 4 Service" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "Avira SystrayStartTrigger" /f =========

The operation completed successfully.



========= End of Reg: =========


========= reg delete HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 /v "avgnt" /f =========

The operation completed successfully.



========= End of Reg: =========

Winsock: Catalog5 000000000001\\LibraryPath => restored successfully (%SystemRoot%\system32\NLAapi.dll)
Winsock: Catalog5 000000000002\\LibraryPath => restored successfully (%SystemRoot%\system32\napinsp.dll)
Winsock: Catalog5 000000000003\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000004\\LibraryPath => restored successfully (%SystemRoot%\system32\pnrpnsp.dll)
Winsock: Catalog5 000000000005\\LibraryPath => restored successfully (%SystemRoot%\System32\mswsock.dll)
Winsock: Catalog5 000000000006\\LibraryPath => restored successfully (%SystemRoot%\System32\winrnr.dll)
EmptyTemp: => 2 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 09:19:17 ====
luteplayers is offline  
Old 04-16-2016, 07:46 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, luteplayers. How is the machine behaving now?

------------------------------------------------------
  • Launch Malwarebytes' Anti-Malware
  • On the Dashboard, click the Scan Now button.
  • A check for database updates will be performed.
  • After the update check completes, a Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Remove Selected to allow MBAM to clean what was detected.
  • In most cases, a restart will be required and a prompt will be shown.
  • Wait for the prompt to restart the computer to appear, then click on Yes
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs
  • Double-click on the Scan Log which shows the Date and Time of the scan just performed.
  • Click Export
  • Click Text file (*.txt)
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named File Saved should appear stating "Your file has been successfully exported".
  • Click Ok
  • Post that saved log in your next reply.
------------------------------------------------------

Uninstall the following via the Programs and Features Panel(right-click the Windows "logo" button > Programs and Features):

Java(TM) 7 Update 51

These are all outdated, and security risks by having them installed still. Reboot your computer once all those Java components are removed.

Going forward, Java will overwrite existing installs, so removing older versions should not be required after this.

Go here and follow the prompts to install the latest Java > java.com: Java + You

Make sure you untick the box next to whatever free program they prompt you to install, unless you want it.
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (Programs)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Please run this online scan to help look for remnants. Ensure your external and/or USB drives are inserted during the scan.

Go here and click 'Run ESET Online Scanner'.
  • If you are not using Internet Explorer, double-click esetsmartinstaller_enu.exe to install it, then click 'Run'.
  • Turn off the real-time scanner of any existing antivirus program while performing the online scan. Here's how
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • If using Internet Explorer, allow the ActiveX control to install when asked.
  • Once the components have downloaded, tick the option Enable detection of potentially unwanted applications
  • Click on Advanced Settings
  • Make sure that the option Remove found threats is unticked.
  • Ensure these options are ticked:
    • Scan Archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Next to 'Current scan targets: Operating memory, Local drives', click the Change... button.
  • Tick all the boxes that correspond to your external/inserted drives.
  • Click Start
  • Wait for the scan to finish.
  • When the scan is done, if it shows a screen that says "Threats found!", click "List of found threats", and then click "Export to text file..."
  • Save that text file to your desktop, and then copy/paste the contents in your next reply.
------------------------------------------------------

Please post the following in your next reply:

MBAM log
ESET report
report on system behavior
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-20-2016, 04:22 AM   #11
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



Hi Chemist,

I'm working on getting the ESET Scan done, will post results tonight.

The system is running much better. I no longer am getting the bad image popups. I was unable to get java installed though. It kept asking for permission for IE11 to open a page, I uninstalled IE11 as I never use it anyway, and stopped getting the requests but Java's install screen was just a blank white box that never went away. When I closed the box, it asked if I really wanted to stop the java install.

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/19/2016
Scan Time: 9:50 PM
Logfile: mbam41916.txt
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.04.20.01
Rootkit Database: v2016.04.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Bim

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457843
Time Elapsed: 51 min, 20 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Thanks,
Jim
luteplayers is offline  
Old 04-20-2016, 08:27 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jim. How did you uninstall IE11? As far as I am aware, it cannot be uninstalled.

In addition, you need IE to download Windows Updates.

Also, you can install Java using any browser. Try Firefox. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 04-21-2016, 09:22 PM   #13
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



I right clicked on the start button and selected programs and features, then clicked turn on/off windows features, and unselected IE11, windows update was still able to check for updates and told me that I was up to date.

I tried downloading java from firefox, chrome, and IE11 after I reinstalled it. Attached is a screenshot of what the java install looks like.

I have been trying to run the ESET online scan and I haven't been able to get past 30% without the laptop shutting off and occasionally telling me that there is no bootable device until I do a hard reset.

trying ESET again now.
Attached Thumbnails
Click image for larger version

Name:	javainstall.jpg
Views:	384
Size:	72.1 KB
ID:	279194  
luteplayers is offline  
Old 04-22-2016, 04:50 AM   #14
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



The ESET scan completed with no threats found.

I am still unable to install Java, I never get the popup asking whether I want to install the add on. Just the blank square in the image attached to the previous post.
luteplayers is offline  
Old 04-22-2016, 12:09 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jim. We can install Java manually.

Download the Windows Offline (64-bit) Java installer from here:

https://java.com/en/download/manual.jsp

Save it to your desktop, right-click jre-8u91-windows-x64.exe and choose 'Run as administrator'.

Follow the prompts to manually install the latest Java version.

If successful, delete jre-8u91-windows-x64.exe from your desktop.

