Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

System Probs - suspected malware [Closed]

Started by lawnguybri , Nov 24 2013 08:04 PM

This topic is locked

#31
lawnguybri

Posted 29 December 2013 - 08:36 PM

Member

Topic Starter
Member
102 posts

ESET still bogging down. gets to 49% and freezes, showing 112+ infected files.

FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2013 (ATTENTION: ====> FRST version is 29 days old and could be outdated)
Ran by gwengoetter (administrator) on GOETTERS4BACON on 29-12-2013 21:24:13
Running from C:\Users\gwengoetter\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\consent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6549136 2012-07-02] (Realtek Semiconductor)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [21504 2012-07-25] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK13/1
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://search.ask.co...&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {8E0E081D-FD81-46C2-AD92-3B939C17F151} URL = http://www.amazon.co...s={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://search.yahoo....psg&type=HPDTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...0TR&pc=HPDTDFJS
SearchScopes: HKCU - {19DB2D13-91DA-4DA4-A080-AB75B9B9484D} URL = http://search.yahoo....p={searchTerms}
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

FireFox:
========
FF ProfilePath: C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\[email protected]

Chrome:
=======
CHR HomePage: hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch
CHR RestoreOnStartup: "hxxp://search.yahoo.com?type=293224&fr=spigot-yhp-ch", "hxxp://www1.delta-search.com/?affID=122123&babsrc=HP_ss&mntrId=E06B083E8E0CFBEA"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files (x86)\CouponXplorer_5z\bar\1.bin\NP5zStub.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.100.18) - C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: () - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlaidocmldibgopdbjiopphnjhaehnbn\10.16.70.501_0
CHR Extension: (SearchGBY) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmijdhkcgeclpfjmibnginbbkfcbpep\0.9.73_0
CHR Extension: (Norton Identity Protection) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0
CHR Extension: (Gmail) - C:\Users\GWENGO~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM-x32\...\Chrome\Extension: [dbjmkjlcdkfccfpgpbieancamjhaclga] - C:\Program Files (x86)\LyricsNotes\116.crx
CHR HKLM-x32\...\Chrome\Extension: [dlaidocmldibgopdbjiopphnjhaehnbn] - C:\Users\gwengoetter\AppData\Local\CRE\dlaidocmldibgopdbjiopphnjhaehnbn.crx
CHR HKLM-x32\...\Chrome\Extension: [icmijdhkcgeclpfjmibnginbbkfcbpep] - C:\Program Files\SearchGBY\Extensions\Chrome\searchgby.chrome.v0.9.70.crx

==================== Services (Whitelisted) =================

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-07-19] (Hewlett-Packard)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-01] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [208736 2012-11-26] (AVG Technologies CZ, s.r.o.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
U4 PCSUService;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-29 20:16 - 2013-12-29 20:16 - 00291288 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-29 20:06 - 2013-12-29 20:10 - 00000000 ____D C:\windows\system32\MRT
2013-12-29 13:44 - 2013-09-23 17:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2013-12-29 13:44 - 2013-09-23 17:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2013-12-29 13:43 - 2013-06-01 04:25 - 00496640 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2013-12-29 13:43 - 2013-06-01 04:21 - 00595968 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2013-12-29 13:43 - 2013-05-26 18:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2013-12-29 13:43 - 2013-05-26 17:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2013-12-29 13:43 - 2013-05-24 22:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2013-12-29 13:43 - 2013-05-24 21:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2013-12-29 13:43 - 2013-03-02 03:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2013-12-29 13:43 - 2013-03-01 21:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2013-12-29 13:42 - 2013-03-02 03:22 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2013-12-29 13:42 - 2013-03-01 21:44 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2013-12-29 13:42 - 2013-02-02 03:39 - 05090816 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2013-12-29 13:42 - 2013-02-02 03:21 - 05977600 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2013-12-29 13:41 - 2013-02-05 17:31 - 00622080 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2013-12-29 13:41 - 2013-02-05 17:29 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2013-12-29 13:41 - 2013-02-05 17:28 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2013-12-29 13:41 - 2013-02-05 17:28 - 00215552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2013-12-29 13:41 - 2013-02-02 06:19 - 00329960 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2013-12-29 13:41 - 2013-02-02 05:54 - 01933544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2013-12-29 13:41 - 2013-02-02 03:40 - 00410624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlroamextension.dll
2013-12-29 13:41 - 2013-02-02 03:40 - 00370688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WWanAPI.dll
2013-12-29 13:41 - 2013-02-02 03:40 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2013-12-29 13:41 - 2013-02-02 03:40 - 00197632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.Connectivity.dll
2013-12-29 13:41 - 2013-02-02 03:40 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2013-12-29 13:41 - 2013-02-02 03:40 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\tasklist.exe
2013-12-29 13:41 - 2013-02-02 03:40 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskkill.exe
2013-12-29 13:41 - 2013-02-02 03:39 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2013-12-29 13:41 - 2013-02-02 03:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2013-12-29 13:41 - 2013-02-02 03:39 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2013-12-29 13:41 - 2013-02-02 03:39 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2013-12-29 13:41 - 2013-02-02 03:39 - 00015872 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmproxy.dll
2013-12-29 13:41 - 2013-02-02 03:39 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmsprep.dll
2013-12-29 13:41 - 2013-02-02 03:38 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\duser.dll
2013-12-29 13:41 - 2013-02-02 03:24 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\taskkill.exe
2013-12-29 13:41 - 2013-02-02 03:24 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\tasklist.exe
2013-12-29 13:41 - 2013-02-02 03:23 - 00611840 _____ (Microsoft Corporation) C:\windows\system32\wpd_ci.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00543232 _____ (Microsoft Corporation) C:\windows\system32\wlroamextension.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\WWanAPI.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Connectivity.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00228352 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00105472 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2013-12-29 13:41 - 2013-02-02 03:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\wersvc.dll
2013-12-29 13:41 - 2013-02-02 03:22 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2013-12-29 13:41 - 2013-02-02 03:21 - 00467456 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2013-12-29 13:41 - 2013-02-02 03:21 - 00385024 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2013-12-29 13:41 - 2013-02-02 03:21 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2013-12-29 13:41 - 2013-02-02 03:20 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\duser.dll
2013-12-29 13:41 - 2013-02-02 03:20 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\hotspotauth.dll
2013-12-29 13:41 - 2013-02-02 02:25 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2013-12-29 13:41 - 2013-02-02 00:41 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2013-12-29 13:41 - 2013-02-02 00:31 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2013-12-29 13:40 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2013-12-29 13:40 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2013-12-29 13:40 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2013-12-29 13:40 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2013-12-29 13:40 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2013-12-29 13:40 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2013-12-29 13:40 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2013-12-29 13:40 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2013-12-29 13:40 - 2013-03-06 01:31 - 19758592 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2013-12-29 13:40 - 2013-03-06 00:03 - 17561600 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2013-12-29 13:40 - 2013-02-11 19:17 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2013-12-29 13:39 - 2013-04-27 00:20 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2013-12-29 13:39 - 2013-03-06 02:10 - 00112872 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2013-12-29 13:39 - 2013-03-06 01:31 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2013-12-29 13:39 - 2013-03-06 01:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2013-12-29 13:39 - 2013-03-06 00:03 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2013-12-29 13:38 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2013-12-29 13:38 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2013-12-29 13:38 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2013-12-29 13:38 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2013-12-29 13:38 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2013-12-29 13:38 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2013-12-29 13:38 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2013-12-29 13:38 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-12-29 13:38 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-12-29 13:38 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2013-12-29 13:38 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2013-12-29 13:37 - 2013-07-13 01:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2013-12-29 13:37 - 2013-07-13 01:16 - 01889280 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2013-12-29 13:37 - 2013-07-13 01:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2013-12-29 13:37 - 2013-07-13 01:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2013-12-29 13:37 - 2013-07-13 01:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2013-12-29 13:37 - 2013-07-12 23:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2013-12-29 13:37 - 2013-07-12 23:23 - 01568256 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2013-12-29 13:37 - 2013-07-12 23:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2013-12-29 13:37 - 2013-07-12 23:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2013-12-29 13:37 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2013-12-29 13:37 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2013-12-29 13:37 - 2013-03-14 19:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2013-12-29 13:36 - 2013-11-23 01:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2013-12-29 13:36 - 2013-11-23 00:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2013-12-29 13:36 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2013-12-29 13:36 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2013-12-29 13:36 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2013-12-29 13:36 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2013-12-29 13:35 - 2013-04-02 18:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2013-12-29 13:35 - 2013-04-02 18:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2013-12-29 13:34 - 2013-11-06 18:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2013-12-29 13:34 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2013-12-29 13:33 - 2013-08-07 00:15 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2013-12-29 13:32 - 2013-10-01 18:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2013-12-29 13:32 - 2013-10-01 18:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2013-12-29 13:32 - 2013-08-02 01:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2013-12-29 13:32 - 2013-08-02 00:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2013-12-29 13:32 - 2013-03-02 05:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2013-12-29 13:32 - 2013-03-01 21:43 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2013-12-29 13:32 - 2013-02-06 20:33 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2013-12-29 13:31 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2013-12-29 13:31 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2013-12-29 12:39 - 2013-12-29 12:39 - 00448512 _____ (OldTimer Tools) C:\Users\gwengoetter\Downloads\TFC.exe
2013-12-28 11:26 - 2013-12-28 11:26 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu(2).exe
2013-12-28 02:08 - 2013-06-16 17:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2013-12-28 02:08 - 2013-06-01 06:33 - 02233600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2013-12-28 02:08 - 2013-06-01 06:26 - 06987008 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2013-12-28 02:08 - 2013-06-01 04:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2013-12-28 02:07 - 2013-06-01 06:54 - 00194816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2013-12-28 02:07 - 2013-06-01 06:54 - 00125184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2013-12-28 02:07 - 2013-06-01 06:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2013-12-28 02:07 - 2013-06-01 06:26 - 00327936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2013-12-28 02:07 - 2013-06-01 05:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2013-12-28 02:07 - 2013-06-01 04:25 - 00364544 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2013-12-28 02:07 - 2013-06-01 04:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2013-12-28 02:07 - 2013-06-01 04:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2013-12-28 02:07 - 2013-06-01 04:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2013-12-28 02:07 - 2013-06-01 04:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2013-12-28 02:07 - 2013-06-01 04:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2013-12-28 02:07 - 2013-06-01 04:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2013-12-28 02:07 - 2013-06-01 04:22 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2013-12-28 02:07 - 2013-06-01 04:22 - 00446976 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2013-12-28 02:07 - 2013-06-01 04:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2013-12-28 02:07 - 2013-06-01 04:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2013-12-28 02:07 - 2013-06-01 04:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2013-12-28 02:07 - 2013-06-01 04:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2013-12-28 02:07 - 2013-06-01 04:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2013-12-28 02:07 - 2013-06-01 04:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2013-12-28 02:07 - 2013-06-01 04:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2013-12-28 02:07 - 2013-06-01 04:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2013-12-28 02:07 - 2013-06-01 04:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2013-12-28 02:07 - 2013-05-31 22:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2013-12-28 02:07 - 2013-05-24 17:09 - 01403296 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2013-12-28 02:07 - 2013-05-24 17:09 - 01271584 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2013-12-28 02:07 - 2013-05-24 17:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2013-12-28 02:07 - 2013-05-24 17:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2013-12-28 02:07 - 2013-04-09 00:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2013-12-28 02:07 - 2013-04-09 00:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2013-12-28 02:07 - 2013-04-09 00:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2013-12-28 02:07 - 2013-04-08 23:48 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2013-12-28 02:07 - 2013-04-08 18:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2013-12-28 02:07 - 2013-04-08 18:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2013-12-28 02:07 - 2013-03-02 04:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2013-12-28 02:03 - 2013-12-28 02:03 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu(1).exe
2013-12-28 01:49 - 2013-10-25 01:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2013-12-28 01:48 - 2013-10-25 01:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2013-12-28 01:48 - 2013-10-25 01:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2013-12-28 01:48 - 2013-10-25 01:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2013-12-28 01:48 - 2013-10-25 01:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2013-12-28 01:48 - 2013-10-24 23:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2013-12-28 01:48 - 2013-10-24 23:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2013-12-28 01:48 - 2013-10-24 23:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2013-12-28 01:48 - 2013-10-24 23:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2013-12-28 01:47 - 2013-10-25 01:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2013-12-28 01:47 - 2013-10-25 01:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2013-12-28 01:47 - 2013-10-25 01:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2013-12-28 01:47 - 2013-10-25 01:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2013-12-28 01:47 - 2013-10-25 01:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2013-12-28 01:47 - 2013-10-24 23:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2013-12-28 01:47 - 2013-10-24 23:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2013-12-28 01:47 - 2013-10-24 23:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2013-12-28 01:47 - 2013-10-24 23:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2013-12-28 01:47 - 2013-05-15 17:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2013-12-28 01:47 - 2013-05-15 17:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2013-12-28 01:47 - 2013-05-14 08:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2013-12-28 01:47 - 2013-05-14 04:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2013-12-28 01:47 - 2013-02-21 05:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2013-12-28 01:47 - 2013-02-21 05:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2013-12-28 01:47 - 2013-02-21 05:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2013-12-28 01:47 - 2013-02-21 05:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2013-12-28 01:47 - 2013-02-21 05:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2013-12-28 01:47 - 2013-02-21 05:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2013-12-28 01:47 - 2013-02-19 04:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2013-12-28 01:46 - 2013-10-10 06:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2013-12-28 01:46 - 2013-10-10 04:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2013-12-28 01:46 - 2013-10-10 04:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2013-12-28 01:46 - 2013-09-03 22:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2013-12-28 01:46 - 2013-08-16 00:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2013-12-28 01:46 - 2013-08-16 00:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2013-12-28 01:46 - 2013-08-16 00:32 - 00209200 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2013-12-28 01:46 - 2013-08-16 00:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2013-12-28 01:46 - 2013-08-16 00:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2013-12-28 01:46 - 2013-08-16 00:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2013-12-28 01:46 - 2013-08-16 00:20 - 00105984 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2013-12-28 01:46 - 2013-08-15 17:43 - 00083968 _____ C:\windows\SysWOW64\OEMLicense.dll
2013-12-28 01:46 - 2013-08-15 17:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2013-12-28 01:46 - 2013-08-15 17:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2013-12-28 01:46 - 2013-07-01 19:44 - 00036288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2013-12-28 01:46 - 2013-07-01 17:08 - 00247216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2013-12-28 01:46 - 2013-06-10 14:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2013-12-28 01:46 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2013-12-28 01:46 - 2013-06-10 14:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2013-12-28 01:46 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2013-12-28 01:44 - 2013-10-19 00:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2013-12-28 01:44 - 2013-10-18 23:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2013-12-28 01:44 - 2013-07-05 19:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2013-12-28 01:44 - 2013-07-03 21:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2013-12-28 01:42 - 2013-10-08 20:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2013-12-28 01:42 - 2013-10-08 17:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2013-12-28 01:42 - 2013-10-08 17:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2013-12-28 01:42 - 2013-10-08 17:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2013-12-28 01:42 - 2013-10-08 17:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2013-12-28 01:42 - 2013-10-08 17:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2013-12-28 01:42 - 2013-10-08 17:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2013-12-28 01:42 - 2013-10-08 17:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2013-12-28 01:42 - 2013-10-05 01:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2013-12-28 01:42 - 2013-10-03 17:09 - 00385528 _____ C:\windows\system32\ApnDatabase.xml
2013-12-28 01:42 - 2013-10-02 18:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2013-12-28 01:42 - 2013-10-01 21:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2013-12-28 01:42 - 2013-10-01 17:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2013-12-28 01:42 - 2013-09-28 00:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2013-12-28 01:42 - 2013-09-27 22:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2013-12-28 01:42 - 2013-09-19 02:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2013-12-28 01:42 - 2013-08-30 00:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2013-12-28 01:42 - 2013-08-30 00:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2013-12-28 01:42 - 2013-08-29 18:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2013-12-28 01:42 - 2013-08-29 18:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2013-12-28 01:41 - 2013-07-24 18:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2013-12-28 01:40 - 2013-09-13 17:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2013-12-28 01:40 - 2013-09-13 17:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2013-12-28 01:40 - 2013-08-30 00:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2013-12-28 01:40 - 2013-08-30 00:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2013-12-28 01:40 - 2013-08-29 18:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2013-12-28 01:40 - 2013-08-21 01:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2013-12-28 01:40 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2013-12-28 01:40 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2013-12-28 01:40 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2013-12-28 01:40 - 2013-08-10 01:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2013-12-28 01:40 - 2013-08-10 00:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2013-12-28 01:40 - 2013-08-09 22:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2013-12-28 01:40 - 2013-07-24 18:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2013-12-28 01:40 - 2013-07-11 20:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2013-12-28 01:40 - 2013-07-11 20:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2013-12-28 01:40 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2013-12-28 01:40 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2013-12-28 01:32 - 2013-07-01 17:14 - 00043008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbscan.sys
2013-12-28 01:32 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2013-12-28 01:32 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2013-12-28 01:32 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2013-12-28 01:32 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2013-12-28 01:32 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2013-12-28 01:32 - 2013-05-03 23:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2013-12-28 01:31 - 2012-12-12 23:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2013-12-28 01:31 - 2012-12-12 22:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2013-12-28 01:20 - 2013-12-28 01:20 - 00000973 _____ C:\Users\gwengoetter\Desktop\checkup.txt
2013-12-27 21:47 - 2013-12-27 21:47 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu.exe
2013-12-27 21:47 - 2013-12-27 21:47 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-27 21:34 - 2013-12-27 21:34 - 00891200 _____ C:\Users\gwengoetter\Downloads\SecurityCheck.exe
2013-12-27 21:23 - 2013-12-27 21:23 - 00000000 ____D C:\Users\gwengoetter\AppData\Local\Mozilla
2013-12-27 21:21 - 2013-12-27 21:21 - 00001113 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-27 21:21 - 2013-12-27 21:21 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-27 21:21 - 2013-12-27 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 20:58 - 2013-12-21 20:58 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-12-21 13:35 - 2013-12-21 13:35 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 13:35 - 2013-12-21 13:35 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\Malwarebytes
2013-12-21 13:35 - 2013-12-21 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 13:34 - 2013-12-21 13:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 13:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2013-12-21 13:33 - 2013-12-21 13:33 - 00002125 _____ C:\Users\gwengoetter\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-21 13:33 - 2013-12-21 13:33 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-08 22:19 - 2013-12-08 22:19 - 00000000 ____D C:\Users\gwengoetter\Documents\Symantec
2013-12-08 11:19 - 2013-12-08 11:19 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-12-08 11:19 - 2013-12-08 11:09 - 04009167 _____ C:\Users\gwengoetter\Desktop\ServicesRepair.exe
2013-12-05 09:40 - 2013-12-05 09:38 - 00000136 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-12-05 00:35 - 2013-12-21 21:05 - 00002538 _____ C:\Users\gwengoetter\Desktop\FSS.txt
2013-12-05 00:15 - 2013-12-05 00:12 - 00360881 _____ (Farbar) C:\Users\gwengoetter\Desktop\FSS.exe
2013-11-30 23:45 - 2013-11-30 23:41 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:47 - 2013-11-30 13:48 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:45 - 2013-12-29 21:24 - 00012599 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-11-30 13:45 - 2013-11-30 23:50 - 00000000 ____D C:\FRST
2013-11-30 13:45 - 2013-11-30 12:22 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe
2013-11-30 13:45 - 2013-11-24 11:11 - 01091882 _____ C:\Users\gwengoetter\Desktop\adwcleaner.exe

==================== One Month Modified Files and Folders =======

2013-12-29 21:24 - 2013-11-30 13:45 - 00012599 _____ C:\Users\gwengoetter\Desktop\FRST.txt
2013-12-29 21:17 - 2012-12-28 11:23 - 01905981 _____ C:\windows\WindowsUpdate.log
2013-12-29 21:13 - 2013-01-27 18:51 - 00000938 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-29 21:00 - 2012-07-26 03:12 - 00000000 ____D C:\windows\system32\sru
2013-12-29 20:54 - 2012-07-26 03:12 - 00000000 ____D C:\windows\rescache
2013-12-29 20:43 - 2013-04-03 00:31 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2013-12-29 20:27 - 2012-12-28 11:34 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2093230720-1359758338-2908893637-1001
2013-12-29 20:20 - 2012-07-26 02:28 - 00876494 _____ C:\windows\system32\PerfStringBackup.INI
2013-12-29 20:18 - 2012-08-31 23:56 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2013-12-29 20:17 - 2013-04-17 19:08 - 00000382 _____ C:\windows\Tasks\dsmonitor.job
2013-12-29 20:17 - 2013-01-27 18:51 - 00000934 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-29 20:17 - 2012-12-28 11:28 - 00000000 ___RD C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-29 20:17 - 2012-12-28 11:28 - 00000000 ___RD C:\Users\gwengoetter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-29 20:16 - 2013-12-29 20:16 - 00291288 _____ C:\windows\system32\FNTCACHE.DAT
2013-12-29 20:16 - 2012-07-26 02:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2013-12-29 20:14 - 2012-07-26 00:37 - 00000000 ____D C:\windows\servicing
2013-12-29 20:12 - 2012-07-26 00:26 - 00524288 ___SH C:\windows\system32\config\BBI
2013-12-29 20:11 - 2012-09-01 00:00 - 00002900 _____ C:\windows\system32\RaCoInst.log
2013-12-29 20:11 - 2012-07-26 03:12 - 00000000 ___RD C:\windows\ToastData
2013-12-29 20:10 - 2013-12-29 20:06 - 00000000 ____D C:\windows\system32\MRT
2013-12-29 20:03 - 2013-02-04 21:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-12-29 20:03 - 2013-02-04 21:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-12-29 19:41 - 2012-07-26 00:38 - 00000000 ____D C:\windows\system32\oobe
2013-12-29 13:06 - 2012-07-26 03:12 - 00000000 ____D C:\windows\AUInstallAgent
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ____D C:\windows\WinStore
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ____D C:\windows\PolicyDefinitions
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files\Windows Defender
2013-12-29 13:02 - 2012-07-26 03:12 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-12-29 13:02 - 2012-07-26 02:52 - 00000000 ____D C:\Program Files\Windows Journal
2013-12-29 12:39 - 2013-12-29 12:39 - 00448512 _____ (OldTimer Tools) C:\Users\gwengoetter\Downloads\TFC.exe
2013-12-28 11:26 - 2013-12-28 11:26 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu(2).exe
2013-12-28 02:03 - 2013-12-28 02:03 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu(1).exe
2013-12-28 01:20 - 2013-12-28 01:20 - 00000973 _____ C:\Users\gwengoetter\Desktop\checkup.txt
2013-12-27 21:47 - 2013-12-27 21:47 - 02347384 _____ (ESET) C:\Users\gwengoetter\Downloads\esetsmartinstaller_enu.exe
2013-12-27 21:47 - 2013-12-27 21:47 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-27 21:34 - 2013-12-27 21:34 - 00891200 _____ C:\Users\gwengoetter\Downloads\SecurityCheck.exe
2013-12-27 21:24 - 2013-01-27 19:32 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\mozilla
2013-12-27 21:23 - 2013-12-27 21:23 - 00000000 ____D C:\Users\gwengoetter\AppData\Local\Mozilla
2013-12-27 21:21 - 2013-12-27 21:21 - 00001113 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-12-27 21:21 - 2013-12-27 21:21 - 00000000 ____D C:\ProgramData\Mozilla
2013-12-27 21:21 - 2013-12-27 21:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-27 21:21 - 2013-01-27 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-21 21:05 - 2013-12-05 00:35 - 00002538 _____ C:\Users\gwengoetter\Desktop\FSS.txt
2013-12-21 20:58 - 2013-12-21 20:58 - 00181064 _____ (Sysinternals) C:\windows\PSEXESVC.EXE
2013-12-21 14:08 - 2013-01-27 18:51 - 00003910 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-21 14:08 - 2013-01-27 18:51 - 00003674 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-21 14:05 - 2012-09-01 00:57 - 00000000 ____D C:\ProgramData\Norton
2013-12-21 14:05 - 2012-08-01 21:02 - 00945684 _____ C:\windows\PFRO.log
2013-12-21 13:49 - 2012-07-26 03:12 - 00000000 ___HD C:\windows\ELAMBKUP
2013-12-21 13:49 - 2012-07-26 00:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2013-12-21 13:35 - 2013-12-21 13:35 - 00001075 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-21 13:35 - 2013-12-21 13:35 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\Malwarebytes
2013-12-21 13:35 - 2013-12-21 13:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-21 13:35 - 2013-12-21 13:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-21 13:33 - 2013-12-21 13:33 - 00002125 _____ C:\Users\gwengoetter\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2013-12-21 13:33 - 2013-12-21 13:33 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2013-12-08 22:19 - 2013-12-08 22:19 - 00000000 ____D C:\Users\gwengoetter\Documents\Symantec
2013-12-08 18:52 - 2013-01-27 18:57 - 00002145 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-08 11:19 - 2013-12-08 11:19 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-12-08 11:09 - 2013-12-08 11:19 - 04009167 _____ C:\Users\gwengoetter\Desktop\ServicesRepair.exe
2013-12-05 09:38 - 2013-12-05 09:40 - 00000136 _____ C:\Users\gwengoetter\Desktop\list.bat
2013-12-05 00:43 - 2013-01-01 22:24 - 00000000 ____D C:\Users\gwengoetter\AppData\Roaming\.minecraft
2013-12-05 00:12 - 2013-12-05 00:15 - 00360881 _____ (Farbar) C:\Users\gwengoetter\Desktop\FSS.exe
2013-12-03 19:53 - 2012-07-26 03:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2013-12-03 19:53 - 2012-07-26 03:14 - 00078304 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-01 14:42 - 2013-01-02 20:38 - 90708896 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-11-30 23:50 - 2013-11-30 13:45 - 00000000 ____D C:\FRST
2013-11-30 23:41 - 2013-11-30 23:45 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\gwengoetter\Desktop\tdsskiller.exe
2013-11-30 13:48 - 2013-11-30 13:47 - 00048965 _____ C:\Users\gwengoetter\Desktop\Addition.txt
2013-11-30 13:44 - 2012-07-26 02:21 - 00037308 _____ C:\windows\setupact.log
2013-11-30 12:22 - 2013-11-30 13:45 - 01959070 _____ (Farbar) C:\Users\gwengoetter\Desktop\FRST64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-21 15:00

==================== End Of Log ============================

#32
Buddierdl

Posted 30 December 2013 - 07:48 AM

Trusted Helper

Malware Removal
2,524 posts

Did you happen to catch any names for the infection? Were they all the same?

#33
lawnguybri

Posted 01 January 2014 - 02:46 PM

Member

Topic Starter
Member
102 posts

scan showed "a variant of Win32/Kryptik BKYT trojan" and several "probably a variant of Win32/Kryptik BMUV trojan"

thew scan freezes before its complete every time, so all I get is what's displayed actively on the screen. There were 111 infected files at that time, and only are shown on the screen at that time, so I can't see what else has been picked up

#34
Buddierdl

Posted 02 January 2014 - 08:54 AM

Trusted Helper

Malware Removal
2,524 posts

Let's try a different scan:

Please run a free on line scan with BitDefender Online Scanner

Click the green Start Scanner button
Click the green Scan Now button and wait a few seconds until a request appears from Bitdefender
Accept the plugin installation
Restart your browser in Administation mode if requested
Click the green Scan Now button again
Accept the eula agreement if asked
The scan should start. It will be relatively quick.
Click View report (note: this is not the green button - Free download - just click on the words View report under the black button "Get QuickScan for your website")
Notepad will open with a log
Save to your desktop
Copy and paste the report back here

#35
lawnguybri

Posted 04 January 2014 - 01:53 PM

Member

Topic Starter
Member
102 posts

QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Sat Jan 04 14:49:57 2014
Machine ID: E06B164C

No infection found.
-------------------

Processes
---------
CyberLink MediaLibray Service 2756 C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
Firefox 2548 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Firefox 2416 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Java™ Platform SE Auto Updater 2 0 576 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
YCMMirag Application 1088 C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

Network activity
----------------
Process firefox.exe (2548) connected on port 443 (HTTP over SSL) --> 23.66.180.61
Process firefox.exe (2548) connected on port 80 (HTTP) --> 74.125.226.194
Process firefox.exe (2548) connected on port 80 (HTTP) --> 63.140.35.160
Process firefox.exe (2548) connected on port 80 (HTTP) --> 74.125.228.58
Process firefox.exe (2548) connected on port 80 (HTTP) --> 74.125.228.58
Process firefox.exe (2548) connected on port 80 (HTTP) --> 74.125.228.45
Process firefox.exe (2548) connected on port 80 (HTTP) --> 74.125.228.51

Autoruns and critical files
---------------------------
Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Catalyst® Control Center c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
CyberLink MediaLibray Service C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
CyberLink Virtual Drive c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System C:\windows\system32\userinit.exe

Browser plugins
---------------
Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
Bitdefender QuickScan C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Google Update C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
HP Network Check c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
Java Deployment Toolkit 7.0.100.18 C:\windows\SysWOW64\npDeployJava1.dll
Java™ Platform SE 7 U10 c:\program files (x86)\java\jre7\bin\jp2ssv.dll
Java™ Platform SE 7 U10 C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
Java™ Platform SE 7 U10 c:\program files (x86)\java\jre7\bin\ssv.dll
Microsoft® Windows® Operating System C:\windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\windows\system32\napinsp.dll
Microsoft® Windows® Operating System C:\windows\system32\NLAapi.dll
Microsoft® Windows® Operating System C:\windows\system32\pnrpnsp.dll
Microsoft® Windows® Operating System C:\windows\System32\winrnr.dll
NCLauncherFromIE C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
Norton Identity Safe C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
NPSWF32_11_6_602_180.dll C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
TODO: <Product name> C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

Scan
----
MD5: 380f9a643a149b9030142e7171efa91b C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: 38161f642aa7a2882914ddb0e90ff41c c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: 48be298f7fd1bef4d8fbacb04d8d95c4 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: adda5e1951b90d3d23c56d3cf0622adc C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
MD5: 12916e0642e92561c98b18a2a2d01b14 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
MD5: 2e86bba86cfd3392fab6bfead07db43f C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
MD5: 724cb7a116f7e1a67009d751bcf86586 C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
MD5: 94044ddf85da3d6d95035bdb417e5bef c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
MD5: c3a5ffd57c2563204cd9351f0c7a0dea C:\Program Files (x86)\CyberLink\Power2Go8\MSVCP71.dll
MD5: a1a6fc56a1d0dadc164637fe43c40605 C:\Program Files (x86)\CyberLink\Power2Go8\MSVCR71.dll
MD5: b35b97fc934a9a7d02232094128cd636 c:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
MD5: b7f55e2ae978d3d34f7876ee5d689aae C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
MD5: c36444d7301a8c881fc7296b092609c7 C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll
MD5: 506708142bc63daba64f2d3ad1dcd5bf C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
MD5: 949b6d4f2fefde409d1d73da56739ea4 c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe
MD5: e1c037a7e05fd39e6c1af93ceefdc53a C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
MD5: d5056ed8eb2808bded081f63b13e9081 c:\program files (x86)\hewlett-packard\hp support framework\resources\hpnetworkcheck\hpnetworkcheckplugin.dll
MD5: a49c8b3bc30c516c82c08accc851f93d C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
MD5: 9b7edd3fe7c211c36e921d34d18a3a0a C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
MD5: 514b3881d742c95cf912587f2072c34f c:\program files (x86)\java\jre7\bin\jp2ssv.dll
MD5: cb058b7aec8ba542570678c4be9f339a C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
MD5: e084217f71bf5e5633ca6470e7a53bbb c:\program files (x86)\java\jre7\bin\ssv.dll
MD5: be501cbc29b2025a263d80d399f1797a c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
MD5: 666a76d8ed0a06c9404da0d546bf3627 C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
MD5: 1eea6c1b35191dc177ea83672b9c3fc0 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
MD5: 8439cd841764fc1d7b1059a21021bdca C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
MD5: 1fd37aec631eef547ff6c93151c21a5b C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
MD5: 454830b2ff549241e4b09cd291f4b59d C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
MD5: ab7ebfd1d7fe626612d1e815fe4e6df4 C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
MD5: 8a6087b231b529ef6186cd0179b16032 C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Program Files (x86)\Mozilla Firefox\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Program Files (x86)\Mozilla Firefox\MSVCR100.dll
MD5: 2545f8fa1ba4417308df63b952d66fa1 C:\Program Files (x86)\Mozilla Firefox\nss3.dll
MD5: cf618ddc43b1f48959275961d0142615 C:\Program Files (x86)\Mozilla Firefox\nssckbi.dll
MD5: 689a9eff35da52f70849fdb25034174f C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
MD5: 0dd74786d22edff0ce5b8e1b1e398618 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
MD5: a6f5aa4bd602cda7b0a375a6a48d715d C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
MD5: de2345b8cbcc6366e20848ec22278cb6 C:\Program Files (x86)\Mozilla Firefox\xul.dll
MD5: 3b9398e0146855b1dc0e3d9769c80f01 C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
MD5: abefa4bd23329fd9bd47496bf2e58774 C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
MD5: c517e5ea7cee783f3681f62d2a362e5b C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: d1e343bc00136ce03c4d403194d06a80 C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
MD5: 7c8ef404852d1c675ce2a77d9852fa97 C:\Program Files\Windows Defender\MsMpEng.exe
MD5: 49709b93d611fcf6401388f628e283ff C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: cb5cd624fa66a82179ca07cc41e53716 C:\Users\gwengoetter\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.0.18_0\npcoplgn.dll
MD5: 625ea13387d3f2c003a6677d6ade6942 C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\gwengoetter\AppData\Roaming\Mozilla\Firefox\Profiles\uc1hbyhs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 0e8e6463f81c80afbed533e0f1f8895d C:\windows\Explorer.exe
MD5: 0b56259f5611787222a04a8f254e51d4 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 108fb6ddb69e537a2ea53f425363fae5 C:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
MD5: 5243cfc2e7161c91c2b355240035b9e4 C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
MD5: 8abbb5ce0c62e0a6d28f32f44b7f865c C:\windows\servicing\TrustedInstaller.exe
MD5: bfef608cd713a4cd3165d72e2aeb23f2 C:\windows\SYSTEM32\ADVAPI32.dll
MD5: 447327f8f184148a5653cfe46836bf6c C:\windows\system32\api-ms-win-appmodel-identity-l1-1-0.dll
MD5: c02281a685000cfca7f6777cc985884f C:\windows\system32\api-ms-win-appmodel-runtime-l1-1-0.dll
MD5: 88f51c21a20316076f73e0e8ec21bf6f C:\windows\system32\api-ms-win-appmodel-state-l1-1-0.dll
MD5: b86698440665cfa02128af04697f0b16 C:\windows\system32\api-ms-win-base-bootconfig-l1-1-0.dll
MD5: 9ecaf4f969eae36e7e388b713fb4de27 C:\windows\system32\api-ms-win-base-util-l1-1-0.dll
MD5: 6f6b445c1651463946efba7057be640b C:\windows\system32\api-ms-win-core-apiquery-l1-1-0.dll
MD5: 77b385c31f039faa9e7e8ce7940a343a C:\windows\system32\api-ms-win-core-appcompat-l1-1-0.dll
MD5: 322a21ae8812d0f0df864fba0d709dcf C:\windows\system32\api-ms-win-core-appinit-l1-1-0.dll
MD5: dd96613620832270f135f694ba21b927 C:\windows\system32\api-ms-win-core-atoms-l1-1-0.dll
MD5: 6711f95a981e4abd1920d98a9fd052d6 C:\windows\system32\api-ms-win-core-bem-l1-1-0.dll
MD5: 8a33d7290ad400e1dad4117d4efa9751 C:\windows\system32\api-ms-win-core-bicltapi-l1-1-0.dll
MD5: 252f4e1780b13a3d6f0e5dcbb530342a C:\windows\system32\api-ms-win-core-biplmapi-l1-1-0.dll
MD5: d8eb747996b4495f29dc99cd2e4a4367 C:\windows\system32\api-ms-win-core-biptcltapi-l1-1-0.dll
MD5: f7b4f75d5b1b40d1f38146f2ae029786 C:\windows\system32\api-ms-win-core-com-l1-1-0.dll
MD5: 18508033cfc86f93d7b1e6ddefc18e34 C:\windows\system32\api-ms-win-core-com-private-l1-1-0.dll
MD5: f3569f174febd956b6f7309706f8b7a8 C:\windows\system32\api-ms-win-core-comm-l1-1-0.dll
MD5: f42d02ed66a9f2a1a7dee5a905f5f856 C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 2e41892de5f8fa0c6fa9ee11119504df C:\windows\system32\api-ms-win-core-console-l2-1-0.dll
MD5: 6e87a2c2a16698ecb9b3ab90fb0dd856 C:\windows\system32\api-ms-win-core-crt-l1-1-0.dll
MD5: 02481b21ee89651b86861ad3c0485c60 C:\windows\system32\api-ms-win-core-crt-l2-1-0.dll
MD5: 1afbc646f0d51089e22257568cf88f66 C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 1f7cec79024d99755780a7d1255c765a C:\windows\system32\api-ms-win-core-datetime-l1-1-1.dll
MD5: d2b6afe2e20ac10f45df8b9a750decb2 C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: b472232ef265d1fdec8184844efafec9 C:\windows\system32\api-ms-win-core-debug-l1-1-1.dll
MD5: 78bfee6a25d13377b729929c2914e240 C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 7f2138eddb2450985f85c70848eb9f07 C:\windows\system32\api-ms-win-core-delayload-l1-1-1.dll
MD5: 4853a87dda46b59d9afec5f778ae78ca C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: 826a0f69e3404265a0726a43b7c8bd50 C:\windows\system32\api-ms-win-core-errorhandling-l1-1-1.dll
MD5: f009d108d9a8b89fd133a6e75f5610a4 C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 11320b9f37a1576ec286195c03552a08 C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll
MD5: 9b7732b72ec8dbe3b0e86d0ad95ce3f8 C:\windows\system32\api-ms-win-core-fibers-l2-1-0.dll
MD5: 4865ec4c3878125dff942de3fb83fecf C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 310b8716324d4f5519c1d5126bf12ba9 C:\windows\system32\api-ms-win-core-file-l1-2-0.dll
MD5: 18ee65c73fcfa988e862b063a0b4c856 C:\windows\system32\api-ms-win-core-file-l2-1-0.dll
MD5: d28317d4bd7e048e9bbf7e1f8096d7ad C:\windows\system32\api-ms-win-core-firmware-l1-1-0.dll
MD5: 1bf37349683ba8b99e2d527b007e5012 C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: e57bef2d953414536243acf077888a49 C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 93d5e9f885c83506124defee24536b10 C:\windows\system32\api-ms-win-core-heap-l1-2-0.dll
MD5: 2c2e82f9155efa5589becddcdea76b3a C:\windows\system32\api-ms-win-core-heap-obsolete-l1-1-0.dll
MD5: ab06aac675ae568e070b44a7889c03ba C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 051e289e7e253eb1af2ebf7de02e2133 C:\windows\system32\api-ms-win-core-interlocked-l1-2-0.dll
MD5: 25e8e6f6ea22d96ccc99f77fd2709297 C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: 6393b23cb834a2bb3e3b78a640f3c189 C:\windows\system32\api-ms-win-core-io-l1-1-1.dll
MD5: 92e84131e56e49159a0397a26ce1a9e8 C:\windows\system32\api-ms-win-core-job-l1-1-0.dll
MD5: e17c05054237b80a02b3cbc29d59bb0a C:\windows\system32\api-ms-win-core-job-l2-1-0.dll
MD5: 30ee4a9f20c73b02c11de5363f90c6c9 C:\windows\system32\api-ms-win-core-kernel32-legacy-l1-1-0.dll
MD5: ef441654112aa8e3c3ffe53e33cd8322 C:\windows\system32\api-ms-win-core-kernel32-private-l1-1-0.dll
MD5: 48ec29aae4dd3527af925f8c832524b9 C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: 7d608b4ec9da8f1d8211cf1a5cf0aad4 C:\windows\system32\api-ms-win-core-libraryloader-l1-1-1.dll
MD5: 3360dfd7756f037642c9fc0825f76389 C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: c5ea7fe690b2a95e94db00c58e28cd56 C:\windows\system32\api-ms-win-core-localization-l1-2-0.dll
MD5: e59f5e11fb69e6c3d06f8977b3f14729 C:\windows\system32\api-ms-win-core-localization-l2-1-0.dll
MD5: 80c7c8fd68bcc9b1f56641b19e25722b C:\windows\system32\api-ms-win-core-localization-obsolete-l1-1-0.dll
MD5: a999676fa9512108444c6e26644b50e6 C:\windows\system32\api-ms-win-core-localization-private-l1-1-0.dll
MD5: 13e3edff80a4080852b17a0cc146491d C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 715d345e17d602b997e5e715a242be66 C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 636014fe8070a40dc69c530fb42322c6 C:\windows\system32\api-ms-win-core-memory-l1-1-1.dll
MD5: 237640949275ac3cb03c1ade43bb64e0 C:\windows\system32\api-ms-win-core-multipleproviderrouter-l1-1-0.dll
MD5: 2ce80535f874797f37dad0cfaf8a89be C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 0a09af927531309dafd6757642f0de6e C:\windows\system32\api-ms-win-core-namedpipe-l1-2-0.dll
MD5: 5d1b3d315cacd8a8048c063bf2b91438 C:\windows\system32\api-ms-win-core-namespace-l1-1-0.dll
MD5: f550616c9ba425462d5ddefae9147339 C:\windows\system32\api-ms-win-core-normalization-l1-1-0.dll
MD5: 582edc1b799f2321cc476003b0fa5f98 C:\windows\system32\api-ms-win-core-path-l1-1-0.dll
MD5: 5e53be30910a85bf6fb363303a4eab21 C:\windows\system32\api-ms-win-core-privateprofile-l1-1-0.dll
MD5: da8bfd4d36dd539ffe72760a23b95461 C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: e91d09b8657b501c374e87c00b6c669b C:\windows\system32\api-ms-win-core-processenvironment-l1-2-0.dll
MD5: dfedb34bfbda1ed002aa085610a18fe7 C:\windows\system32\api-ms-win-core-processsecurity-l1-1-0.dll
MD5: a5c71e6dbb1601e62c9b13e27ec9bafa C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: db0ef1cd436b49014e24ec6e5236c776 C:\windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
MD5: cfe724e9aa269a61fdf1aa4ad2f20bcd C:\windows\system32\api-ms-win-core-processtopology-l1-1-0.dll
MD5: 350b36452d430e22dbc5a7b869050ba2 C:\windows\system32\api-ms-win-core-processtopology-obsolete-l1-1-0.dll
MD5: 52e2e07f93021544c70299e51fd54892 C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 4f800ab67977f9680660a1a9293b824f C:\windows\system32\api-ms-win-core-psapi-ansi-l1-1-0.dll
MD5: 63474959b6e14100a54b56f09069102f C:\windows\system32\api-ms-win-core-psapi-l1-1-0.dll
MD5: 32d7a11a211dabe2d5a1a8f0fafac3f6 C:\windows\system32\api-ms-win-core-psapi-obsolete-l1-1-0.dll
MD5: d67c7a6803a939fd3d11113f5458e9c4 C:\windows\system32\api-ms-win-core-psm-app-l1-1-0.dll
MD5: 341d4aa05d0b4e5ad9822d86c4d21d80 C:\windows\system32\api-ms-win-core-psm-info-l1-1-0.dll
MD5: 9825f80efc9bf288a4b77fd6cace37f3 C:\windows\system32\api-ms-win-core-psm-plm-l1-1-0.dll
MD5: 287f6da3191cd83559d648a9586888da C:\windows\system32\api-ms-win-core-realtime-l1-1-0.dll
MD5: dbe6f036c2dcb7af77ea023f3d9657a7 C:\windows\system32\api-ms-win-core-registry-l1-1-0.dll
MD5: 3d92d4ca0d76994dffb8190704c47c3c C:\windows\system32\api-ms-win-core-registry-l2-1-0.dll
MD5: a40e63ab0d5cc82b96499e7fd45449a3 C:\windows\system32\api-ms-win-core-registry-private-l1-1-0.dll
MD5: eaffdcde31af8556790c6a304fc97593 C:\windows\system32\api-ms-win-core-registryuserspecific-l1-1-0.dll
MD5: 5b8a940efb229e56f5d26801a1cd076c C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: b54c4d348cd84d609c31c64c5363f763 C:\windows\system32\api-ms-win-core-rtlsupport-l1-2-0.dll
MD5: 365bf1432c989a69a1747ac730c9f7bd C:\windows\system32\api-ms-win-core-shlwapi-legacy-l1-1-0.dll
MD5: 971e78462e55745ad3e1f6ccc8762099 C:\windows\system32\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll
MD5: 6cad2227b6c2d1fcaa3619bba4d4a557 C:\windows\system32\api-ms-win-core-shutdown-l1-1-0.dll
MD5: b7193e71b8d2db07e01c94c84c13b0b0 C:\windows\system32\api-ms-win-core-sidebyside-l1-1-0.dll
MD5: 749fe120b70857e7a79bd5d878969a8d C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: a2d44d2ae77d63207bbea2844070efc9 C:\windows\system32\api-ms-win-core-string-l2-1-0.dll
MD5: 1f2a45781d7c99cd3348de8b8c198b59 C:\windows\system32\api-ms-win-core-string-obsolete-l1-1-0.dll
MD5: f0cb795a290977abd06ab5e08b5704fd C:\windows\system32\api-ms-win-core-stringansi-l1-1-0.dll
MD5: 092d51842b74333a3d001276e76841ad C:\windows\system32\api-ms-win-core-stringloader-l1-1-0.dll
MD5: f4689a8dfe938e2c306b4bc4c2b2cfd0 C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 3c6a916ecef55805e4c6a4b68d1f218b C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll
MD5: 94e01db754eddf03bbc57a7ebe334d15 C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: 0370b8a4bff0d7f8cdb73662a1bfd3dc C:\windows\system32\api-ms-win-core-sysinfo-l1-2-0.dll
MD5: 97b77f3268574e9e384d27d982b7bac1 C:\windows\system32\api-ms-win-core-systemtopology-l1-1-0.dll
MD5: cc7bd30de22a0a9ded28b8c6ef1ab562 C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: e8947acb7734fbc255481cc844a7e0bf C:\windows\system32\api-ms-win-core-threadpool-l1-2-0.dll
MD5: 6ac1dedc564919a59ce05f67336f9490 C:\windows\system32\api-ms-win-core-threadpool-legacy-l1-1-0.dll
MD5: 388188db9ee9234e6cf29166cd2d542c C:\windows\system32\api-ms-win-core-threadpool-private-l1-1-0.dll
MD5: 1831614fb8dc580e147b5f00eb87eb8f C:\windows\system32\api-ms-win-core-timezone-l1-1-0.dll
MD5: 030d2be62048a04e1c701fb52dbccdbd C:\windows\system32\api-ms-win-core-timezone-private-l1-1-0.dll
MD5: a0d42a2b9158d3f0f6239d450b41e95a C:\windows\system32\api-ms-win-core-toolhelp-l1-1-0.dll
MD5: ef28ee9574d51349bf7315dbcf39b53c C:\windows\system32\api-ms-win-core-url-l1-1-0.dll
MD5: eca0f972f03e93b79baf4ed6f67ad859 C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: 4eb62b0341309def99a65aee1f164dd5 C:\windows\system32\api-ms-win-core-version-l1-1-0.dll
MD5: 650ebec5fa7cf2e439e16d96a0cf4ae0 C:\windows\system32\api-ms-win-core-version-private-l1-1-0.dll
MD5: ba8d53b7a58a2e7cd912251dc7ff5b3c C:\windows\system32\api-ms-win-core-versionansi-l1-1-0.dll
MD5: 595a8a7c8666d1d109f93525ea55b179 C:\windows\system32\api-ms-win-core-windowserrorreporting-l1-1-0.dll
MD5: a28428f7db1e45d16d8a2c9bf8fce97e C:\windows\system32\api-ms-win-core-winrt-error-l1-1-0.dll
MD5: d2eb447bd1a93977c282672e4fac9ebb C:\windows\system32\api-ms-win-core-winrt-errorprivate-l1-1-0.dll
MD5: 3972594f2f26a868b7a0fdf81d3db753 C:\windows\system32\api-ms-win-core-winrt-l1-1-0.dll
MD5: ee8129583fa14bf1509dfaa216374542 C:\windows\system32\api-ms-win-core-winrt-propertysetprivate-l1-1-0.dll
MD5: 8cc66f733538ab3326789aba9588663b C:\windows\system32\api-ms-win-core-winrt-registration-l1-1-0.dll
MD5: d9c6bed2d345e1d71cf8ea9dfc9465f9 C:\windows\system32\api-ms-win-core-winrt-robuffer-l1-1-0.dll
MD5: 914384024cde9b8468d2f039a5b92c5c C:\windows\system32\api-ms-win-core-winrt-roparameterizediid-l1-1-0.dll
MD5: 7f72eb4d2ba40d167891474822b56296 C:\windows\system32\api-ms-win-core-winrt-string-l1-1-0.dll
MD5: 9788d91f24b4622d51df99c6ef25bd33 C:\windows\system32\api-ms-win-core-wow64-l1-1-0.dll
MD5: 5d0bc8b19983e5a11fa16225c5c189d2 C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 525d22a271dc38ef7ba44bea3cf97096 C:\windows\system32\api-ms-win-core-xstate-l1-1-1.dll
MD5: 66a51a6b3d19e68cefb37cfc2d2363ce C:\windows\system32\api-ms-win-devices-config-l1-1-0.dll
MD5: 279b2e7fd167d1ec2de54773b1628c50 C:\windows\system32\api-ms-win-devices-query-l1-1-0.dll
MD5: e49fbc35083487e248cffc67a8b1b1a7 C:\windows\system32\api-ms-win-devices-swdevice-l1-1-0.dll
MD5: 5dcfd53568c1619f0e567ec061f0ed02 C:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
MD5: bdb84c7236235ae998d2643626308238 C:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
MD5: 09d48767c911d488e3598591b213f6dd C:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
MD5: 387580f5784abf062580fc88b9700d88 C:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
MD5: b68109230823c623655e5f4760f55c01 C:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
MD5: 911ac9bceaf86af6265102c3c38964da C:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
MD5: 14ae414135ff17996d70210ef5529002 C:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
MD5: f528316d7697b849543f74b6fe798224 C:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
MD5: ccfc37874dfbd0ac3f338b97c669726b C:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
MD5: 65388d0b3ef04211d708b25a3c773854 C:\windows\system32\api-ms-win-dx-d3dkmt-l1-1-0.dll
MD5: c0b8498be26fa1dc661a273d6fe607a2 C:\windows\system32\api-ms-win-eventing-classicprovider-l1-1-0.dll
MD5: cee78cf922d2b8a6121b656b7b61f473 C:\windows\system32\api-ms-win-eventing-consumer-l1-1-0.dll
MD5: 961e839dcb2b214857b3dae22f519c4b C:\windows\system32\api-ms-win-eventing-controller-l1-1-0.dll
MD5: b2f2573231c1bae351bdeac7df66034b C:\windows\system32\api-ms-win-eventing-legacy-l1-1-0.dll
MD5: 6367d4f686c68e25dc1e21d84e3b5f8f C:\windows\system32\api-ms-win-eventing-obsolete-l1-1-0.dll
MD5: 4c099558d424e5f04fb092c9934bc0ea C:\windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
MD5: c470a7f23bb0deacd4b273e2163f527c C:\windows\system32\api-ms-win-eventlog-legacy-l1-1-0.dll
MD5: 301f46b48ea0d62185bb41f8a3c8224f C:\windows\system32\api-ms-win-eventlog-private-l1-1-0.dll
MD5: e1d7a063cacec5162af4798b5d61ef30 C:\windows\system32\api-ms-win-gdi-ie-rgn-l1-1-0.dll
MD5: 1273cdee75e11234e2f4abbe748d8179 C:\windows\system32\api-ms-win-http-time-l1-1-0.dll
MD5: 39db5b739918e53415195a8cfca59714 C:\windows\system32\api-ms-win-input-ie-interactioncontext-l1-1-0.dll
MD5: f5b496500ed578dcd10f06b0540095f3 C:\windows\system32\api-ms-win-mm-joystick-l1-1-0.dll
MD5: 49913c08633a849b5dc27b563adf0b33 C:\windows\system32\api-ms-win-mm-mci-l1-1-0.dll
MD5: c82972616e5fc4ad4a36a09fa6b294a8 C:\windows\system32\api-ms-win-mm-misc-l1-1-0.dll
MD5: cc2e41e3d186f21404b43144502a0852 C:\windows\system32\api-ms-win-mm-misc-l2-1-0.dll
MD5: 8c8c219e567faa81d910a183a3b24894 C:\windows\system32\api-ms-win-mm-mme-l1-1-0.dll
MD5: 20d6adfbb7357fa9990f29096298f39e C:\windows\system32\api-ms-win-mm-playsound-l1-1-0.dll
MD5: 2493d82fbd318843442cca8554e1ef85 C:\windows\system32\api-ms-win-mm-time-l1-1-0.dll
MD5: 7e18e4431473f92f95a634687366de98 C:\windows\system32\api-ms-win-net-isolation-l1-1-0.dll
MD5: 8ab0bf5b22f41adff64a10748f4f205c C:\windows\system32\api-ms-win-ntuser-dc-access-l1-1-0.dll
MD5: b4a0d74278fda6eb101db5d69cbb32bf C:\windows\system32\api-ms-win-ntuser-ie-clipboard-l1-1-0.dll
MD5: e63e4610d77cc28695b1f23f0ea535f3 C:\windows\system32\api-ms-win-ntuser-ie-message-l1-1-0.dll
MD5: 2122c537ed0e613bfba6882a469703ed C:\windows\system32\api-ms-win-ntuser-ie-window-l1-1-0.dll
MD5: 783cf5787a0912f8bfdda73dc92102df C:\windows\system32\api-ms-win-ntuser-ie-wmpointer-l1-1-0.dll
MD5: cd3e0c6c20fc9f323ead2624411f5727 C:\windows\system32\api-ms-win-ntuser-rectangle-l1-1-0.dll
MD5: cf3954258a0e6392686565aac59ad35d C:\windows\system32\api-ms-win-ntuser-sysparams-l1-1-0.dll
MD5: 53bfa17586f050301eb087a92d85f92b C:\windows\system32\api-ms-win-ntuser-uicontext-l1-1-0.dll
MD5: d2359fd1dd79e519211d89f8810773c8 C:\windows\system32\api-ms-win-ole32-ie-l1-1-0.dll
MD5: f38ecc10a74d1490f4114fe7cba32fc2 C:\windows\system32\api-ms-win-power-base-l1-1-0.dll
MD5: da0543885c5bd7331cf37099ff1086e2 C:\windows\system32\api-ms-win-power-setting-l1-1-0.dll
MD5: 2c0e1a46de42fefa1730bf4016e9a416 C:\windows\system32\api-ms-win-ro-typeresolution-l1-1-0.dll
MD5: 8f9cecbd4fee5262f2df3600ab7fab01 C:\windows\system32\api-ms-win-security-activedirectoryclient-l1-1-0.dll
MD5: 67d9792e47e9ca80f589cb93cd0b1983 C:\windows\system32\api-ms-win-security-appcontainer-l1-1-0.dll
MD5: 39f25002c240c7fbc81881c0cc097b9b C:\windows\system32\api-ms-win-security-audit-l1-1-0.dll
MD5: f5e61132f8f22945bbc2632b19673691 C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 99cb36ce62417baa0a027b1e8c083f6e C:\windows\system32\api-ms-win-security-base-l1-2-0.dll
MD5: 242c630e29a6a1f0d03b63a8643c9d58 C:\windows\system32\api-ms-win-security-base-private-l1-1-0.dll
MD5: 6330576cf16620438c95efa7dc2bf775 C:\windows\system32\api-ms-win-security-credentials-l1-1-0.dll
MD5: f89825b123281efc1ae7e1399de558be C:\windows\system32\api-ms-win-security-credentials-l2-1-0.dll
MD5: 3ce6250c5cb18418822cb598b3e9fd38 C:\windows\system32\api-ms-win-security-grouppolicy-l1-1-0.dll
MD5: f76b058480693adfa0df8456c8198afc C:\windows\system32\api-ms-win-security-lsalookup-l1-1-0.dll
MD5: 3f45c7a707ba499c0e6e9e1e40fe0aab C:\windows\system32\api-ms-win-security-lsalookup-l1-1-1.dll
MD5: 27e2ac76f852ba204cd6d5affb5ee3e4 C:\windows\system32\api-ms-win-security-lsalookup-l2-1-0.dll
MD5: 4b7dbfbd26d39ddc3bd3bf52d47069ee C:\windows\system32\api-ms-win-security-lsapolicy-l1-1-0.dll
MD5: 08bafebb0b22a494007ab9f1de230714 C:\windows\system32\api-ms-win-security-provider-l1-1-0.dll
MD5: 3c989870ffd5181b341eda3690e9b78b C:\windows\system32\api-ms-win-security-sddl-ansi-l1-1-0.dll
MD5: f690a1bcf8e539654a3aa8f815958854 C:\windows\system32\api-ms-win-security-sddl-l1-1-0.dll
MD5: 118ccacb93c2f589cf59a080dc6110fa C:\windows\system32\api-ms-win-security-sddlparsecond-l1-1-0.dll
MD5: cb452a6aa88c21cfa0d254d7cd00d051 C:\windows\system32\api-ms-win-security-systemfunctions-l1-1-0.dll
MD5: 8d48474ef24654b5599256776e18b3da C:\windows\system32\api-ms-win-security-trustee-l1-1-0.dll
MD5: a53d8d64012d21b10d24eb250cc2d0c4 C:\windows\system32\api-ms-win-service-core-l1-1-0.dll
MD5: ad83261e44f14f80903be326432bf5dc C:\windows\system32\api-ms-win-service-core-l1-1-1.dll
MD5: bfb2a3d296fdcb4fd5fd1f967cf2a9e8 C:\windows\system32\api-ms-win-service-management-l1-1-0.dll
MD5: d5544d7989187e24913c468bff485b77 C:\windows\system32\api-ms-win-service-management-l2-1-0.dll
MD5: b12b039b9cf631abedc9bae7c1a94aa0 C:\windows\system32\api-ms-win-service-private-l1-1-0.dll
MD5: da364744048c965547fb3f2a98f7d92b C:\windows\system32\api-ms-win-service-winsvc-l1-1-0.dll
MD5: d515260a65f4a7a334e3b14fa04a7be7 C:\windows\system32\api-ms-win-service-winsvc-l1-2-0.dll
MD5: 43b42efe062e9255a6ae9e70fb0a3d61 C:\windows\system32\api-ms-win-shcore-comhelpers-l1-1-0.dll
MD5: 9a4d7a1bb6eef46f3c7181e8fe0722b5 C:\windows\system32\api-ms-win-shcore-obsolete-l1-1-0.dll
MD5: 6a4c3c1148432b3d0e2d080996469b55 C:\windows\system32\api-ms-win-shcore-registry-l1-1-0.dll
MD5: d637f60a763a61a49838c25eeb187385 C:\windows\system32\api-ms-win-shcore-scaling-l1-1-0.dll
MD5: e32d074afe1de5c49b2b67bddd4421c8 C:\windows\system32\api-ms-win-shcore-stream-l1-1-0.dll
MD5: 5425e67e83b216c0b43c62f4aaebc547 C:\windows\system32\api-ms-win-shcore-stream-winrt-l1-1-0.dll
MD5: ffc22634dc56123a14d69257337b1df6 C:\windows\system32\api-ms-win-shcore-sysinfo-l1-1-0.dll
MD5: b40df39e9b15a585969315b680a33dc4 C:\windows\system32\api-ms-win-shcore-thread-l1-1-0.dll
MD5: 0f3fc3db6ee23b393732b51667d591d2 C:\windows\system32\api-ms-win-shcore-unicodeansi-l1-1-0.dll
MD5: 1afdf299bb47ae400d416c7ec73bc901 C:\windows\system32\api-ms-win-shell-shellcom-l1-1-0.dll
MD5: e43fe55d5c1e7f2c86d29249a4446c3e C:\windows\system32\api-ms-win-shell-shellfolders-l1-1-0.dll
MD5: 890b9cd1d73587cb2aab2788bcae7b59 C:\windows\system32\api-ms-win-shlwapi-ie-l1-1-0.dll
MD5: 6a0c81508755c7f8ea5c5a4bc0e922cb C:\windows\system32\apphelp.dll
MD5: 1f2c7f52f7a53751ed38287ef90942c8 C:\windows\SYSTEM32\AUDIOSES.DLL
MD5: 7dfc3fcd0d5b7fc2f60c344bb384607c C:\windows\SYSTEM32\bcryptPrimitives.dll
MD5: 567612d556bbc4fc98169ea98f6ea480 C:\windows\SYSTEM32\CFGMGR32.dll
MD5: 62f46fb1aed31b289f6a64718a3e5ecf C:\windows\SYSTEM32\clbcatq.dll
MD5: 5996c79fb52bde3fa10f77396654ae42 C:\windows\system32\cmd.exe
MD5: 828cfd406e60311a9e5414685fa7eedf C:\windows\SYSTEM32\combase.dll
MD5: 186ef39b997acb482c5092ad0079b5a3 C:\windows\SYSTEM32\CRYPT32.dll
MD5: 0d3c6e1a7ebd401f46e00edbd61d1a72 C:\windows\SYSTEM32\CRYPTBASE.dll
MD5: 7d20883f79ff846aee49678238be8a7a C:\windows\SYSTEM32\CRYPTSP.dll
MD5: 5125c1f27f8537f33076d0c0151f6b7f C:\windows\SYSTEM32\dbghelp.dll
MD5: 3d6137def42af8ffaeb03e3084c830ad C:\Windows\SYSTEM32\devenum.dll
MD5: b2a25f2c3dccd9858701e0af13e5ee4d C:\windows\SYSTEM32\DEVOBJ.dll
MD5: 4e1278d5040a2d2d274eb98661cbf07e C:\windows\SYSTEM32\DEVRTL.dll
MD5: 120bfa182545ee73b832595137e080f8 C:\windows\system32\dhcpcore.dll
MD5: 61e22a327d20737529e5ddad904bdd7b C:\windows\system32\dllhost.exe
MD5: bb3717d6fc27a22d0403c825a93bc068 C:\windows\SYSTEM32\DNSAPI.dll
MD5: fb11241b62f07c9ffe664610e262c528 C:\windows\system32\DUI70.dll
MD5: ff5acc9aa26a3fbdc2ecfda51a735960 C:\windows\system32\DUser.dll
MD5: 341adcbb9a744f559c3cf3ca5d3d8934 C:\windows\SYSTEM32\dwmapi.dll
MD5: 3213f234b8fc8d0869d50b98884eb5f4 C:\windows\SYSTEM32\dwrite.dll
MD5: 39fb0d2c74d4201f01ba30d06162525a C:\windows\system32\es.dll
MD5: eafe46b0292d2bd2467835e2acf717cc C:\windows\system32\explorer.exe
MD5: 074223c4d8109c016b5864debf356bd8 C:\windows\system32\explorerframe.dll
MD5: 71df9f3dfbbe49421cd7555b1090d699 C:\windows\system32\ext-ms-win-advapi32-auth-l1-1-0.dll
MD5: ee815df916162f6525ac5814ccb0bc4d C:\windows\system32\ext-ms-win-advapi32-encryptedfile-l1-1-0.dll
MD5: 778cf4fc80f66389d54e4554f04ed49b C:\windows\system32\ext-ms-win-advapi32-eventingcontroller-l1-1-0.dll
MD5: a26ea2d0c1fb730f80e28800827f826b C:\windows\system32\ext-ms-win-advapi32-eventlog-l1-1-0.dll
MD5: 1b78b135034f03f36ce1c6806cef7bde C:\windows\system32\ext-ms-win-advapi32-lsa-l1-1-0.dll
MD5: 3831e447225ae8c8a1766dd8f084a44a C:\windows\system32\ext-ms-win-advapi32-msi-l1-1-0.dll
MD5: 85c3911aab39242effa413eafd4487e1 C:\windows\system32\ext-ms-win-advapi32-ntmarta-l1-1-0.dll
MD5: 85c3911aab39242effa413eafd4487e1 C:\windows\system32\ext-ms-win-advapi32-psm-app-l1-1-0.dll
MD5: d5788d7c0cd66f0af3261571b614495a C:\windows\system32\ext-ms-win-advapi32-registry-l1-1-0.dll
MD5: 7e129eed072def9a7ba434d1185eb526 C:\windows\system32\ext-ms-win-advapi32-safer-l1-1-0.dll
MD5: 44ef7e4b4a8652ea7979c8bfc179aee2 C:\windows\system32\ext-ms-win-advapi32-shutdown-l1-1-0.dll
MD5: 3f5145ee19a3ddb30e2085cea9d272fb C:\windows\system32\ext-ms-win-authz-claimpolicies-l1-1-0.dll
MD5: c5f4c24e027bed1da190eeac1d4ca9c5 C:\windows\system32\ext-ms-win-authz-context-l1-1-0.dll
MD5: 470a4b18a04336dec86220dfb2d6b248 C:\windows\system32\ext-ms-win-authz-remote-l1-1-0.dll
MD5: 39e968d4915f70197549362ca022e0c1 C:\windows\system32\ext-ms-win-biometrics-winbio-l1-1-0.dll
MD5: 2b367811d10cf26257dd2e50e1fc3f93 C:\windows\system32\ext-ms-win-bluetooth-deviceassociation-l1-1-0.dll
MD5: 21ca66d8ac7b62c634e81effcf65b9ba C:\windows\system32\ext-ms-win-branding-winbrand-l1-1-0.dll
MD5: 16b9d22edab6ab475f1aabae0cbbb470 C:\windows\system32\ext-ms-win-cluster-clusapi-l1-1-0.dll
MD5: 3b88caed5054aeb090f94d820b97c196 C:\windows\system32\ext-ms-win-cluster-resutils-l1-1-0.dll
MD5: 5f4820e9a5fe4fb64d49757ae692cf7e C:\windows\system32\ext-ms-win-cmd-util-l1-1-0.dll
MD5: 0146b6b9c80a7910fc3c47b26bfb2a6e C:\windows\system32\ext-ms-win-cng-rng-l1-1-0.dll
MD5: 67e59cf0b3b5e762d0519599711fdb6d C:\windows\system32\ext-ms-win-com-clbcatq-l1-1-0.dll
MD5: 4c69bd8a49bc2cbeced3eb3d2e1a18c6 C:\windows\system32\ext-ms-win-com-ole32-l1-1-0.dll
MD5: 92948e554b8067ba78f2a3f9a25a7e69 C:\windows\system32\ext-ms-win-com-psmregister-l1-1-0.dll
MD5: 4fafef2f086b41c80b3ff82c01c091a2 C:\windows\system32\ext-ms-win-domainjoin-netjoin-l1-1-0.dll
MD5: d87f7ade6292d8737c567b25d0fd45ca C:\windows\system32\ext-ms-win-firewallapi-webproxy-l1-1-0.dll
MD5: 85db25de1b900daa8788f85dc9b7cf70 C:\windows\system32\ext-ms-win-fs-clfs-l1-1-0.dll
MD5: 469c403a6e552dcefb6429da0a0fbfde C:\windows\system32\ext-ms-win-fsutilext-ifsutil-l1-1-0.dll
MD5: 811821761a25646f9ee1ef53a22bbf22 C:\windows\system32\ext-ms-win-fsutilext-ulib-l1-1-0.dll
MD5: 417cecc01ee2ec6ca08824414cefd890 C:\windows\system32\ext-ms-win-gdi-dc-create-l1-1-0.dll
MD5: 5066797a7fc54957ea24fc7ea552a75c C:\windows\system32\ext-ms-win-gdi-dc-l1-1-0.dll
MD5: a146f923c616d07fcf7d649c2fdbeb51 C:\windows\system32\ext-ms-win-gdi-devcaps-l1-1-0.dll
MD5: f199a61b37839b1f132d90d53f35af33 C:\windows\system32\ext-ms-win-gdi-draw-l1-1-0.dll
MD5: e3b7efdbbdf64589f5f2c1fda41c4ff1 C:\windows\system32\ext-ms-win-gdi-font-l1-1-0.dll
MD5: 1a5187ce2d216b2b4e6221d570aa7dc7 C:\windows\system32\ext-ms-win-gdi-metafile-l1-1-0.dll
MD5: c8e9e01259ec5697e48aecb88d14b960 C:\windows\system32\ext-ms-win-gdi-path-l1-1-0.dll
MD5: b3fdb575e125964f367cf165096b724a C:\windows\system32\ext-ms-win-gdi-render-l1-1-0.dll
MD5: 535f73031b5deceab73280f99dee78cb C:\windows\system32\ext-ms-win-gdi-rgn-l1-1-0.dll
MD5: 3bd4cbe3ef869f030f663c8106a43984 C:\windows\system32\ext-ms-win-gdi-wcs-l1-1-0.dll
MD5: 649593a05ab1789e992f37e3a9e7195c C:\windows\system32\ext-ms-win-gpapi-grouppolicy-l1-1-0.dll
MD5: 097a554624189eaf8cca4e030e89482e C:\windows\system32\ext-ms-win-gui-uxinit-l1-1-0.dll
MD5: 3df7f53c537f38fbee94ceb0e49dcf8f C:\windows\system32\ext-ms-win-kernel32-appcompat-l1-1-0.dll
MD5: 8742afb03f271441cc2373117d54920c C:\windows\system32\ext-ms-win-kernel32-datetime-l1-1-0.dll
MD5: 035cc3fade86ea871aa0f30386f4696c C:\windows\system32\ext-ms-win-kernel32-errorhandling-l1-1-0.dll
MD5: 5a533a8eaacce750d970ceefcfa6bb66 C:\windows\system32\ext-ms-win-kernel32-file-l1-1-0.dll
MD5: 74ed241dd3e56f743cd68ab87fc5ed7a C:\windows\system32\ext-ms-win-kernel32-package-current-l1-1-0.dll
MD5: eecf9679e9c1aff97404c166bd096e03 C:\windows\system32\ext-ms-win-kernel32-package-l1-1-0.dll
MD5: 677f70848ac35d613d13ac14f8c0944f C:\windows\system32\ext-ms-win-kernel32-registry-l1-1-0.dll
MD5: aff61a15ada023aef5da29265255b45a C:\windows\system32\ext-ms-win-kernel32-sidebyside-l1-1-0.dll
MD5: efb2d434378fff6c5d759183824e37cd C:\windows\system32\ext-ms-win-kernel32-transacted-l1-1-0.dll
MD5: 5c71859966c8d1ca9639592a60971869 C:\windows\system32\ext-ms-win-kernel32-windowserrorreporting-l1-1-0.dll
MD5: 0fa07f7c99a7fd90dc555f7835b60dbb C:\windows\system32\ext-ms-win-kernelbase-processthread-l1-1-0.dll
MD5: a739fafca39d4d0bcc0289f47205d78a C:\windows\system32\ext-ms-win-mf-winmm-l1-1-0.dll
MD5: 718d47a9044c944e0c759a48fdd0a02f C:\windows\system32\ext-ms-win-mm-msacm-l1-1-0.dll
MD5: a02f787e4645b782a98ea6a276d586c7 C:\windows\system32\ext-ms-win-mm-pehelper-l1-1-0.dll
MD5: ed4f58ac49ecaa9cef53f51a32713d07 C:\windows\system32\ext-ms-win-mm-wmdrmsdk-l1-1-0.dll
MD5: 6765d3e247c2a27bfef0c39f00e522d6 C:\windows\system32\ext-ms-win-mpr-multipleproviderrouter-l1-1-0.dll
MD5: 1fb42f1e82467d42bbd9b897b2709a31 C:\windows\system32\ext-ms-win-MrmCoreR-ResManager-l1-1-0.dll
MD5: 9fc47dbb95f188bc227f39f7d3e51519 C:\windows\system32\ext-ms-win-msiltcfg-msi-l1-1-0.dll
MD5: dfec48d8c810e279033cd40cfb6e4c86 C:\windows\system32\ext-ms-win-networking-winipsec-l1-1-0.dll
MD5: 90547d1fabd37e19c67960418470b034 C:\windows\system32\ext-ms-win-newdev-config-l1-1-0.dll
MD5: ed7d430450897d941cc815a537d39c2c C:\windows\system32\ext-ms-win-ntdsa-activedirectoryserver-l1-1-0.dll
MD5: 938006ac3f78dde0f0a5b145fe8acf15 C:\windows\system32\ext-ms-win-ntdsapi-activedirectoryclient-l1-1-0.dll
MD5: 066aa3821700daea0592c755ea782d45 C:\windows\system32\ext-ms-win-ntos-ksecurity-l1-1-0.dll
MD5: 680ac0af91649c48421b25420827ddc9 C:\windows\system32\ext-ms-win-ntos-ksigningpolicy-l1-1-0.dll
MD5: 9116e4d04079aaa15094742a121341b2 C:\windows\system32\ext-ms-win-ntos-tm-l1-1-0.dll
MD5: 19894e67d527c4080727c7b76262c63a C:\windows\system32\ext-ms-win-ntuser-caret-l1-1-0.dll
MD5: 3a21aa6d2604868a73e3e2c4605eb532 C:\windows\system32\ext-ms-win-ntuser-dc-access-ext-l1-1-0.dll
MD5: 5998e5d54859efe1454f221faa1d24ac C:\windows\system32\ext-ms-win-ntuser-dialogbox-l1-1-0.dll
MD5: 6481e983e4c1dc86745c03710492a7b1 C:\windows\system32\ext-ms-win-ntuser-draw-l1-1-0.dll
MD5: 1bd9c198ce9306b57396cda59a3f210f C:\windows\system32\ext-ms-win-ntuser-gui-l1-1-0.dll
MD5: 6e820f5295c6ea80a9c46998fff0083b C:\windows\system32\ext-ms-win-ntuser-keyboard-l1-1-0.dll
MD5: f9fdf49d002d1fe7456b5b5fbc9a6847 C:\windows\system32\ext-ms-win-ntuser-menu-l1-1-0.dll
MD5: 276a012789fd0b678ed15a890822ada1 C:\windows\system32\ext-ms-win-ntuser-message-l1-1-0.dll
MD5: efb3dad280b3c423e8fc12c8c42bd2ca C:\windows\system32\ext-ms-win-ntuser-misc-l1-1-0.dll
MD5: ffda469e7eda9809ab62e97779c9b4b9 C:\windows\system32\ext-ms-win-ntuser-mouse-l1-1-0.dll
MD5: 94d47577b91789c41abc7ee0cb17b907 C:\windows\system32\ext-ms-win-ntuser-powermanagement-l1-1-0.dll
MD5: 6cc8d7bdce883054eefdcbced54fad36 C:\windows\system32\ext-ms-win-ntuser-private-l1-1-0.dll
MD5: e129af5b77a3e8e2cac582eabc02b7e6 C:\windows\system32\ext-ms-win-ntuser-rectangle-ext-l1-1-0.dll
MD5: 64b718efa694145c10db423e2c9a1afb C:\windows\system32\ext-ms-win-ntuser-string-l1-1-0.dll
MD5: dab88f1406108163ebb05561e6c50285 C:\windows\system32\ext-ms-win-ntuser-synch-l1-1-0.dll
MD5: 28c224ebd61efb90c3c9e7b1203f73e3 C:\windows\system32\ext-ms-win-ntuser-sysparams-ext-l1-1-0.dll
MD5: 37803d00b3c67ea6ef7c98569ed78cb6 C:\windows\system32\ext-ms-win-ntuser-window-l1-1-0.dll
MD5: fd832b09cf1cbcd14750ea7369d201ec C:\windows\system32\ext-ms-win-ntuser-windowclass-l1-1-0.dll
MD5: 054a98aef2425acdc98bcbc8e37e1888 C:\windows\system32\ext-ms-win-ntuser-windowstation-l1-1-0.dll
MD5: 4fd65d5b334ac4c5028d99bb9a056509 C:\windows\system32\ext-ms-win-ole32-bindctx-l1-1-0.dll
MD5: 86bd02a55deb3fff58d56f0b60cadde3 C:\windows\system32\ext-ms-win-ole32-clipboard-ie-l1-1-0.dll
MD5: 353cc9057396a5046a7f78ef22a1bb47 C:\windows\system32\ext-ms-win-ole32-ie-ext-l1-1-0.dll
MD5: 97440b094431d6ed49990e505cdac4e1 C:\windows\system32\ext-ms-win-ole32-oleautomation-l1-1-0.dll
MD5: f0194fade44d946fc2a33f3b559fb7d8 C:\windows\system32\ext-ms-win-printer-winspool-l1-1-0.dll
MD5: 3067788ae44f662c6a6a101dd6dcf18d C:\windows\system32\ext-ms-win-profile-profsvc-l1-1-0.dll
MD5: f25017eb65da4aba6d40ec7243f0f9a8 C:\windows\system32\ext-ms-win-profile-userenv-l1-1-0.dll
MD5: 93a782a357aa8312cfa168c416b73d88 C:\windows\system32\ext-ms-win-ras-rasapi32-l1-1-0.dll
MD5: 44d4da91c7b02759d38343d13176b0ca C:\windows\system32\ext-ms-win-ras-rasdlg-l1-1-0.dll
MD5: 67bcab8bc2c40c3fba9b63bd3bb5b96e C:\windows\system32\ext-ms-win-ras-rasman-l1-1-0.dll
MD5: 9c5a6e7ce6b22e7cf1ba32e06519317f C:\windows\system32\ext-ms-win-ras-tapi32-l1-1-0.dll
MD5: f12b210d7122bdca840cb743d1d4106a C:\windows\system32\ext-ms-win-rometadata-dispenser-l1-1-0.dll
MD5: b77ac3bd325ebaefc700462428946787 C:\windows\system32\ext-ms-win-samsrv-accountstore-l1-1-0.dll
MD5: 2e7e9329e3693c605dc6f65c9401f416 C:\windows\system32\ext-ms-win-scesrv-server-l1-1-0.dll
MD5: baf7833476130e4b484495885fe31586 C:\windows\system32\ext-ms-win-secur32-translatename-l1-1-0.dll
MD5: d6fe799ef478d7e196d95ddcf034f4dd C:\windows\system32\ext-ms-win-security-credui-l1-1-0.dll
MD5: 56df7d1135d07eae73cc78be86a59fee C:\windows\system32\ext-ms-win-security-cryptui-l1-1-0.dll
MD5: ca03b580417f26711eef95d76dcf9fcf C:\windows\system32\ext-ms-win-security-kerberos-l1-1-0.dll
MD5: 79180650d7392081c8040e8c88d10dbc C:\windows\system32\ext-ms-win-security-vaultcli-l1-1-0.dll
MD5: e8d1be240be05dd1f54017805751eb2a C:\windows\system32\ext-ms-win-session-userinit-l1-1-0.dll
MD5: b2ca2bf8a73e7ab74b7153baa6d2ad7a C:\windows\system32\ext-ms-win-session-wininit-l1-1-0.dll
MD5: ad2c5dd5f3c9acec8f11a5a2e3e43946 C:\windows\system32\ext-ms-win-session-winsta-l1-1-0.dll
MD5: 868eec68a72b0121763f81b8a17a54b5 C:\windows\system32\ext-ms-win-session-wtsapi32-l1-1-0.dll
MD5: 25792e2e537e65560fddff3bc0a9ae50 C:\windows\system32\ext-ms-win-setupApi-cfgmgr32local-l1-1-0.dll
MD5: f62d22a206b96afceeb9db4623d75876 C:\windows\system32\ext-ms-win-setupApi-cfgmgr32remote-l1-1-0.dll
MD5: 7d2bfad77a42c83d9b9bad222309ae13 C:\windows\system32\ext-ms-win-setupapi-classinstallers-l1-1-0.dll
MD5: f5568a65e66351fc8ebeb404ba02a211 C:\windows\system32\ext-ms-win-setupapi-inf-l1-1-0.dll
MD5: 89a99fc2d56cdab1056e9c659d040ab3 C:\windows\system32\ext-ms-win-setupApi-logging-l1-1-0.dll
MD5: 869dfa86795a0ce0ee39a6b3f45266e8 C:\windows\system32\ext-ms-win-shell-propsys-l1-1-0.dll
MD5: ad1a986fba2a5b531a28bed5e54ce3f8 C:\windows\system32\ext-ms-win-shell-shell32-l1-1-0.dll
MD5: 4f7665c08ab245373572e224b56e0b6e C:\windows\system32\ext-ms-win-shell-shlwapi-l1-1-0.dll
MD5: 8f18d51fa8de337c2e266212ab01c3a9 C:\windows\system32\ext-ms-win-shell32-shellcom-l1-1-0.dll
MD5: 5aeeb19fcdb4bdb6011108991f119d34 C:\windows\system32\ext-ms-win-shell32-shellfolders-l1-1-0.dll
MD5: ceae4f1926c2bc3e0ae8e6fec6e80c9a C:\windows\system32\ext-ms-win-smbshare-sscore-l1-1-0.dll
MD5: 913567c9b4cb646fbb945080e358bd99 C:\windows\system32\ext-ms-win-spinf-inf-l1-1-0.dll
MD5: cd737f11336e694ee3ce32b84f99ec67 C:\windows\system32\ext-ms-win-sxs-oleautomation-l1-1-0.dll
MD5: 430efdf15acece08853c3fd0bc6c2ff1 C:\windows\system32\ext-ms-win-umpoext-umpo-l1-1-0.dll
MD5: cc89e19575ad864cbbf71c26d2498bce C:\windows\system32\ext-ms-win-webio-pal-l1-1-0.dll
MD5: 72d552404997d2f6c0f68e565a74208f C:\windows\system32\ext-ms-win-wer-reporting-l1-1-0.dll
MD5: 545b388e941d4812253c64e360a810dc C:\windows\system32\ext-ms-win-wevtapi-eventlog-l1-1-0.dll
MD5: a1fd4602fb42eea6984773fffa7851c2 C:\windows\system32\ext-ms-win-winhttp-pal-l1-1-0.dll
MD5: 89ee5fa569f82af4d6eb20373b9cc063 C:\windows\system32\ext-ms-win-wininet-pal-l1-1-0.dll
MD5: afd4a2cda6e18ea8b8edb52c54a0e0c3 C:\windows\system32\ext-ms-win-wlan-grouppolicy-l1-1-0.dll
MD5: c271ddad66d60379ad05d7bbd1b4189e C:\windows\system32\ext-ms-win-wlan-onexui-l1-1-0.dll
MD5: 74edee0a0f071e85a4b45d2dbd6b8977 C:\windows\system32\ext-ms-win-wlan-scard-l1-1-0.dll
MD5: aa185f4ac706cc7565725a9e0870bd03 C:\windows\system32\ext-ms-win-wsclient-devlicense-l1-1-0.dll
MD5: 5a152e09603901c65396acefb4704c37 C:\windows\system32\ext-ms-win-wwan-wwapi-l1-1-0.dll
MD5: 1c51cd68db8c774e4c69cd628cfc4c80 C:\windows\System32\fwpuclnt.dll
MD5: 23787853da559818ac593d470e27441e C:\windows\SYSTEM32\GDI32.dll
MD5: c0a9999e5b4c1953c6b07cd9105b41fd C:\windows\system32\hidserv.dll
MD5: aed28606a69169df3d1142680ae8865a C:\windows\SYSTEM32\iertutil.dll
MD5: 51e886381803d55926a6d50643b9436c C:\windows\system32\IMM32.DLL
MD5: 97a0f186497704c933281e231f69be1b C:\windows\system32\inetsrv\apphostsvc.dll
MD5: 68f38e919889f6eb637b0e5242eaccb9 C:\windows\system32\inetsrv\iisw3adm.dll
MD5: bd483c1ae32d5b21a22cabe74a9d4798 C:\windows\SYSTEM32\IPHLPAPI.DLL
MD5: 1c5f50f98291b7545391bb57c406e615 C:\windows\SYSTEM32\KERNEL32.DLL
MD5: 5a3bf11d81c7f7ee8ede9a2430b70878 C:\windows\SYSTEM32\KERNELBASE.dll
MD5: f0cc15868f4f181858c56f2ea42e6535 C:\windows\system32\keyiso.dll
MD5: 3126a761946adc65c6ba511971ef033d C:\windows\System32\MMDevApi.dll
MD5: 785838b984563d12d4612256d2c78b48 C:\windows\SYSTEM32\MPR.dll
MD5: 9f38a0a16958c33552c92eae5afc9e5f C:\windows\System32\mprdim.dll
MD5: afaacbe85092fbd8ee7f54ca7ff3f0f1 C:\windows\SYSTEM32\MSASN1.dll
MD5: f95e431a10b9d970b63601195863f6ec C:\windows\SYSTEM32\mscms.dll
MD5: b333ac31035042fa1869b79a8be41469 C:\windows\SYSTEM32\MSCTF.dll
MD5: 031f55a771669b7279fb427a89724e7c C:\windows\SYSTEM32\msdmo.dll
MD5: 07eab0a1dcf20b91a30eb6822d63483c C:\windows\system32\msiexec.exe
MD5: 6fa9d09428e56c11e01066caf2fb5031 C:\windows\SYSTEM32\MSIMG32.dll
MD5: b59e9810f8a416b9e5354834f26969d4 C:\windows\SYSTEM32\msvcrt.dll
MD5: c317e72447b437f99cc750bd876df30e C:\windows\system32\mswsock.dll
MD5: e896c75ee5cb36a252b1c908e2ddab2c C:\windows\system32\napinsp.dll
MD5: 5c96f30d1144ab5d8f03dff045b8c791 C:\windows\SYSTEM32\NETAPI32.dll
MD5: eef9da64d7b1dd51fb8ab9efcc560e3e C:\windows\system32\netlogon.dll
MD5: 7ffc244dfe77909a13f52cf54b1fe475 C:\windows\SYSTEM32\netutils.dll
MD5: da74db6e019d7b27c7ea25155ee6de34 C:\windows\system32\NLAapi.dll
MD5: 1afb56f8a39455acbab16a29a45c30ac C:\windows\SYSTEM32\NSI.dll
MD5: 0f38e5bab0e4cebb57987967f5505cd7 C:\windows\SYSTEM32\ntdll.dll
MD5: 5192f9a06bc32684adf938ee16e118d9 C:\windows\SYSTEM32\ntmarta.dll
MD5: 6ada7f192919dd51930a73f364129433 C:\windows\SYSTEM32\ole32.dll
MD5: 2c1467a6ff34e6e13920d9e546d47e50 C:\windows\SYSTEM32\OLEAUT32.dll
MD5: f8de2e949b135ba7e45ae18dc82bf262 C:\windows\SYSTEM32\pcacli.dll
MD5: ccf3e6c601d71a4cbb4c08b5591e5d26 C:\windows\system32\pla.dll
MD5: e31d5851e5f789d29db955c75c3760ba C:\windows\system32\pnrpnsp.dll
MD5: 6c20bd6e46d606cb40a13c22d52b90c7 C:\windows\SYSTEM32\powrprof.dll
MD5: 7d2306701584ae7b77b8622314b55f78 C:\windows\SYSTEM32\profapi.dll
MD5: bfdd523ab06ab9932b6327e52c6e9ae6 C:\windows\SYSTEM32\PROPSYS.dll
MD5: efc6eea348478fbafcf2b2d03de0b127 C:\windows\system32\provsvc.dll
MD5: 3588d5d12ff7bfebf2a4955c36b38eb0 C:\windows\SYSTEM32\PSAPI.DLL
MD5: 9d8d860a9cf57a47e0041c9bda415130 C:\windows\system32\qwave.dll
MD5: 7cd424f005ed71204dcb14cf11f1eb0c C:\Windows\System32\rasadhlp.dll
MD5: e64021308a378207b317a97950b47413 C:\windows\SYSTEM32\RPCRT4.dll
MD5: 46211947c1f1953b74c33fc80ecd3c6a C:\windows\system32\rsaenh.dll
MD5: c3cd50f19851fb3db7a9418b32e1fec1 C:\windows\SYSTEM32\SAMCLI.DLL
MD5: 6c47a1c5138c8c068075902113523f39 C:\windows\system32\SearchIndexer.exe
MD5: 496e036f16467d7b7d12e0794e9fb85d C:\windows\SYSTEM32\sechost.dll
MD5: ddf8c39c085d2e98bd030b3e8a1f40b8 C:\windows\SYSTEM32\Secur32.dll
MD5: e19b1b639b5017bf6224744565b08e38 C:\windows\system32\sessenv.dll
MD5: 1e0dfbb85ea37ab2ba780ea9ab522026 C:\windows\SYSTEM32\SETUPAPI.dll
MD5: 0313a5dfa5966e31220c26a6167fd479 C:\windows\System32\sfc_os.dll
MD5: 85f7afd9c7dfd6824bafdc5e5d7d4e86 C:\windows\SYSTEM32\SHCORE.dll
MD5: ede68b7304297e03b50918b4af650e86 C:\windows\SYSTEM32\SHELL32.dll
MD5: b8ecf8a56eef75468f9abfece70af555 C:\windows\SYSTEM32\SHLWAPI.dll
MD5: c416b8e2ef38d100da19c4da8a3e8a17 C:\windows\System32\shsvcs.dll
MD5: c2d3b3d0060619d5e03e696bd56ff59f C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
MD5: d8533af2aae712047a3ccac9ac98edc4 C:\windows\SYSTEM32\srvcli.dll
MD5: 39b721a0fb5f3e9880ee247f04012d8c C:\windows\SYSTEM32\SspiCli.dll
MD5: a46dc432f81473f526e3994aa483e366 C:\windows\System32\svchost.exe
MD5: 4a10477302bb35a17ed818cd8720478a C:\windows\System32\tapisrv.dll
MD5: 4359a695fb0cf5c0c78a7fd2dacabc00 C:\windows\System32\upnphost.dll
MD5: d9dfd27bcce44bee511b744e3e7adf45 C:\Windows\SYSTEM32\urlmon.dll
MD5: ba1c3acd929a71e88b49c2b6e38f92b3 C:\windows\SYSTEM32\USER32.dll
MD5: 58ee457d0d49a95a1e981f6f67fb560f C:\windows\SYSTEM32\USERENV.dll
MD5: 9f6289d194a04a09671feed4b6cb6ef7 C:\windows\system32\userinit.exe
MD5: bc9503a901a545fad807909f8c86b286 C:\windows\SYSTEM32\USP10.dll
MD5: 2cd665ef1353721341b789b78e25b3ac C:\windows\system32\uxtheme.dll
MD5: 682c3d4982b5375732a4273809365a0a C:\windows\SYSTEM32\VERSION.dll
MD5: 992bd101f370b0d93a1131227ba342f6 C:\windows\system32\wbem\fastprox.dll
MD5: 2bd1447ecf8a9697afcf4d7c71d45aa7 C:\windows\system32\wbem\wbemprox.dll
MD5: 7139c54e7282804745f9991f588fe506 C:\windows\system32\wbem\wbemsvc.dll
MD5: fa0672b09ed377939bb9f3d39895b404 C:\windows\SYSTEM32\wbemcomn.dll
MD5: 1b0a5043cc13f7deb9873cc464fb11c7 C:\windows\System32\WcsPlugInService.dll
MD5: 2fc34e39dd120ab985df1f63b10a4b4d C:\windows\system32\wdi.dll
MD5: fd800739494ee57dc7849bd64bda1eec C:\windows\System32\webclnt.dll
MD5: 7a4797475abad6ecf1bcb08637922eca C:\windows\SYSTEM32\winhttp.dll
MD5: 3aa6fd9b534f17cbd5d311ddc077973c C:\windows\SYSTEM32\WININET.dll
MD5: 8e902ee869004d40f350c02c4e63b0ca C:\Windows\SYSTEM32\WINMM.dll
MD5: 5c539c92a7704c80edb45bfd8d7f600f C:\Windows\SYSTEM32\WINMMBASE.dll
MD5: 77adcd16cceb8a9ad1fd81fc464b1a6b C:\windows\SYSTEM32\WINNSI.DLL
MD5: bab337d3f4c2ecdf883b9caec41f49fb C:\windows\System32\winrnr.dll
MD5: 83c4e13852335e1eac12aa62a2f01e52 C:\windows\SYSTEM32\WINSTA.dll
MD5: f7a43b51e2c1d7c332fb17d0a804af60 C:\windows\SYSTEM32\WINTRUST.dll
MD5: 182dd861ad25cd72ae6f3b54ae7aa8ad C:\windows\SYSTEM32\wkscli.dll
MD5: 1496430c99c30396065a0a7050d9c7b6 C:\windows\SYSTEM32\WLDAP32.dll
MD5: 9333bdf45bcd2cca6e73f6848dadd3e7 C:\windows\system32\wmp.dll
MD5: e4301756eadb8c9d9b5987ee23d67a28 C:\windows\system32\wmploc.dll
MD5: 32b4145d0513e913c13a73c3e640c931 C:\windows\System32\wpcsvc.dll
MD5: b3cc9edfd97f7087013a9a47089df571 C:\windows\SYSTEM32\WS2_32.dll
MD5: ee08ca40473062f2962f1ed25c85306c C:\windows\system32\WsmSvc.dll
MD5: a2b03204078bbb32cdd3af779717fcc4 C:\windows\SYSTEM32\WSOCK32.dll
MD5: 715a1f4d2a064da1ddcac2533faf780f C:\windows\SYSTEM32\WTSAPI32.dll
MD5: aab1aac2a837f11c23187ffe0f5d314e c:\windows\syswow64\ieframe.dll
MD5: ea856f4a46320389d1899b2caa7bf40f C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
MD5: 47299371607dc2fb234444eeacb1639e C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MD5: 7d35cb60201ced2f01ae06f1816231e2 C:\windows\SysWOW64\npDeployJava1.dll
MD5: eb88fa19f0ea05dd04be9c5ffeeffe1a C:\windows\SysWow64\perfhost.exe
MD5: 9aa77cad9adf035109b9e65eb3f8d61a C:\windows\SysWOW64\storsvc.dll
MD5: b6a5f92a417ed4bde54be170af0a9e31 C:\windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6910_none_d089c358442de345\MSVCR80.dll
MD5: 4e743fa4d61a2ef8ca1642f49dc4784d C:\windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16384_none_893961408605e985\comctl32.dll
MD5: 4b38e4c990ef80d03bef9586f273c149 C:\windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.9200.16518_none_ba1cf6b7e09f1918\gdiplus.dll

No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 1.95 KB recvd
Scanned 519 files and modules - 125 seconds

==============================================================================

#36
Buddierdl

Posted 06 January 2014 - 02:25 PM

Trusted Helper

Malware Removal
2,524 posts

Bitdefender looks clean. I have a feeling ESET may have been detecting files in our quarantine. Have you installed Norton yet? If so, could you run a scan with that. It would be good to double-check.

#37
lawnguybri

Posted 09 January 2014 - 08:47 AM

Member

Topic Starter
Member
102 posts

Installed and ran a complete scan with Norton. It's been running for about 48 hours now.....ther are almost 4 million files on this computer (eeesh) but the scan seems to be going slow. Or was. Now it's stalled

It has picked up some stuff... 71 security risks detected, including 1 virus. I can't get any more detail, since the scan has stalled and I can't seem to do much.

#38
Buddierdl

Posted 09 January 2014 - 11:49 AM

Trusted Helper

Malware Removal
2,524 posts

The stalling scan is making a little red flag go up in my mind. I would like to run a few more checks:

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

#39
lawnguybri

Posted 09 January 2014 - 08:37 PM

Member

Topic Starter
Member
102 posts

Ok. I lied lol. Norton finally finished, after 48 hours of running. picked up a lot of Trojans

Heres the norton report:

Scan Information:
Virus Defs Version: 2014.01.06.008
Virus Defs Seq ID: 150292

Scan Statistics:
Scan Start:
Local: 1/6/2014 11:42 PM
UTC: 1/7/2014 4:42 AM
Scan Time: 231,969 seconds
Scan Targets: Entire computer
Counts:
Total items scanned: 3,647,564
- Files & Directories: 3,641,793
- Registry Entries: 403
- Processes & Start-up Items: 1,402
- Network & Browser Items: 3,958
- Other: 4
- Trusted Files: 4,400
- Skipped Files: 34,433

Total security risks detected: 79
Total items resolved: 79
Total items that require attention: 0

Resolved Threats:
70 Tracking Cookies
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Tracking Cookies
Status: Fully Resolved
-----------
70 Tracking Cookies
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/js/clickheat/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/embed_iframe/1421/video/626355/ismh001/insidemyhealth.com/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
Cookie:[email protected]/ - Deleted
- Not detected

Trojan.Zeroaccess.B
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
5 Registry Entries
HKEY_CLASSES_ROOT\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32->ThreadingModel:Apartment - Repaired
HKEY_CLASSES_ROOT\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InprocServer32 - Repaired
HKEY_CLASSES_ROOT\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\->ErrorControl:1 - Repaired
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\->Start:2 - Repaired
2 Files
c:\frst\quarantine\$541eeff7fc8cc6840a1a6882d5b1c996\n - Deleted
c:\frst\quarantine\n - Deleted
1 Browser Cache

Trojan.FakeAV
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
21 Registry Entries
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter->EnabledV8:1 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->AntiVirusDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->FirewallDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\->UpdatesDisableNotify:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon->Userinit:C:\windows\SysWOW64\Userinit.exe - Repaired
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Internet Explorer\Desktop\General->Wallpaper - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center->AntiVirusOverride:0 - Repaired
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\->Shell:Explorer.exe - Repaired
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\->Shell:Explorer.exe - Repaired
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\->Shell:Explorer.exe - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system->EnableLUA:1 - Repaired
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\->DisableTaskMgr:0 - Repaired
HKEY_CLASSES_ROOT\.exe\ - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\->NoActiveDesktopChanges:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\->NoSetActiveDesktop:0 - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\ - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\ - Repaired
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\ - Repaired
HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command\ - Repaired
HKEY_CLASSES_ROOT\exefile\shell\open\command\ - Repaired
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System->DisableRegedit:0 - Repaired
39 Files
c:\frst\quarantine\admyaw\riaxywa.exe - Deleted
c:\frst\quarantine\agtime\yqazxe.exe - Deleted
c:\frst\quarantine\amadhe\geogfye.exe - Deleted
c:\frst\quarantine\aqbudyno\ynray.exe - Deleted
c:\frst\quarantine\aruzfu\defoepy.exe - Deleted
c:\frst\quarantine\baekta\xaecvum.exe - Deleted
c:\frst\quarantine\ceufsu\moonug.exe - Deleted
c:\frst\quarantine\poziic\ahime.exe - Deleted
c:\frst\quarantine\qiquazo\yqmeli.exe - Deleted
c:\frst\quarantine\luamwua\omxya.exe - Deleted
c:\frst\quarantine\luogex\magyqo.exe - Deleted
c:\frst\quarantine\quezare\yrgay.exe - Deleted
c:\frst\quarantine\rikeyfo\yrzuyrh.exe - Deleted
c:\frst\quarantine\luzutii\ysdubax.exe - Deleted
c:\frst\quarantine\myergiac\avsiaq.exe - Deleted
c:\frst\quarantine\nuzomuyp\beapi.exe - Deleted
c:\frst\quarantine\ogosymyf\lohuhy.exe - Deleted
c:\frst\quarantine\piteef\igsiim.exe - Deleted
c:\frst\quarantine\ugzadim\soybhym.exe - Deleted
c:\frst\quarantine\oqenudo\ucretu.exe - Deleted
c:\frst\quarantine\oxydesul\ymmupy.exe - Deleted
c:\frst\quarantine\sueles\ixogmeb.exe - Deleted
c:\frst\quarantine\tuevpy\yrria.exe - Deleted
c:\frst\quarantine\tykidiu\komyip.exe - Deleted
c:\frst\quarantine\piroyzuc\artefu.exe - Deleted
c:\frst\quarantine\ubxyumy\udnia.exe - Deleted
c:\frst\quarantine\ukusfe\hebyb.exe - Deleted
c:\frst\quarantine\udatihyc\agfuith.exe - Deleted
c:\frst\quarantine\ugytah\biynal.exe - Deleted
c:\frst\quarantine\uvifcei\miyksuy.exe - Deleted
c:\frst\quarantine\edocaqa\enzyba.exe - Deleted
c:\frst\quarantine\efufgyv\oluvux.exe - Deleted
c:\frst\quarantine\elseokyd\ycbiytx.exe - Deleted
c:\frst\quarantine\endyexi\yvkyah.exe - Deleted
c:\frst\quarantine\eqqoavf\ciuxgy.exe - Deleted
c:\frst\quarantine\gaekyzf\riiryle.exe - Deleted
c:\frst\quarantine\gitepy\etifce.exe - Deleted
c:\frst\quarantine\hoorula\yzezo.exe - Deleted
c:\frst\quarantine\hufeus\icowmu.exe - Deleted
1 Browser Cache

Trojan.Gen
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
33 Files
c:\frst\quarantine\adubonu\gehaytm.exe - Deleted
c:\frst\quarantine\akakdio\kayzi.exe - Deleted
c:\frst\quarantine\boeqro\begeim.exe - Deleted
c:\frst\quarantine\dabydyh\yzvony.exe - Deleted
c:\frst\quarantine\daiszaco\niocovt.exe - Deleted
c:\frst\quarantine\puetak\cuibo.exe - Deleted
c:\frst\quarantine\laimge\kekaafy.exe - Deleted
c:\frst\quarantine\pyixih\wytyiz.exe - Deleted
c:\frst\quarantine\lowoto\uxlipi.exe - Deleted
c:\frst\quarantine\qiumho\ecava.exe - Deleted
c:\frst\quarantine\lutizya\fowas.exe - Deleted
c:\frst\quarantine\ruhuovp\awoto.exe - Deleted
c:\frst\quarantine\dionba\ysteuc.exe - Deleted
c:\frst\quarantine\irduime\tayfxy.exe - Deleted
c:\frst\quarantine\oluxin\utwiwy.exe - Deleted
c:\frst\quarantine\osepote\apkei.exe - Deleted
c:\frst\quarantine\osvanux\egihp.exe - Deleted
c:\frst\quarantine\otyfetce\faadl.exe - Deleted
c:\frst\quarantine\siumta\meery.exe - Deleted
c:\frst\quarantine\pebylye\iwexr.exe - Deleted
c:\frst\quarantine\umqoyh\exsefic.exe - Deleted
c:\frst\quarantine\uvhyez\oclozop.exe - Deleted
c:\frst\quarantine\eziqoz\yxbuapy.exe - Deleted
c:\frst\quarantine\fotusui\upahzo.exe - Deleted
c:\frst\quarantine\gaxymi\uwryun.exe - Deleted
c:\frst\quarantine\idkeis\ysyczi.exe - Deleted
c:\frst\quarantine\wyugekeh\lybutux.exe - Deleted
c:\frst\quarantine\inalfad\usehdui.exe - Deleted
c:\frst\quarantine\xeehlo\ilrum.exe - Deleted
c:\frst\quarantine\ycnufi\bibak.exe - Deleted
c:\frst\quarantine\kaodzyiq\yhulp.exe - Deleted
c:\frst\quarantine\yfxuowve\qeuzqez.exe - Deleted
c:\frst\quarantine\zufucaa\godyxot.exe - Deleted
1 Browser Cache

Downloader
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
c:\frst\quarantine\babsolution\win3e3a.exe - Deleted
1 Browser Cache

Trojan.Gen.2
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
2 Files
c:\frst\quarantine\desktop.ini - Deleted
c:\frst\quarantine\fotusui\win2a4b.exe - Deleted
1 Browser Cache

Trojan.FakeAV
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
21 Files
c:\frst\quarantine\huikonr\imisf.exe - Deleted
c:\frst\quarantine\huoweply\uwibwyi.exe - Deleted
c:\frst\quarantine\hyqeazy\amunhy.exe - Deleted
c:\frst\quarantine\viidfouc\ziulvou.exe - Deleted
c:\frst\quarantine\idapgaw\miabil.exe - Deleted
c:\frst\quarantine\voymug\lexola.exe - Deleted
c:\frst\quarantine\weoqceu\faihx.exe - Deleted
c:\frst\quarantine\igecidba\aveggag.exe - Deleted
c:\frst\quarantine\ihbyla\xiseo.exe - Deleted
c:\frst\quarantine\xalapo\ecrevy.exe - Deleted
c:\frst\quarantine\itpoyq\anqieqy.exe - Deleted
c:\frst\quarantine\ivsawo\iqucwo.exe - Deleted
c:\frst\quarantine\izleyqu\azciko.exe - Deleted
c:\frst\quarantine\ydxoew\xiibum.exe - Deleted
c:\frst\quarantine\ylavufy\pucuta.exe - Deleted
c:\frst\quarantine\ylufxaap\itatur.exe - Deleted
c:\frst\quarantine\ynehucpu\ytecwy.exe - Deleted
c:\frst\quarantine\ynogivi\ydaptu.exe - Deleted
c:\frst\quarantine\yskuxop\roana.exe - Deleted
c:\frst\quarantine\ysnuud\vuadab.exe - Deleted
c:\frst\quarantine\zuliqyp\kiymudu.exe - Deleted

Trojan Horse
Type: Anomaly
Risk: High (High Stealth, High Removal, High Performance, High Privacy)
Categories: Virus
Status: Fully Resolved
-----------
1 File
c:\frst\quarantine\wow.dll - Deleted
1 Browser Cache

Adware.Crossid
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Adware
Status: Fully Resolved
-----------
331 Registry Entries
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-19\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-20\Software\Supreme Savings - No Action Required
HKEY_USERS\.DEFAULT\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\Software\Supreme Savings - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Supreme Savings - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Deal Spy - No Action Required
HKEY_USERS\S-1-5-19\Software\Deal Spy - No Action Required
HKEY_USERS\S-1-5-20\Software\Deal Spy - No Action Required
HKEY_USERS\.DEFAULT\Software\Deal Spy - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-19\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-20\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\.DEFAULT\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupon Companion Plugin - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-19\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-20\Software\Coupon Companion - No Action Required
HKEY_USERS\.DEFAULT\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\Software\Coupon Companion - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupon Companion - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Lucky Savings - No Action Required
HKEY_USERS\S-1-5-19\Software\Lucky Savings - No Action Required
HKEY_USERS\S-1-5-20\Software\Lucky Savings - No Action Required
HKEY_USERS\.DEFAULT\Software\Lucky Savings - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\Software\Lucky Savings - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\Software\Lucky Savings - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\Software\Lucky Savings - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Lucky Savings - Deleted
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\SuperLyrics-1 - No Action Required
HKEY_USERS\S-1-5-19\Software\SuperLyrics-1 - No Action Required
HKEY_USERS\S-1-5-20\Software\SuperLyrics-1 - No Action Required
HKEY_USERS\.DEFAULT\Software\SuperLyrics-1 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\SuperLyrics-1 - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222622276} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122992262} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011441179} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022442279} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033443379} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011461137} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022442293} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022222258} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022342291} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022042235} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022462239} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022462237} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122272259} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220422162272} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033223358} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033343391} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033043335} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033463339} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033463337} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{33333333-3333-3333-3333-330033503360} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220022502260} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220122692212} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110411161172} - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0016912.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0016912.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0016912.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0016912.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0002258.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0003491.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0000435.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004639.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004479.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.FBApi - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004637.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0019962.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0019962.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0019962.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0019962.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0026276.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0026276.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0026276.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0026276.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0021804.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0021804.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004493.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0004493.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0012759.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0012759.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0012759.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0012759.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0005060.FBApi - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.CookieBHO.1 - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.CookieBHO - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.FBApi.1 - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.FBApi - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CookieAddon.Sandbox - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0041672.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0041672.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0041672.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0041672.Sandbox - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055505560} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445593} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066506660} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055225558} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055345591} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055045535} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055465539} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055465537} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155275559} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550455165572} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066226658} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066346691} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066046635} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066466639} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066466637} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446693} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166276659} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660466166672} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077227758} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077347791} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077047735} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077467739} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077467737} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077507760} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550055445579} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660066446679} - No Action Required
HKEY_CLASSES_ROOT\Interface\{77777777-7777-7777-7777-770077447779} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155695512} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166696612} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550155995562} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660166996662} - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255625576} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266626676} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244624476} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440144994462} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440144694412} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044444479} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044224458} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044344491} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044044435} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044464439} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044504460} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044464437} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440244184404} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440044444493} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440144274459} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444164472} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441179} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011041135} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461137} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461137} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Cr_Installer - Deleted
HKEY_USERS\S-1-5-19\Software\Cr_Installer - No Action Required
HKEY_USERS\S-1-5-20\Software\Cr_Installer - No Action Required
HKEY_USERS\.DEFAULT\Software\Cr_Installer - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Deals Plugin - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Giant Savings - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Lucky Savings - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SuperLyrics-1 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441179} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110111271159} - Deleted
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501160} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110111991162} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401A-B7A6-FAFC5DC2F292} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401A-B7A6-FAFC5DC2F292} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401A-B7A6-FAFC5DC2F292} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A876E312-7D08-401A-B7A6-FAFC5DC2F292} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461137} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\{11111111-1111-1111-1111-110111271159} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{83B56D02-7472-4853-8692-E1131327FAEF} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{9230568A-6406-48D2-9D43-512EDE38FEFA} - No Action Required
HKEY_CLASSES_ROOT\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} - No Action Required
HKEY_CLASSES_ROOT\Interface\{E788D914-2C76-4D67-A8CD-ECC7ED0D0748} - No Action Required
HKEY_CLASSES_ROOT\Interface\{F30C03B4-104E-4FD4-842B-B9E9F52ED415} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{7696A385-EEA0-47A1-A2F3-E2CC1B675237} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\loaalbhdjmjgdckmmeflpmbacffgnmme - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Pricora - No Action Required
HKEY_USERS\S-1-5-19\Software\Pricora - No Action Required
HKEY_USERS\S-1-5-20\Software\Pricora - No Action Required
HKEY_USERS\.DEFAULT\Software\Pricora - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322532229} - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0035329.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0035329.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0035329.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0035329.Sandbox - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355535529} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366536629} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344534429} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311531129} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\software\Pricora - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\software\Pricora - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\software\Pricora - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\software\Pricora - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet
Explorer\ApprovedExtensionsMigration\->{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Pricora - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Pricora - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Plus-HD-2.2 - No Action Required
HKEY_USERS\S-1-5-19\Software\Plus-HD-2.2 - No Action Required
HKEY_USERS\S-1-5-20\Software\Plus-HD-2.2 - No Action Required
HKEY_USERS\.DEFAULT\Software\Plus-HD-2.2 - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\AppDataLow\software\Plus-HD-2.2 - No Action Required
HKEY_USERS\S-1-5-19\Software\AppDataLow\software\Plus-HD-2.2 - No Action Required
HKEY_USERS\S-1-5-20\Software\AppDataLow\software\Plus-HD-2.2 - No Action Required
HKEY_USERS\.DEFAULT\Software\AppDataLow\software\Plus-HD-2.2 - No Action Required
HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322302236} - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0033036.BHO.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0033036.BHO - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0033036.Sandbox.1 - No Action Required
HKEY_CLASSES_ROOT\CrossriderApp0033036.Sandbox - No Action Required
HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355305536} - No Action Required
HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366306636} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344304436} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136} - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2 - No Action Required
HKEY_LOCAL_MACHINE\SOFTWARE\Plus-HD-2.2 - No Action Required
52 Files
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\plus-hd-2.2-codedownloader.job - No Action Required
C:\windows\Tasks\Plus-HD-2.2-codedownloader.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\plus-hd-2.2-enabler.job - No Action Required
C:\windows\Tasks\Plus-HD-2.2-enabler.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\plus-hd-2.2-firefoxinstaller.job - No Action Required
C:\windows\Tasks\Plus-HD-2.2-firefoxinstaller.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\plus-hd-2.2-updater.job - No Action Required
C:\windows\Tasks\Plus-HD-2.2-updater.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\pricora-codedownloader.job - No Action Required
C:\windows\Tasks\Pricora-codedownloader.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\pricora-enabler.job - No Action Required
C:\windows\Tasks\Pricora-enabler.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\pricora-firefoxinstaller.job - No Action Required
C:\windows\Tasks\Pricora-firefoxinstaller.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\pricora-updater.job - No Action Required
C:\windows\Tasks\Pricora-updater.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\vid-saver\vid-saver.ico - No Action Required
C:\Program Files (x86)\Vid-Saver\Vid-Saver.ico - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\vid-saver\vid-saver.ini - No Action Required
C:\Program Files (x86)\Vid-Saver\Vid-Saver.ini - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\vid-saver\vid-saverinstaller.log - No Action Required
C:\Program Files (x86)\Vid-Saver\Vid-SaverInstaller.log - No Action Required
C:\Users\gwengoetter\Local Settings\Application Data\I Want This\Chrome\I Want This.crx - No Action Required
C:\Users\gwengoetter\Local Settings\Application Data\Giant Savings\Chrome\Giant Savings.crx - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\giant savings\giant savings.ico - No Action Required
C:\Program Files (x86)\Giant Savings\Giant Savings.ico - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\giant savings\giant savings.ini - No Action Required
C:\Program Files (x86)\Giant Savings\Giant Savings.ini - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\giant savings\giant savingsinstaller.log - No Action Required
C:\Program Files (x86)\Giant Savings\Giant SavingsInstaller.log - No Action Required
C:\Users\gwengoetter\Local Settings\Application Data\Deals Plugin\Chrome\Deals Plugin.crx - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\deals plugin\deals plugin.ico - No Action Required
C:\Program Files (x86)\Deals Plugin\Deals Plugin.ico - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\deals plugin\deals plugin.ini - No Action Required
C:\Program Files (x86)\Deals Plugin\Deals Plugin.ini - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\deals plugin\deals plugininstaller.log - No Action Required
C:\Program Files (x86)\Deals Plugin\Deals PluginInstaller.log - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\lucky savings\background.html - No Action Required
C:\Program Files (x86)\Lucky Savings\background.html - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\lucky savings\installer.log - No Action Required
C:\Program Files (x86)\Lucky Savings\Installer.log - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\lucky savings\lucky savings.ico - No Action Required
C:\Program Files (x86)\Lucky Savings\Lucky Savings.ico - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\program files (x86)\lucky savings\lucky savings.ini - No Action Required
C:\Program Files (x86)\Lucky Savings\Lucky Savings.ini - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\superlyrics-1-codedownloader.job - No Action Required
C:\windows\Tasks\SuperLyrics-1-codedownloader.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\superlyrics-1-enabler.job - No Action Required
C:\windows\Tasks\SuperLyrics-1-enabler.job - No Action Required
C:\Users\gwengoetter\AppData\Local\virtualstore\windows\tasks\superlyrics-1-updater.job - No Action Required
C:\windows\Tasks\SuperLyrics-1-updater.job - No Action Required
c:\users\gwengoetter\downloads\couponprinter.exe - Deleted
1 Browser Cache

Adware.Singalng
Type: Anomaly
Risk: Low (Low Stealth, Low Removal, Low Performance, Low Privacy)
Categories: Adware
Status: Fully Resolved
-----------
50 Registry Entries
HKEY_CLASSES_ROOT\Interface\{3642F59E-46F9-4BC2-9FD4-E9265C52B937} - No Action Required
HKEY_CLASSES_ROOT\Interface\{5C927B89-5D80-4017-889F-93294895BC5F} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D929B5F2-1CF3-4564-9A03-FC3FDD588064} - No Action Required
HKEY_CLASSES_ROOT\Interface\{6A83313B-E6B5-4F18-B49D-15EBE176A8B1} - No Action Required
HKEY_CLASSES_ROOT\Interface\{D297D3C4-4C12-4200-80F6-9350CC0B74F2} - No Action Required
HKEY_CLASSES_ROOT\Interface\{3F06C7BB-8C97-4AD1-B44C-31210D2AB683} - No Action Required
HKEY_CLASSES_ROOT\Interface\{BB9CCCD2-2592-4802-B42B-6425F81056AF} - No Action Required
HKEY_CLASSES_ROOT\Interface\{A285162C-79D9-40BE-A902-AFEE820513A9} - No Action Required
HKEY_CLASSES_ROOT\Interface\{DD066832-8B56-431D-AC41-126D9CFA654A} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{17F475E0-3D3C-4E09-9CCC-0B8CFFBB7A09} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{BA5B874B-C72A-4529-B2CF-D7485602D541} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{93F03FA6-C8F8-4850-B304-38ECC85ED3AB} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{134B8A85-6292-4010-9FB0-D2D7B3768B9D} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{FF9A462C-77AC-4F44-9A37-30718FAAE678} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{26A5DEF0-DD96-4C51-B4C3-E6173BA9357F} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{93E46181-30CB-44A8-8D26-45F9B3D9EB37} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{5AE3E939-1399-469A-96A4-57D826DE4EB7} - No Action Required
HKEY_CLASSES_ROOT\TypeLib\{31A37440-26C4-4B10-B06C-7E186E02D757} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAEB9E85-4694-4F9B-85CB-2F28987872D7} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59C0C5BD-2579-433A-BBB8-AFFD59642BAF} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3DAEB01-4C15-4AC6-A689-6406FD954EE0} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8E06666-F1AE-4436-80C1-A1A1A865F236} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8E06666-F1AE-4436-80C1-A1A1A865F236} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8E06666-F1AE-4436-80C1-A1A1A865F236} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8E06666-F1AE-4436-80C1-A1A1A865F236} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B399EDE8-1525-458C-8DD9-31EADF632D06} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B399EDE8-1525-458C-8DD9-31EADF632D06} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B399EDE8-1525-458C-8DD9-31EADF632D06} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B399EDE8-1525-458C-8DD9-31EADF632D06} - No Action Required
HKEY_USERS\S-1-5-21-2093230720-1359758338-2908893637-1001\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CAEA74-C7E8-4D37-967F-1D01351BA398} - No Action Required
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CAEA74-C7E8-4D37-967F-1D01351BA398} - No Action Required
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CAEA74-C7E8-4D37-967F-1D01351BA398} - No Action Required
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18CAEA74-C7E8-4D37-967F-1D01351BA398} - No Action Required
1 File
c:\windows\syswow64\config\systemprofile\appdata\local\microsoft\windows\temporary internet files\content.ie5\1060[1].js - Deleted
1 Browser Cache

Unresolved Threats:
No unresolved risks

You still want me to run through the other scans n such?

#40
Buddierdl

Posted 10 January 2014 - 08:34 AM

Trusted Helper

Malware Removal
2,524 posts

Ok, it is all okay. Norton fixed a few registry keys, but basically all of the detected files were already in our quarantine, so nothing to worry about.

I still think it would be good to run the scans I gave you above. Norton showed some adware that JRT should take care of, and aswMBR will make sure we don't have any rootkit activity. The scans shouldn't take long, and then we should be able to clean up and update.

#41
Buddierdl

Posted 28 January 2014 - 08:19 AM

Trusted Helper

Malware Removal
2,524 posts

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.