------------------------------------------------------
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (Programs)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-01-2016, 06:15 AM   #16
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



The manual installation of Java fails as well. Other than that things are running good. I am going to consider the issue resolved.
luteplayers is offline  
Old 05-01-2016, 06:35 PM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jim. I actually meant for you to download and install the 32-bit version which is what you would really need.

Download the Windows Offline Java installer from here:

https://java.com/en/download/manual.jsp

Save it to your desktop, right-click jre-8u91-windows-i586.exe and choose 'Run as administrator'.

Follow the prompts to manually install the latest Java version.

If successful, delete jre-8u91-windows-i586.exe from your desktop.

------------------------------------------------------
  • After the install is complete, go back to your Control Panel(right-click the Windows "logo" button > Control Panel > (Programs)) and click the Java icon(looks like a coffee cup).
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button.
    • There are two options checked in the window to clear the cache - Leave BOTH Checked
      • Cached Applications and Applets
      • Trace and Log Files
    • Click OK on Delete Temporary Files Window.
      Note: This deletes ALL the Downloaded Cached Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window.
    • Click OK to leave the Java Control Panel.
------------------------------------------------------

Also, we need to clean up before you go. Let me know and I will give you some final instructions.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-11-2016, 07:11 PM   #18
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



alas, the 32bit version wont install either. I'm ready to clean up I guess.
luteplayers is offline  
Old 05-13-2016, 04:50 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Jim. We could investigate the Java problem further, but if you are ready to go...

------------------------------------------------------

Congratulations. Well done! Your logs appear clean. You should be good to go.

------------------------------------------------------
  • Press the Windows "logo" key and "R" key then type cleanmgr into the Run box and click OK.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot for a few seconds.
  • Click 'Clean up system files'
  • If prompted by UAC, then click 'Yes'.
  • If prompted, select your hard drive(usually C:\) then click 'OK'.
  • You should see the scanning screenshot again, for a few seconds up to a few minutes.
  • Click on the 'More Options' tab, and click on the 'Clean up' button under the 'System Restore and Shadow Copies' section.
  • Click/tap on the 'Delete' button in the confirm deletion window, then press 'OK'.
  • Click/tap on the 'Delete files' button in the confirm deletion window.
This will remove all but the most recent System Restore Point.

------------------------------------------------------

Please re-enable your antivirus program and any other antispyware programs disabled earlier if you haven't already.
  • Run AdwCleaner and select Uninstall
  • Confirm by clicking Yes
------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\FRST"

A DOS window will open and close again, this is normal.

------------------------------------------------------

You can safely delete any tools downloaded or any logs, files, and any shortcuts on your desktop that were created during this fix.

Keep MBAM, update and run a Quick Scan weekly.

Empty your Recycle Bin if it does not do so automatically.

------------------------------------------------------

Please read this and, if possible, contribute as much as you can:

Help BleepingComputer Defend Freedom of Speech

------------------------------------------------------

MICROSOFT UPDATES
It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection.

------------------------------------------------------

SPYWARE PREVENTION
In light of your recent problem, I'm sure you'd like to avoid any future infections. Please read this well written article: To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware, or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an add-on available for IE, Firefox, and Chrome.
  • MVPS HOSTS FILE replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. It basically prevents your computer from connecting to those sites by redirecting them to 0.0.0.0, which is the IP of your local computer. See guide for Windows 8/Windows 10 here
Keep your antivirus program and antispyware programs updated and scan with them on a regular basis.

Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 05-14-2016, 07:00 AM   #20
Registered Member
 
Join Date: Jun 2008
Posts: 13
OS: Win SP



I will get that done and post when completed.
luteplayers is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] probable malware on HP laptop
I was asked to fix an HP laptop running Win 7 Home (German). It has been running very slowly and I suspect malware as the cause. While running dds and gmer on it, it bluescreened 4 times and also the Avira antivirus picked up a few virii in different areas. I have no boot or installation disks...
rhorton Resolved HJT Threads 61 02-19-2012 08:51 AM
Multiple bad image .exe windows (re)
This time properly with logs. (The long intro post would be a lot more user-friendly with some hide tags, though those don't seem to exist here. It's pretty clear, though.) Every time I open up a program, or that a program opens at startup, a "___.exe - Bad Image" window opens up with the...
axlemn Inactive Malware Help Topics 5 11-22-2011 08:02 PM
Multiple bad image .exe windows
Every time I open up a program, or that a program opens at startup, a "___.exe - Bad Image" window opens up with the message "The application or DLL C:\WINDOWS\system32\perfc000.dat is not a valid Windows image. Please check this against you installation diskette." Also, I'm pretty sure that at...
axlemn Resolved HJT Threads 1 11-15-2011 03:17 AM
Bad Image Checksum
HELP !! Windows XP Pro SP3 will not start up, not even in Safe Mode. The blue screen says "STOP: c0000221 (Bad Image Checksum) The image oleaut32.dll is possibly corrupt. The header checksum does not match the computed checksum" Any suggestions Please ?
Chores Windows XP Support 1 06-18-2011 01:06 AM
Bad Trojan infection
I've got a bad infection and would really appreciate any help! Relatively new HP dm4t running the latest Windows 7 Home Premium with Symantec Endpoint Protection (SEP). It's quarantined a bunch of trojan files and Bloodhound.PDF.20 files, all found in my appdata\local\temp folder. I will...
konriar Inactive Malware Help Topics 0 01-03-2011 06:16 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:29 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts